The CyberWire Daily Briefing for 6.17.2013
India's National Informatics Centre apparently suffers a data breach—government emails may have been compromised.
Iran's Gmail hacks are now attributed to the Iranian government (and observers note that the Islamic Republic's preoccupation with its elections may explain a lull in denial-of-service attacks on US banks). Hassan Rowhani's electoral victory over the weekend avoids a runoff; it remains to be seen how it will affect Iranian cyber operations.
The Guardian, keeping its promise of further PRISM news, reports that the UK and US monitored participants at 2009 international summits held in London. The Chinese press demands explanations of US hacking alleged by Edward Snowden. US companies face international blowback over their alleged cooperation with NSA surveillance programs even as reports surface that benefits of information-sharing may have been decidedly one-sided—finding much information they need remains classified, more companies are said to "slow-walk" data sharing with the Feds. Apart from damage to international sales by US firms, alleged NSA surveillance programs may, the Financial Times fears, fracture the Internet into state-controlled enclaves.
Increases in SSL traffic noticeably degrade firewall performance. New malware is found using the Windows Encrypting File System to hide itself from forensic analysis. Hard-coded password vulnerabilities are discovered in some 300 medical devices.
"Funding shortfalls" slow contractor security investigations in the US. Policy debate continues over the scope and oversight of US electronic surveillance programs. US Defense official Ashton Carter foresees evolution of a "cyber service."
Saudi Arabia tightens control over tools designed to evade Internet surveillance.
Today's issue includes events affecting China, India, Iran, Japan, New Zealand, Saudi Arabia, South Africa, United Kingdom, United States, and and Zimbabwe..
Cyber Attacks, Threats, and Vulnerabilities
Sensitive govt e-mails on NIC's servers face cyber attack (The Economic Times) Cyber security breaches have been detected in the servers of National Informatics Centre (NIC), which is responsible for maintaining government websites
Iranian Gmail accounts targeted by state-sponsored attack (Cyberwarzone) Google revealed that tens of thousands of Gmail accounts belonging to Iranian users have been targeted by state-sponsored attacks
Iranian Elections Bring Lull in Bank Attacks (Krebs on Security) For nearly nine months, hacker groups thought to be based in Iran have been launching large-scale cyberattacks designed to knock U.S. bank Websites offline. But those assaults have subsided over the past few weeks as Iranian hacker groups have begun turning their attention toward domestic targets, launching sophisticated phishing attacks against fellow citizens leading up to today's presidential election there
The Guardian: Britain, United States spied at summits (Washington Post) British and U.S. spy agencies monitored the e-mails and phone calls of foreign dignitaries at two international summits in London in 2009, the Guardian newspaper reported Monday, citing documents it received from former National Security Agency contractor Edward J. Snowden
US spy agency paper says fewer than 300 phone numbers closely scrutinized (Reuters) The U.S. government only searched for detailed information on calls involving fewer than 300 specific phone numbers among the millions of raw phone records collected by the National Security Agency in 2012, according to a
US hacking Chinese civilians for years, says Snowden (FierceCIO: TechWatch) The United States has been hacking Chinese civilians for years, says whistle-blower Edward Snowden, now an ex-contractor for the National Security Agency
China's Media Demand U.S. Explain Hacking Exposed by Snowden (Bloomberg) China should seek more information from former National Security Agency contractor Edward Snowden and demand the U.S. explain itself over the surveillance program he exposed, the nation's government-controlled media said
Microsoft gives zero-day vulnerabilities to US security services - Bloomberg (Computing) Microsoft routinely passes on details of security flaws in its own software to the National Security Agency (NSA) before it has produced and issued patches to users of its software around the world. The news partly confirms widely held suspicions that
Latest Snowden claim puts pressure on enterprise security (FierceCIO: TechWatch) In an exclusive interview with the South China Morning Post published earlier today, ex-NSA contractor and whistle-blower Edward Snowden alleged that the U.S. government has been breaking into computers in Hong Kong and China for years. More importantly, he says that targets included businesses and individuals, provoking charges of hypocrisy by Chinese state media
Ad exec: Online ad industry complicit in NSA PRISM datamining (ZDNet) A high-profile, 20-year digital advertising industry executive says digital ad strategies that collect user data in the name of serving targeted ads to consumers is responsible for public acceptance of surveillance and data-gathering programs — specifically NSA's PRISM
Google, Facebook and others have betrayed their global users (Times of India) By now you must have heard of PRISM, a secret surveillance programme run by the National Security Agency (NSA) in the US. The PRISM story was broken by the Guardian and the Washington Post after they received some classified material from Edward Snowden, a 29-year-old technical assistant who worked with the CIA and had access to NSA data
Businesses slow–walk classified data–sharing efforts with feds (CSO) Both government and business agree that sharing data is critical to fighting cyber threats to the nation's critical information and infrastructure resources. One hang-up the private sector has found when sharing data with the U.S. government is that the information most useful to companies is classified, which means they don't have access to it
National Security Agency: The net rips apart (Financial Times) The internet is at risk of transforming from an open platform to controlled national networks. Asked about his biggest worry for the future of the internet, Google chairman Eric Schmidt had a ready answer: that it might suffer a process of "Balkanisation", a fragmentation brought about by national governments seeking to exert greater influence
What makes Prism shine? National Security Agency's megadata collection from Internet pipeline (AP via Fox News) In the months and early years after 9/11, FBI agents began showing up at Microsoft Corp. more frequently than before, armed with court orders demanding information on customers
Facts About the National Security Agency's Data Collection Program (Data Informed) Since media reports revealed that National Security Agency is collecting millions of Americans' telephone records as well as data from the servers of major technology firms, there have been discussions in the public square about the relationship between the government's efforts to protect national security and citizens' expectations about the privacy of their personal data
CBS News confirms Sharyl Attkisson's computer hacked (CBS News) CBS News announced Friday that correspondent Sharyl Attkisson's computer was hacked by "an unauthorized, external, unknown party on multiple occasions," confirming Attkisson's previous revelation of the hacking
Flashback: Justice Dept - 'To Our Knowledge' We Did Not Hack Attkisson's Computer (Breitbart) According to The Washington Post's Erik Wemple, shortly after news broke in May of the breach of CBS News investigative reporter Sharyl Attkisson's computer, the justice Department released the following statement
Rising SSL traffic to degrade firewall performance (CSO) Drop in performance caused by extra workload required to decrypt data packets to look for malicious code, then re-encrypting before sending
Asia-wide targeted campaign drops backdoor, RAT (Help Net Security) A new and widespread phishing campaign has been discovered targeting businesses and government institutions across Asia, Trend Micro reports. Telecoms, oil and gas companies, media companies
New malware uses Windows EFS to stymie security researchers (FierceCIO: TechWatch) Researchers from security vendor Symantec have discovered a new malware that makes use of the Encrypting File System feature in Windows in order to stymie forensic analysis. As its name suggests, EFS offers transparent file system level encryption to help businesses guard against data leakage to users without the correct system password
Lucile Packard suffers second data breach in six months (FierceHealthIT) Lucile Packard Children's Hospital, a 311-bed facility in Palo Alto, Calif., has suffered its third data breach in four years--and its second in six months--this one potentially effecting 12,900 patients
DDoS Attacks On African National Congress Website (Cyberwarzone) South Africa's ruling African National Congress on Friday said its website had been hacked by Zimbabwe activists claiming ties to the global "hacktivist" group Anonymous
ICS-CERT Alert : Medical Devices Hard-Coded Passwords (Cyberwarzone) Researchers Billy Rios and Terry McCorkle of Cylance have reported a hard-coded password vulnerability affecting roughly 300 medical devices across approximately 40 vendors. According to their report, the vulnerability could be exploited to potentially change critical settings and/or modify device firmware
Zeus Criminals Recruiting Money Mules on CareerBuilder (PC Magazine) Looking for a job? Be careful if you see a pretty attractive job ad while browsing CareerBuilder.com; it may be cyber-criminals trying to recruit you into their illegal enterprise
Security Patches, Mitigations, and Software Updates
Get ready! Oracle to fix 40 holes in Java on Tuesday, 18 June 2013 (Naked Security) There's a Java update coming next Tuesday, 18 June 2013, and you might as well get ready for it now if you haven't already. Oracle has fixed 40 holes, all but three of them remotely exploitable
OpRisk Europe: Cyber attack a growing threat, panel agrees (Risk.net) Op risk head warns algo trading could be "another Libor situation". Cyber attack will be a leading concern for the financial industry over the year ahead, a panel at the OpRisk Europe conference in London yesterday told delegates. Related articles
Americans were anxious about privacy even before NSA spying scandal (Help Net Security) Big Brother is watching and Americans know it. New figures from the quarterly Allstate/National Journal Heartland Monitor Poll show that most Americans exhibit a healthy amount of skepticism
Large orgs in denial about own security breaches? (Help Net Security) Over two thirds (66%) of large organizations said they either had not experienced a security incident in the last 12-18 months or were unsure if they had, a recent Lancope survey has revealed
UK messed up on cloud perceptions (TechEYE) The world+dog thinks that the Cloud is not secure, but this is not borne out by those who actually use it. A UK study of SMEs by comScore has revealed that more than half of non-Cloud users cited concerns about security by as a barrier to adoption
Cyber-policy woes: one-fifth of workers don't alert IT to BYOD use (Infosecurity Magazine) Despite increased focus on the security holes that bring-your-own-device (BYOD) strategies and the consumerization of IT present within the enterprise, research from AppSense has revealed that the threat to corporate IT security hasn't really abated at all – especially with consumers circumventing IT altogether in some cases when it comes to mobile working
Top Secret Defense Contractors No Longer Being Reinvestigated (Government Executive) "Funding shortfalls" are forcing the Defense Department to suspend most periodic reinvestigations of contractors cleared for top-secret status in some national security jobs starting Friday through the remainder of fiscal 2013, according to a recent announcement
Special Operations Command Extends 7 Enterprise IT Contracts (GovConWire) The U.S. Special Operations Command has issued two-year extensions for a set of enterprise information technology enterprise contracts intended to support application management
Sweden effectively bans government use of Google (Infosecurity Magazine) An announcement from the Swedish Information Commissioner enjoins Salem Municipality 'to either remedy the shortcomings of the agreement [to use Google's cloud services] or to stop using the cloud service'
Bug Data Buys Businesses Intel From U.S. Government (InformationWeek) Thousands of businesses are reportedly exchanging information on online threats in return for classified intelligence
Booz Allen Hamilton: 70% of the U.S. Intelligence Budget Goes to Private Contractors (PolicyMic) Following Edward Snowden's leaking of details of government surveillance programs, the issue of the U.S. intelligence community's use of private contractors has again been highlighted. Snowden worked for Booz Allen Hamilton, a consulting firm that
After Profits, Defense Contractor Faces the Pitfalls of Cybersecurity (New York Times) You cannot be competitive in the cyber era if you don't have a higher level of security." Booz Allen is saying little about Mr. Snowden's actions or the questions they have raised about its practices. Mr. McConnell, once among the most accessible
Cybersecurity stings expert it has rewarded (Boston Globe) When the United Arab Emirates wanted to create its own version of the National Security Agency, it turned to Booz Allen Hamilton to replicate the world's largest and most powerful spy agency in the sands of Abu Dhabi. It was a natural choice: The chief architect of Booz Allen's cyberstrategy is J. Michael McConnell, who once led the NSA and pushed the United States into a new era of big data espionage. It was McConnell who won the blessing of the US intelligence agencies to bolster the Persian Gulf sheikdom, which helps track the Iranians
Booz Allen Hamilton: Corporate Intelligence (DC Bureau) While the government investigates why a 29-year-old worker at Booz Allen Hamilton had access to the extremely sensitive information that he leaked to The Washington Post and Britain's The Guardian newspapers, other questions need answers
Malware Issues and Cyber Attacks Fuel Job Growth for Security Experts (Business Administration Information) Malware issues cost businesses in the United States an average of $8.9 million annually, according to a paper published by the Ponemon Institute. Viruses, malware and denial-of-service attacks disrupt business activity and result in costly problems for companies nationwide
FireEye: Eyeing up NZ potential (Techday NZ) FireEye has recruited two well-known industry faces as the company pushes its offerings to target increasing cyber threats. New ANZ regional director
Products, Services, and Solutions
Secure automated archiving from Imation (Help Net Security) Imation launched its next generation object store, the Nexsan Assureon secure automated archive solution. It brings secure automated archiving to mid-sized organizations and enterprises to optimize
Panda Security releases Cloud Antivirus 2.2 update (ITProPortal) Panda Security has released Panda Cloud Antivirus 2.2, with a slew of new features that enhance security
In-house control and encrypted voice calls (Help Net Security) Cellcrypt announced Cellcrypt Private Switch, a private network that allows an organization's administrators complete privacy over user identity and calling activity. This enterprise server software
Automated analysis of essential security controls (Help Net Security) EiQ Networks announced ThreatVue, an out-of-the-box security monitoring solution that automates the implementation, analysis and remediation guidance of essential security controls as recommended by
Kaspersky Adds Zero-Day, Exploit, and Targeted Attack (ZETA) Technology to 2014 Security Suite (SecurityWeek) Sometimes, a targeted attack against a business starts at home. In the corporate world, security comes from layered defenses that sometimes prove to be too much for an attacker. However, when it comes to systems at home, such protections are rare if they exist at all
Dell SecureWorks launches cybersecurity Incident Response Center (Infosecurity Magazine) Looking to help companies prepare for and combat the aftermath of a cybersecurity incident or data breach, Dell SecureWorks has launched an Incident Response Resource Center to bring together research materials, white papers, videos and webcasts, and tools from its Emergency Incident Response and Digital Forensic services, into a common online portal
Multifactor authentication comes to Windows Azure (FierceCIO: TechWatch) Microsoft earlier this week announced a new multifactor authentication for employees, partners and customers of its Windows Azure Active Directory managed apps. Called Active Authentication, it works by requiring users to authenticate with the Active Authentication app on their mobile devices, via an automated phone call or a system generated text message
Red Hat Escalates Private Cloud Fight With VMware (InformationWeek) Red Hat combines its Enterprise Linux with OpenStack to push its own private cloud stack alternative to VMware, Microsoft platforms
Cray Brings Hadoop To High-Performance Computing (InformationWeek) Cray puts Intel's Hadoop software distribution on its CS300 cluster supercomputers
Technologies, Techniques, and Standards
When it Comes to APTs, Don't Confuse Tactics With Strategy (SecurityWeek) Modern cyberattacks and APTs (advanced persistent threats) have quickly become a top priority for both security practitioners and C-level executives, and for good reason. Attackers, whether motivated by national interests, cyberespionage, cybercrime (or organized crime), have all turned to patient, long-term attacks as the default method for compromising an organization and stealing sensitive information. Unfortunately in many circles, the concept of controlling APTs has become synonymous with detecting new or otherwise unknown malware. This is a potentially harmful oversimplification that focuses our security on an attack technique, while potentially ignoring the more resilient attack strategy
Why nobody uses NSA-proof encryption (Washington Post) Computer programmers believe they know how to build cryptographic systems that are impossible for anyone, even the U.S. government, to crack. So why can the NSA read your e-mail? Last week, leaks revealed that the Web sites most people use every day
Thumb Drive Security: Snowden 1, NSA 0 (InformationWeek) Thumb drives helped NSA whistle-blower Edward Snowden transport top-secret data from the agency. If the NSA can't keep a lid on thumb drives, can you? Pity the poor USB thumb drive. The humble storage device is again under fire after reports surfaced that National Security Agency (NSA) whistle-blower Edward Snowden, 29, used a removable USB storage device to exfiltrate top-secret information from the agency, reported the Los Angeles Times
Security must be central to enterprise's M2M deployment, says Frost (FierceMobileIT) Security must be a core component of an enterprise's deployment of machine-to-machine communications, advised Yiru Zhong, Frost & Sullivan senior industry analyst for information and communications technology
Research and Development
Researcher To Open-Source Tools For Finding Odd Authentication Behavior (Dark Reading) Rather than watching for communications between infected systems and command-and-control servers, companies can detect stealthy malware when it attempts to spread. A number of security firms detect malware by monitoring outbound connections and looking for traffic going to known bad areas of the Internet. Other intrusion detection systems look for code designed to exploit known vulnerabilities
DARPA Wants Cloud to Secure Military Operations During Cyber Attacks (ExecutiveGov) He added that the resilient program remedies this by introducing diversity and dynamic trust models that would identify and stop a cyber attack before the entire cloud is affected. Edwards writes the DoD will rely on security systems that are already
Should All High School Students Learn Programming? (InformationWeek) Google, Microsoft, Oracle: computer science should be required in Mass. public schools to help address tech labor shortage. Critics call this a kludgy solution
MOOCs: Interesting Legal Territory Ahead (InformationWeek) Massive open online courses have the potential to change higher education, but people and schools implementing MOOCs face some emerging legal questions
Legislation, Policy, and Regulation
The Absent Commander In Chief (Wall Street Journal) If Mr. Obama wants to maintain public support for the U.S. antiterror architecture he inherited and has robustly used, he is going to have to publicly defend it in the context of American interests and values. Without such a defense, the political vacuum will be filled by speculation and demagoguery as it has been for nearly two weeks
Prism And The NSA: Something Congress Can Agree On (Daily Beast) Finally, our polarized political leaders have found their bipartisan spirit. Lloyd Green on why members of congress from both sides of the aisle like government data mining
Too Much Secrecy Threatens Security (Chicago Tribune) But recent reports reveal that warrantless surveillance not only resumed but grew like a bodybuilder on steroids during the Bush and Obama administrations in two programs
More Dots, Less Terrorism (Wall Street Journal) Collecting data points doesn't kill anyone, but failing to collect and connect them already has
Living With The Surveillance State (New York Times) The N.S.A. data-mining is part of something much larger. On many fronts, we are adjusting to life in a surveillance state, relinquishing bits of privacy in exchange for the promise of other rewards. We have a vague feeling of uneasiness about these transactions, but it rarely translates into serious thinking about where we set the limits
Demystifying Cyberwar (Washington Post) The White House begins to sort out the decision-making process
US Begins To Define Military Cyber Ops (Defense News) Perhaps lost in all the coverage involving the leaking of classified documents by former Booz Allen Hamilton employee Edward Snowden this month was one development that outlines an exceedingly complex undertaking of the Obama administration: trying to define and guide military operations in cyberspace
Information Behemoth To Swallow A Library Per Minute (The Guardian) If anyone is still in doubt about the formidable reach of the US National Security Agency, a quick drive into the Utah hinterland outside Salt Lake City should convince them otherwise
Obama's Chief Of Staff Defends NSA Surveillance (Washington Post) White House Chief of Staff Denis McDonough defended the administration's sweeping surveillance efforts Sunday, saying President Obama does not think the tactics have violated the privacy of any American, and he signaled that the president will be elaborating on the issue soon
Officials: NSA Doesn't Collect Cellphone-Location Records (Wall Street Journal) The National Security Agency sweeps up data on millions of cellphones and Internet communications under secret court orders. But as it mounts a rigorous defense of its surveillance, the agency has disclosed new details that portray its efforts as tightly controlled and limited in scope, while successful in thwarting potential plots
Glasnost on the Potomac under Obama? Not quite (AP via the Boston Globe) t's as if the United States has two governments, one open and one very much not. President Barack Obama leads both, trying not to butt heads with himself. Since becoming president, Obama has churned out an impressive stream of directives flowing from his promise to deliver ''the most transparent administration in history''
US security — too big not to fail (Boston Globe) THE VIEW through a prism can distort shapes and fragment color — perhaps heightening the beholder's interest, but offering anything but an authentic glimpse of reality. The National Security Agency's ironic choice of "PRISM" as the code name for a massive data-collection program, recently exposed in documents leaked by federal contractor Edward Snowden, only begins to suggest the problems with this clandestine intrusion into the lives of citizens
National Security Agency doing its job (South China Morning Post) Your editorial ("US surveillance policy shows it cannot be trusted", June 12) manages to confuse the aggressive and often overreaching promotion of democracy and human rights by US governments with a perfectly legitimate programme of self-defence
The US security state laid bare (South China Morning Post) Philip Cunningham says the exposure of the dark undercurrents of the American security state has fuelled outrage at its double standards, but will it force a needed change of course? Sales of George Orwell's works are said to be enjoying a small boom ever since the National Security Agency spy story broke, suggesting that, in confusing times, people still find solace in aphorisms and essays, fiction and fantasy, seeking to get a better grip on the uncharted and unclear dangers of the present
NSA chief seeks cyber shield for cooperating firms (Press TV) General Keith Alexander, chief of both the National Security Agency and the U.S. Cyber Command, has asked Congress to grant legal immunity to companies that assist the federal agencies in cyber warfare. The NSA director has petitioned Congress to
The Costs and Benefits of the NSA (Weekly Standard) The data-collection debate we need to have is not about civil liberties. Should Americans fear the possible abuse of the intercept power of the National Security Agency at Fort Meade, Maryland? Absolutely. In the midst of the unfolding scandal at the IRS, we understand that bureaucracies are callous creatures, capable of manipulation. In addition to deliberate misuse, closed intelligence agencies can make mistakes in surveilling legitimate targets, causing mountains of trouble. Consider Muslim names. Because of their commonness and the lack of standardized transliteration, they can befuddle scholars, let alone intelligence analysts, who seldom have fluency in Islamic languages. Although one is hard pressed to think of a case since 9/11 in which mistaken identity, or a willful or unintentional leak of intercept intelligence, immiserated an American citizen, these things can happen. NSA civilian employees, soldiers, FBI agents, CIA case officers, prosecutors, and our elected officials are not always angels
The Feds And Wall Street Are Going Simulate A Cyber Attack Called 'Quantum Dawn 2' (Business Insider) At the end of this month, the Treasury, the Federal Reserve, The SEC, The Department of Homeland Security and major Wall Street Banks will simulate a cyber attack in a drill called Quantum Dawn 2
DoD could eventually move to a 'cyber service', says Carter (IHS Jane's) However, each of the DoD's military service branches have their own separate cyber capabilities and these are partially managed through US Cyber Command (CYBERCOM), a subordinate of US Strategic Command. Deputy Secretary of Defense Ashton
Japan aims to monitor Internet-based communications (Help Net Security) After having agreed on a draft of an official cybersecurity strategy earlier this month, Japan's National Information Security Center (NISC) is looking to establish a Cyber Security Center
Calif. Congressman Tony Cardenas introduced critical legislation to improve U.S. cybersecurity, amendments to the National Defense Authorization Act (California Newswire) In Washington, D.C., Thursday evening, U.S. Rep. Tony Cárdenas (D-San Fernando Valley) introduced critical legislation to improve cybersecurity in the United States, which passed the U.S. House unanimously. The three pieces of legislation were amendments to the National Defense Authorization Act (NDAA)
UK political bigwigs demand return of snoopers' charter. Seriously? Today? (Naked Security) A cluster of top political figures in the UK, including several former Home Secretaries, has issued a public letter insisting on the revival of the so-called "snoopers' charter" - legislation to give British police and intelligence services more access to personal data
IDF appoints legal adviser for cyber warfare (Haaretz) It can be assumed that like International Law Department, which gives legal advice to IDF decision makers, the cyber legal adviser will also have to determine the legality of the targets of cyber attack, what the acceptable limits of cyber warfare will
Saudi Arabia likely to block WhatsApp within weeks (Infosecurity Magazine) Saudi Arabia is cracking down on communications tools that bypass the Kingdom's monitoring capabilities and affect the revenue of the indigenous telecommunications companies
FDA calls for increased health IT cybersecurity efforts (FierceHealthIT) With hackers and cyberattacks increasing as threats to medical devices, the U.S. Food and Drug Administration this week published new guidance calling for developers and healthcare facilities to beef up security efforts while creating and using those devices
AdvaMed to FDA: 510(k) rules are fine as they are (FierceMedicalDevices) Congress is asking the FDA to tighten its policies for approving modifications of on-the-market devices, and now industry is pushing back, saying there's nothing wrong with the current process
Litigation, Investigation, and Law Enforcement
Revealing Secrets And Risking Treason (Wall Street Journal) America sets the bar high in defining traitorous acts. But 'adhering' to the enemy in times of war? Watch out
3 NSA Veterans Speak Out On Whistle-Blower: We Told You So (USA Today) In a roundtable discussion, a trio of former National Security Agency whistle-blowers tell USA TODAY that Edward Snowden succeeded where they failed
Former Vice President Cheney Weighs In On Snowden, Disclosures (USA Today) Former vice president Dick Cheney on Sunday called the contractor who disclosed information about top-secret U.S. surveillance programs a criminal and a traitor
Column: When lying is acceptable, public loses (Seattle Times) A member of Congress asks the director of national intelligence if the National Security Agency collects data on millions of Americans. "No, sir," James Clapper responds. Pressed, he adds a caveat: "Not wittingly." Then, NSA programs that do precisely that are disclosed
Whistleblowers not Protected in Intelligence Contractor Industry (AllGov) However, intelligence employees working for private companies like Booz Allen Hamilton (such as Snowden) can be fired by their employers if they report potential abuses to inspectors general. "I would say that there is a gaping loophole for
National Security leaker Snowden not welcome in U.K. (AP via Naples News) The British government has warned airlines around the world not to allow Edward Snowden, who leaked information on top-secret U.S. government surveillance programs, to fly to the United Kingdom
Eric Holder: Leaks 'damaged' security (Politico) Attorney General Eric Holder promised to hold accountable the individual who leaked information about the National Security Agency's surveillance program, saying the information is "extremely damaging" to U.S. national security
Investigate Booz Allen Hamilton, not Edward Snowden (The Guardian) Military contractor Booz Allen Hamilton of McLean, Virginia, has shot into the news recently over two of its former employees: Edward Snowden, the whistleblower who has just revealed the extent of US global spying on electronic data of ordinary
Web companies begin releasing surveillance information after U.S. deal (Reuters) Facebook and Microsoft have struck agreements with the U.S. government to release limited information about the number of surveillance requests they receive, a modest victory for the companies as they struggle with the fallout from disclosures about a secret government data-collection program. Facebook on Friday became the first to release aggregate numbers of requests, saying in a blog post that it received between 9,000 and 10,000 U.S. requests for user data in the second half of 2012, covering 18,000 to 19,000 of its users' accounts. Facebook has more than 1.1 billion users worldwide
PRISM helped stop terrorism in US and 20-plus countries, NSA document argues (Ars Technica) Declassified document claims phone metadata was searched under 300 times in 2012. US intelligence officials sent Congress a new declassified document on Saturday, which the Senate Intelligence Committee then made public. Outlets such as CNN and the Associated Press received this, and it revealed a number of interesting statistics related to the government's use of the NSA's controversial PRISM program. However, this document has not yet been published on the Senate Intelligence Committee's website (and does not seem to be easily obtained through basic Internet search)
Snowden's Leaks on China Could Affect Its Role in His Fate (New York Times) The decision by a former National Security Agency contractor to divulge classified data about the U.S. government's surveillance of computers in mainland China and Hong Kong has complicated his legal position, but may also make China's security apparatus more interested in helping him stay here, law and security experts said on Friday
The Oath Keepers on Edward Snowden (Reason Hit & Run) The Oath Keepers are a coalition of current and former military, police, and other public officials who have pledged not to obey unconstitutional commands. They're extremely controversial, with critics accusing them (inaccurately) of fomenting terrorism and (more accurately) of attracting people with an affinity for conspiracy theories and apocalyptic rhetoric. Since they were launched in the first year of the Obama administration, they are also sometimes accused of being unconcerned with the constitutional violations of the Bush years
Rand Paul Recruits for a Class Action Against NSA (Bloomberg BusinessWeek) It's been a week since the Guardian newspaper revealed, through documents leaked by a whistleblower, that the National Security Agency was sweeping up records of phone calls between U.S. citizens. Already, the lawyers are pouncing
NSA leaker Snowden is lying, say leaders of House Intelligence Committee (The Hill) The NSA leaker is lying about both his access to information and the scope of the secret surveillance programs he uncovered, the heads of the House Intelligence Committee charged Thursday
NSA Leak Inquiry to Explore Whether Snowden Had China Tie (Bloomberg) Counterintelligence and criminal investigators are examining whether Edward Snowden, the technology contractor who leaked details about classified U.S. spy programs, might have been recruited or exploited by China
Ukrainischer Hacker: Warum das FBI Darth Vader sprechen möchte (Spiegel Netzwelt) Ein weltweit gesuchter Hacker leitet in der Ukraine eine politische Partei. Im Darth-Vader-Kostüm sorgt er für Aufsehen und ruft zum Cyber-Krieg auf. Politiker schützen den Kriminellen vor Strafverfolgung - zum Ärger von FBI und Secret Service
Canadian government crossed the line in monitoring of activist (SC Magazine) The Canadian privacy commissioner has found that the government overstepped its bounds while monitoring activist Cindy Blackstock. The commissioner's report, released privately this month, found that the government began using social media to gather personal information about Blackstock in February 2010. Blackstock, the executive director of the First Nations Child and Family Caring Society of Canada, had lodged a human rights complaint against the government three years before. She alleged that inequitable government funding for First Nations child welfare services amounted to discrimination
US: No wide data breaches at firms in cyber-attack (NDTV) Federal prosecutors in New Jersey have provided new details on how an international cybercrime ring broken up this week accessed some customer accounts at more than a dozen leading financial institutions and payroll services. According to an amended
For a complete running list of events, please visit the Event Tracker.
3rd Cybersecurity Framework for Critical Infrastructure Workshop (San Diego, California, USA, Jul 10 - 12, 2013) NIST is inviting cybersecurity experts, industry and academia from across the nation to attend one of its regional workshops at UC San Diego to identify, refine and guide the many interrelated considerations, challenges and efforts needed to build this framework.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
Hack in Paris (Paris, France, Jun 17 - 21, 2013) This five day event will examine forensics, malware analysis, and corporate hacking techniques, and what could be better, it is held at the Euro Disney conference center outside of Paris. It has attracted a stellar lineup of speakers and promises to be a very technical event with heavy emphasis on training. This is its second year.
2013 ICAM Information Day and Expo (Washington, DC, USA, Jun 18, 2013) This day provides a forum for the Identity, Credential and Access Management (ICAM) community to get first-hand information on current identity management and related technologies.
Buzzword Forensics: Mobile is the Future…and the Future is Now (Laurel, Maryland, Sioux Falls, Jun 18, 2013) Digital forensics is evolving, as all forensic sciences must evolve. With the explosive growth of the Internet as context, the discipline of digital forensics has evolved significantly since the last millennium. In today's talk we briefly explore this evolution from the Paleolithic last millennium to our present, and increasingly mobile ecosphere. Mobile device forensics has something old and something new. Open source and commercial tools have had spotty records over the years with respect to mobile device forensics. We will explore some of the similarities and look explicitly at some of the major differences between classic computer forensics and mobile device forensics, using demos of Android forensics as an exemplar. Al Holt, adjunct professor at Towson University, will be the presenter.
NASA National Capital Region Industry Days (Washington, DC, USA, Jun 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in the marketplace.
AFCEA International Cyber Symposium 2013 (Baltimore, Maryland, USA, Jun 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The AFCEA International Cyber Symposium 2013 focuses on the critical missions of U.S. Cyber Command and the interface with Army Cyber Command, Marine Corps Forces Cyber Command, 10th U.S. Fleet Cyber Command, 24th Air Force Cyber, Department of Homeland Security, U.S. Coast Guard, DoD-CIO, National Security Agency (NSA), Defense Information Systems Agency (DISA), Defense Advanced Research Projects Agency (DARPA), Academia, Industry partners. The operational theme " Defining Full Spectrum Global Cyberspace Operations" will explore the operational security of DoD and Industry Networks, Cyber Operations with Joint and Coalition partners, and discuss the training and development of the cyber workforce.
ShakaCon (Honolulu, Hawaii, USA, Jun 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better than "sun, surf, and C Shells?" There are intensive training classes on hacking mobile apps and even lock picking (the set of tools is included in the class registration).
Northern Virginia Technology Council: Security Threats: What Keeps You Awake at Night? (McLean, Virginia, USA, Jun 27, 2013) It's no secret that cybersecurity events are increasing in frequency and intensity. Many of these events are severe and pose significant risk to us as individuals, to our businesses, as well as our economy and national security. We've seen many reports in the press recently of well-funded nation states attempting to pilfer our networks in search of intellectual property. Every day bad guys are trying to gain access to our credit card information and other forms of personal information to steal our money and identities while others brazenly attempt to take over our data and systems and hold them for ransom. How is this happening? What can we do to protect ourselves? This conference addresses these issues.
American Technology Awards Technology and Government Dinner (Washington, DC, USA, Jun 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology networking event bringing hundreds of tech industry, congressional, and government leaders together at one venue to celebrate the partnership between industry and government.