The CyberWire Daily Briefing for 6.18.2013
Britain's GCHQ's motive in intercepting G20 diplomats' messages is said to have been the traditional one: gain the UK a negotiating advantage. In the US, Apple and Yahoo describe their involvement in NSA surveillance. Whoever's behind the NetTraveler cyber espionage campaign is now using PRISM stories as bait.
Unrest in Brazil and Turkey is accompanied by hacktivist exploits. Indian bank accounts are hacked (and robbed) from Greece.
A Tactical Network Solutions researcher says he'll reveal significant surveillance camera vulnerabilities at Black Hat. A new iFrames obfuscation tool is offered for sale on the cyber black market, and more malware is hiding its activity in peer-to-peer communications. Old, unpatched SAP deployments are found to render many business systems vulnerable to exploitation.
Companies seek better employee vetting as they react to the PRISM affair, but lawyers caution too-enthusiastic exploration of potential hires' social media presence risks violation of anti-discrimination laws.
President Obama has now publicly defended NSA surveillance programs. More details of how such surveillance might work—and fresh suspicions about its scope—surface.
The US Department of Homeland Security (DHS) draws this lesson from the PRISM affair: it wishes it could do what the NSA did. (Also, the Public Affairs Council thinks DHS should do more to combat conspiracy theories. Similar cognitive dissonance appears in Canada, whose Privacy Commissioner decides, amid concerns about government overreach into citizens' privacy, that tightening privacy regulations on private companies is of first importance.)
Dutch and Belgian police catch smugglers betrayed by their own shipment-tracking hacks.
Today's issue includes events affecting Australia, Belgium, Brazil, Canada, China, Germany, Greece, India, Netherlands, Russia, Turkey, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
British GCHQ spied on G20 delegates to gain advantage in talks (Help Net Security) The British GCHQ has monitored computers and intercepted phone calls made by the foreign participants of two G20 summit meetings in London in 2009 and provided crucial information in near-real time to
Evidence that the NSA Is Storing Voice Content, Not Just Metadata (Schneier on Security) Interesting speculation that the NSA is storing everyone's phone calls, and not just metadata. Definitely worth reading. I expressed skepticism about this just a month ago. My assumption had always been that everyone's compressed voice calls is just too much data to move around and store. Now, I don't know
It's not just metadata. The NSA is getting everything. (Rubbing ALcoholic) Read between the lines in Sen. Feinstein's carefully-crafted press statement. After a closed Senate briefing today, Senate Intelligence Committee leader Dianne Feinstein talked up the vast system of checks and balances protecting Americans from unwarranted dragnet surveillance by the NSA. She said (emphasis added)
Yahoo! Discloses Number Of Data Requests From U.S. Law Agencies, Says It Will Issue "Transparency Report" Soon (TechCrunch) Yahoo! is now the latest tech company to disclose the number of government requests for data it has received over the past 18 months, prompted by the fallout from the NSA spying scandal
Apple chimes in with the "Ain't no PRISM here!" chorus (Naked Security) Apple has joined in with the PRISM surveillance saga, insisting that nobody has direct access to its servers and that even it can't read customers' end-to-end encrypted conversations
Why Was Apple Late To The PRISM Party? (TechCrunch) If there's one striking thing about those PRISM slides, other than their hideous aesthetics, it's that Apple's allocated yellow oval, instead of a date, has the words "(added Oct 2012)" underneath it. That difference is most striking when you consider the fact that Apple competitor Microsoft cooperated with the government a full five years earlier
PalTalk: It Was 'Flattering' To Be Included In The PRISM Slidedeck (TechCrunch) The eyesore of a PowerPoint deck that contractor Edward Snowden had leaked had globally recognized names: Microsoft. Google. Yahoo. Facebook. Apple. AOL. Skype. YouTube. The NSA had allegedly collaborated with all of these Internet giants to request and access data on foreign users. But then there was also PalTalk. WTF? Even Stephen Colbert ribbed them last week. "You heard right
Mumbai Police Bank Accounts Hacked (eSecurity Planet) A skimming device was placed on an ATM next door to police headquarters, and thousands of dollars were then withdrawn from ATMs in Greece
225 Turkish Websites Hacked by Kurdish Hackers (Hack Read) While scrolling Zone-h, I got hold of a hack where a group of Kurdish hacker going with the handle of ColdHackers has hacked and defaced 225+ Turkish websites. All hacked sites were left with a deface page along with a message in Turkish language, explaining the reason for attacking Turkish sites, according to which
Anonymous Hacks Brazil's Largest Magazine VEJA's Twitter account, invites people to Protest against Government (Hack Read) The online hackavist [sic] group Anonymous Brazil has hacked the official Twitter account of one of Brazil's largest magazine @VEJA, asking the Brazilians to join them in protests against the increase of Bus fare. Anonymous Brazil posted an image on hacked Twitter account with a message saying: Its not about cents, its about our rights! The account was hacked few minutes ago and I am breaking the news for you
NetTraveler Attackers Using NSA PRISM Program as Bait (Threatpost) Never let it be said that attackers don't keep up with the news. The crew behind the NetTraveler cyberespionage attacks is now using the news about the NSA's PRISM surveillance program as bait in a new spear-phishing campaign. Security researcher Brandon Dixon of 9bplus came across a malicious email this week that plays off the
Scores of vulnerable SAP deployments uncovered (SC Magazine) Scan finds critical systems unpatched, facing the public web. Hundreds of organisations have been detected running dangerously vulnerable versions of SAP that are more than seven years old
Rogue ads target EU users, expose them to Win32/Toolbar.SearchSuite through the KingTranslate PUA (Webroot Threat Blog) Who would need a virtually unknown, but supposedly free, desktop based application in order to translate texts between multiple languages? Tens of thousands of socially engineered European ads, who continue getting exposed to the rogue ads served through Yieldmanager's network, are promoting more Potentially Unwanted Applications (PUAs) courtesy of Bandoo Media Inc and their subsidiary Koyote-Lab Inc
New boutique iFrame crypting service spotted in the wild (Webroot Threat Blog) In a series of blog posts shedding more light into the emergence of the boutique cybercrime 'enterprise', we've been profiling underground market propositions that continue populating the cybercrime ecosystem on a daily basis, but fail to result in any widespread damage or introduce potential ecosystem disrupting features. Despite these observations, the novice cybercriminals behind them continue earning revenue from fellow cybercriminals, continue generating and maintaining their botnets, and, just like small businesses in a legitimate economy model, continue to collectively occupy a significant market share within the cybercrime ecosystem
Researcher finds latest Office zero-day was first used in 2009 (CSO Magazine) Microsoft patched an Office zero day flaw that was recently reported by Google's security team but may have been first exploited over three years ago. After releasing its customary fixes on Patch Tuesday cycle last week, Microsoft revealed that a flaw
Damballa said that Malware Utilize P2P Communications to Escape Detection (Spamfighter) Many of the Internet's most hazardous malware threats are now routinely using peer-to-peer (P2P) command and control in an attempt to escape the detection and shut down that has impacted many conventional botnets, as per security vendor Damballa
Surveillance cameras can be hacked - who is watching you? (Infosecurity Magazine) A security expert has promised to reveal security flaws in thousands of surveillance cameras. He will not, he says, disclose the vulnerabilities to the vendors before his presentation at Black Hat, Las Vegas, starting 31 July
Palmer's company hit in cyber attack (Sky News) Mining magnate Clive Palmer says his company's computer systems were hacked and a laptop was stolen after he announced he was forming a political party
Why Cash is King in Today's Cyber World (SecurityWeek) There was a popular Aflac Insurance commercial series that ran several years ago featuring New York Yankee great Yogi Berra, known as much for his clever quips as his Hall of Fame baseball talents. In the spot Berra stated about the company, "they give you cash, which is just as good as money." Turns out Yogi may have been onto something because in today's cyber world, cash may be even better than money. Confused? Let me explain
Threatscape for Mac OS X Users (Kaspersky) Infographic: the Mac OS X threatscape
Security Patches, Mitigations, and Software Updates
Oracle Improves Java Security – What It Means For End Users (TrendLabs Security Intelligence Blog) About two weeks ago, Oracle published a blog post describing – and promising – to improve the security of Java. Since then, I've been asked a few times: what exactly did they say, and what does it mean for end users
Americans gave away online privacy to advertisers long ago (Quartz) New stories surface every day detailing the National Security Agency's administration of secret programs designed to keep the US "safe" in an era of internet communication and global networks. Having a strong opinion on any particular set of details would be premature
It takes 10 hours to identify a security breach (Help Net Security) Businesses are vulnerable to security breaches due to their inability to properly analyze or store big data, according to McAfee. The ability to detect data breaches within minutes is critical in
Account takeover attempts have nearly doubled (Help Net Security) ThreatMetrix announced its Cybercrime Index, a series of Web fraud data aggregated from 1,500 customers, 9,000 websites and more than 1.7 billion cyber events. In a recent six-month snapshot ending
Global Telework on the Rise (The American Interest) Roughly 20 percent of the world's workforce works from home at least once a week. Via Meadia's telework coverage often focuses on the American experience, but remote working is frequently generating more success stories abroad. According to research done by Ipsos, China, Russia, Indonesia, Turkey, and Saudi Arabia all have larger percentages of workers working from home. South Africa and India lead the world in telework, with both countries having 32 percent of their workforce engaged in fulltime telecommuting, and 82 percent working remotely at least once a week
NSA leak case gives vendors reason to reevaluate personnel (FederalNewsRadio.com) Ryan, of course, is referring to Edward Snowden, the former Booz Allen Hamilton employee who leaked details of a classified surveillance program. Booz Allen Hamilton will not likely be subject to a suspension and debarment proceeding, Ryan said
Social Media Background Checks: Proceed With Extreme Caution, Lawyer Says (Bloomberg BNA) Employers that wish to vet potential employees using social media sites like Facebook and Twitter must be very careful not to violate anti-discrimination laws, an attorney said June 17 at the Society for Human Resource Management's Annual Conference & Exhibition
Radware Ltd. (RDWR), Sourcefire, Inc. (FIRE), Fortinet Inc (FTNT): The Cyber War Expands (Insider Monkey) The Untied States is looking to help allies fend off cyber attacks. That's a good thing for this country and a good thing for companies in the cyber defense space
NTT to Acquire Managed Security Services Provider Solutionary (Security Week) In a bid to enhance its end Cloud Services portfolio and security offerings, Japanese IT and telecommunications services giant NTT has agreed to acquire Solutionary, an Omaha, Nebraska-based Managed Security Services Provider for an undisclosed cash sum
Products, Services, and Solutions
The Price to Pay for Facebook's Free Wi-Fi? A Scrap of Privacy (Wired) Facebook Wi-Fi, which gives users free wireless internet in exchange for "checking in" to businesses, has graduated from experiment to steadily spreading product
Worried Who's Watching Your Web Browsing? Adafruit's Onion Pi Tor Proxy Project Creates A Private, Portable Wi-Fi Access Point (TechCrunch) Adafruit Industries has put together a weekend project for people worried the NSA is watching how many reruns of Seinfeld they watch on their tablet. The Onion Pi Tor Proxy is a weekend project that uses the Raspberry Pi microcomputer, along with a USB WiFi adapter and Ethernet cable to create "a small, low-power and portable privacy Pi"
DeepCover Secure Authenticator From Maxim Integrated Protects Designs (Dark Reading) The use of ECDSA public-key cryptography saves cost and reduces key management complexity by eliminating the need for the host controller to store and protect the authentication key, which is required for comparable symmetric (secret-key) solutions
STMicroelectronics Signs Comprehensive Agreement With Rambus (MarketWatch) For its part, ST has secured license terms from the Cryptography Research, Inc. (CRI) division of Rambus to make it possible for ST to deploy Differential Power Analysis (DPA) countermeasures and CryptoFirewall(TM) core security technology across a
EiQ Networks unwraps new 'proactive' cyber defense monitoring (Infosecurity Magazine) The Massachusetts-based security and compliance specialist has introduced what it is calling the "first security monitoring solution to provide automated analysis of SANS Critical Security Controls"
Yahoo's going to boot us off our deadbeat accounts, but who is going to grab them? (Naked Security) Get thee to your unused Yahoo account before July 15 if you don't relish the thought of somebody taking control of your handle and doing heaven knows what with whatever email gets sent to it
Guidance Software Recognized as a Leader for E-Discovery Software (Sarbanes-Oxley Compliance Journal) Guidance Software, Inc. (NASDAQ: GUID), the World Leader in Digital Investigations™, has been named a "leader" in Gartner Inc.'s Magic Quadrant for e-discovery software, in its third annual industry report. Guidance Software's EnCase® eDiscovery has been placed in the leaders' quadrant every year since the report's inception
Technologies, Techniques, and Standards
Streamlining Coalition Mission Network Participation (SIGNAL Magazine) NATO and eight coalition nations participating in the Coalition Warrior Interoperability eXploration, eXperimentation and eXamination, eXercise (CWIX) are working to reduce the amount of time it takes to join coalition networks in the future
Vulnerability Disclosure – Open or Private? (TrendLabs Security Intelligence Blog) At the end of May, two Google security engineers announced Mountain View's new policy regarding zero-day bugs and disclosure. They strongly suggested that information about zero-day exploits currently in the wild should be released no more than seven days after the vendor has been notified. Ideally, the notification or patch should come from the vendor, but they also indicated that researchers should release the details themselves if the vendor was not forthcoming
Wall Street sets example for testing security defenses (CSO) Quantum Dawn 2 will test institutions' playbooks while also finding more efficient ways to share real-time information
Cloud data security: Share the responsibility, minimize the risks (TechTarget) "It's not a situation where you're absolved of the responsibility," said Jim Reavis, executive director of the Cloud Security Alliance, an organization that promotes best practices and training to improve cloud data security. "There's a fair amount of
How to Block the NSA From Your Friends List (Slate) After recent revelations of NSA spying, it's difficult to trust large Internet corporations like Facebook to host our online social networks. Facebook is one of nine companies tied to PRISM––perhaps the largest government surveillance effort in world history. Even before this story broke, many social media addicts had lost trust in the company. Maybe now they'll finally start thinking seriously about leaving the social network giant
Most Data Breaches Caused by Human Error, System Glitches (CIO) Companies can significantly decrease the cost of data breaches by teaching employees not to cut corners and by adopting a strong security posture and an incident response plan
Big Data causes big problems for security (Infosecurity Magazine) For enterprises, the ability to detect data breaches within minutes is critical in preventing data loss, yet only 35% of firms stated they have the ability to do this. The culprit? An ever-escalating array of data sources stemming from virtualization, anywhere, anytime work habits and an explosion of end-user devices and applications. In short, organizations around the world are finding themselves unable to harness the power of Big Data for security purposes
Healthcare attorney: 'Secure the human' to keep patient data safe (FierceHealthIT) For healthcare providers looking to ensure the security of electronic patient information, it's just as important to solidify employee knowledge as it is to encrypt data and implement improved IT solutions, said Lee Kim, an attorney with Pittsburgh-based firm Tucker Arensberg who also serves as chair of the mHIMSS Legal/Policy Taskforce
Design and Innovation
Graphical Tools Help Security Experts Track Cyber-Attacks in Real Time (eweek) Cyber-sleuths use tools that appear to have come straight out of a science fiction movie in their quest to detect attacks in time to raise defensive shields. The image on the screen shows a cyber-attack in progress, but it doesn't look like the rows of reports that you usually expect to see as event data flows from intrusion prevention systems, next-generation firewalls and security reporting systems
Spotting The Right Time To Innovate (InformationWeek) Everyone likes to talk about changing the game, but how do you actually see and shift the field? With every passing year, competitive intensity across industries seems to increase. The long-term impact of digitization, globalization and all other forms of connectivity in our hyper-networked world has shortened the half-life of innovations. Years ago, smart innovation plays could provide differentiation and lasting competitive advantage for a decade or more. Today, when we look at examples like the Flip camera, which went from dazzling to defunct in less than five years, or Blockbuster, which went from a market capitalization of $5 billion to roughly $300 million in less than a decade -- we're living in a fundamentally more dynamic (and deadly) era
Research and Development
Best Supercomputers Still Not Best for Big Data (IEEE Spectrum) China's new top-ranked supercomputer is at the top of the heap for some needs, but not for the kind of data sifting the NSA and Amazon.com do
GE wants to use artificial intelligence to predict the future of hospitals (Gigaom) GE Healthcare is pushing a system called Corvix for doing agent-based simulations on complex problems. In India, the technology simulated a population of 80 million people in order to determine the best places to build medical facilities
Scientists working to develop most powerful cyber security (Business Standard) Hackers at present are able to intercept communications without the sender or recipient knowing, Morello added. But quantum cryptography will be able to prevent access by detecting hackers and destroying or altering messages as hackers try to obtain them
Quantum Cryptography Promises Un-Hackable Industrial Communications (POWER magazine) What if you could send a control message between two points on the electricity grid—say between a control room operator and a turbine or between a system operator and a generating plant—and know that there's no way that message can be intercepted
Legislation, Policy, and Regulation
Texas becomes first state to require warrant for e-mail snooping (Ars Technica) Gov. Rick Perry signed HB 2268 on June 14, and it takes effect immediately
Still More Noise Than Signal, As US Spies Promise More Transparency (TIME) General Keith Alexander, commander of the U.S. Cyber Command, director of the National Security Agency (NSA) and chief of the Central Security Service (CSS), arrives at the Senate Appropriations Committee hearing on Capitol Hill in Washington June 1
National Security Agency to reveal details of foiled plots (The Australian) The National Security Agency plans to reveal details about terror plots it says were thwarted by surveillance, part of an effort to assuage concern about is secret online snooping. In a rare move, the NSA wants to declassify what its director says were
Does the NSA Really Need "Direct Access"? (IEEE Spectrum) We're now well into the second stage of the controversy surrounding the allegations that the NSA is conducting large-scale surveillance of U.S. citizens. Whistleblower/leaker/traitor (the exact term varying according to individual opinion.) Edward Snowden is being scrutinized, as are the articles written by Glenn Greenwald for The Guardian newspaper
In Electronic Snooping, Level Of Oversight Is Key (Washington Post) Americans are learning what electronics whizzes and hackers have known all along--that computers and smartphones, which make our lives more productive and entertaining, have at the same time ended privacy as most of us have understood it
Put The Spies Back Under One Roof (New York Times) Congress must act now to re-establish a government-run intelligence service operating with proper oversight. The first step is to appoint an independent review board with no contractors on it to decide where the line for government work should be drawn. The best response to the Snowden affair is to reduce the size of our private intelligence army and make contract spying a thing of the past. Our democracy depends on it
Opinion: Obama, NSA deserve thanks (The Hill) We should congratulate President Obama and his National Security Agency director, Gen. Keith Alexander, for defending the NSA and the other intelligence agencies that have been working to protect us from another major terrorist attack
Obama Defends Broad Surveillance (Washington Post) President Obama defended his administrations right to engage in extensive surveillance of U.S. communications in an interview with PBS host Charlie Rose, saying the programs had disrupted multiple terrorist plots and had adequate checks and balances
In First NSA Interview, Obama Can't Confirm If Courts Ever Rejected Spying Requests (TechCrunch) President Obama finally took a sit-down interview on the National Security Agency scandal and we've pasted a partial transcript below. Disappointingly, most of it is (very) generic and defensive. But, there is one important takeaway: President Obama couldn't answer whether oversight courts (FISA) have ever rejected a single NSA spying request. PBS's Charlie Rose asked, pointedly
Secret U.S. cyber actions exposed by Snowden leaks demand much larger debate (SC Magazine) In April 2009, Gen. Keith Alexander, director of the National Security Agency, took the stage at the annual RSA Conference in San Francisco for a keynote address. He told the crowd of thousands: "The NSA does not want to run cyber security for the government"
Snowden claims online Obama expanded 'abusive' security programs (CNN) A series of blog posts on Monday purportedly by Edward Snowden said he leaked classified details about U.S. surveillance programs because President Barack Obama worsened "abusive" practices instead of curtailing them as he
Spying on Foreigners is A Big Deal (Slate) As Edward Snowden has had more opportunity to talk, it's clear that one thing that bothers him about U.S. intelligence conduct is that something perfectly legal is happening—large-scale snooping on foreigners. And many Americans are going to shrug at that. The constitution is here to protect our rights, and spying on foreigners is exactly what the NSA is supposed to be doing
Apple, Facebook, Microsoft Detail Surveillance Requests (InformationWeek) Newly published information details the total number of government surveillance requests received; Google abstains, citing "a step back for users." Apple, Facebook and Microsoft, under fire from customers domestic and foreign, have received permission from the Department of Justice and FBI to detail the number of requests they've received for customer data from the U.S. government
Worried About PRISM? It's Just the Tip of the Surveillance Iceberg (Slate) The revelations of the highly classified National Security Agency program that takes records from Internet companies has received lots of attention recently. But it's really a small part of "a much more expansive and intrusive eavesdropping effort," notes the Associated Press. Those concerned that the U.S. government may be reading their emails should be more worried about a parallel NSA program that takes data straight from "the fiber optic cables that make up the Internet's backbone." But the existence of that program has been known for years
U.S. surveillance architecture includes collection of revealing Internet, phone metadata (Washington Post) On March 12, 2004, acting attorney general James B. Comey and the Justice Department's top leadership reached the brink of resignation over electronic surveillance orders that they believed to be illegal
Watching the NSA Watchers (National Review) Congress may not be capable of keeping a check on our Byzantine bureaucracy. On Sunday, former vice president Dick Cheney addressed the dilemma many conservatives face in assessing the revelations about the National Security Agency's data collection. On the one hand, they are suspicious of the federal government. On the other, they often mute such concerns when it comes to anything touching on national security
Cyber Warfare: What Are the Rules? (Huffington Post) Cyber warfare occurs when one country perpetrates a cyber attack against another country that would to the reasonable person constitute a state act of war. This is the time to encourage dialog to explore and define what constitutes a cyber attack and
China Understands 'Blunt' Message on Hacking: Obama (AFP) US President Barack Obama said that China has understood his "very blunt" message that cyber-hacking against the United States will lead to a deterioration of relations between the two powers
The German Prism: Berlin Wants to Spy Too (Spiegel) All of these motives probably play a role. The truth is that the Germans would love to be able to engage in more online espionage. Until now, the only thing missing has been the means to do so. Consequently, an outraged reaction from Berlin would have seemed fairly hypocritical
Canadian privacy commissioner proposes legal overhaul (SC Magazine) Canadian Privacy Commissioner Jennifer Stoddart has called for fundamental reforms to Canada's privacy law that would make companies more accountable for privacy violations
US, Russia create communications link on cyber security (The Australian Financial Review) The pact also establishes a formal channel through which the US Computer Emergency Readiness Team, run by the Department of Homeland Security, can exchange technical information with its Russian counterpart. Any shared data would be stripped of
DHS hopes get same cyber-spying powers as NSA (Daily Caller) Domestic spying capabilities used by the National Security Agency to collect massive amounts of data on American citizens could soon be available to the Department of Homeland Security — a bureaucracy with the power to arrest citizens that is not
Facts not enough for DHS to fight conspiracy theories (FierceHomelandSecurity) The Homeland Security Department needs to debunk falsehoods and conspiracy theories about it more aggressively, said Doug Pinkham, president of the Public Affairs Council, at a House hearing June 14
US Energy Department creates cybersecurity council (Infosecurity Magazine) The US Department of Energy is tackling cybersecurity for its various branches, including the National Nuclear Security Administration (NNSA), with a new cybersecurity council tasked with formulating best practices in the security arena
House approves FITARA version as part of national defense bill (Fierce Government IT) The House approved as an amendment to the fiscal 2014 national defense authorization act a version of the Federal Information Technology Acquisition Reform Act lacking earlier language regarding open source software
NPPD should do more to encourage FISMA compliance, evolve CyberScope, says OIG (Fierce Homeland Security) When the Homeland Security Department was designated in July 2010 as the lead agency to protect federal agencies' information systems and networks, the National Protection and Programs Directorate took on additional responsibilities. But a June 5 DHS Office of Inspector General report finds NPPD's Office of Cybersecurity and Communications has not fully met its obligations to improve the security posture of the dot-gov domain
FDA tells medical device makers and hospitals to strengthen security (Naked Security) The FDA hasn't seen patient deaths or injuries, but it has seen malware clogging up hospital equipment, passwords passed around like candy, and disregard for updating/patching old equipment
Litigation, Investigation, and Law Enforcement
Spygate Leaks Imperil State-Secrets Defense (Wired) First it was the President George W. Bush administration and then the President Barack Obama administration, which for years have been arguing in court that the state secrets privilege shields the government from lawsuits accusing it of siphoning Americans' electronic
As Snowden Chats His Credibility Wanes (Bloomberg.com) The real question is how the U.S. defense establishment went from employing Dr. Strangelove to hiring this pupil of Dr. Pangloss
Snowden Says He Can't Get A Fair U.S. Trial (Washington Post) Edward Snowden, who acknowledged leaking top-secret documents about extensive U.S. surveillance of telephone calls and Internet communications, claimed in an unusual live Web chat Monday that he sees no possibility of a fair trial in the United States and suggested that he would try to elude authorities as long as possible
Snowden Says Leaks Didn't Disclose U.S. Military Targets (Bloomberg) Edward Snowden, the former National Security Agency contractor who leaked classified documents about government surveillance programs, said he didn't reveal any U.S. operations "against legitimate military targets." I pointed out where the NSA has hacked civilian infrastructure such as universities, hospitals, and private businesses because it is dangerous," Snowden said during an Internet question-and-answer session today on the website of U.K.'s Guardian newspaper
Who Is Edward Snowden? Background on NSA Leaker Emerges (Viral Read) He was a teenage aficionado of role-playing video games and Japanese anime cartoons who dropped out of high school and turned his avid interest in computer technology into a career that paid him more than $100,000 a year before he turned 30, living every nerd's dream with a beautiful girlfriend and a job in the tropical paradise of Hawaii
WikiLeaks Trial Focuses Army Email List (Yahoo) A huge database of troop names and email addresses an Army private allegedly downloaded to a personal computer could be used by foreign adversaries to launch cyberattacks on service members, a government witness said Monday as the trial of Pfc. Bradley Manning entered its third week
WikiLeaks Breach Included Secret Details On Guantanamo Prisoners: Official (Reuters) The soldier accused of the largest release of classified data in U.S. history provided WikiLeaks with secret details of prisoners held at Guantanamo Bay, threatening "serious" damage to national security, the prison's former commander testified on Monday
Drug Traffickers Hacked Shipping Systems to Track Large Drug Shipments (SecurityWeek) Belgian and Dutch authorities investigating computer hacking attacks on shipping companies in the port city of Antwerp have uncovered a massive drug smuggling ring, police said Monday
Chase, Citigroup among banks reportedly hacked in $15-million heist (Los Angeles Times) Hackers allegedly targeted 15 financial institutions, including JPMorgan Chase & Co., Citigroup Inc. and E-Trade, as part of a nearly two-year-long scheme to hack into customer accounts online to steal at least $15 million, U.S. authorities announced this week
For a complete running list of events, please visit the Event Tracker.
25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.
Hack in Paris (Paris, France, Jun 17 - 21, 2013) This five day event will examine forensics, malware analysis, and corporate hacking techniques, and what could be better, it is held at the Euro Disney conference center outside of Paris. It has attracted a stellar lineup of speakers and promises to be a very technical event with heavy emphasis on training. This is its second year.
2013 ICAM Information Day and Expo (Washington, DC, USA, Jun 18, 2013) This day provides a forum for the Identity, Credential and Access Management (ICAM) community to get first-hand information on current identity management and related technologies.
Buzzword Forensics: Mobile is the Future…and the Future is Now (Laurel, Maryland, Sioux Falls, Jun 18, 2013) Digital forensics is evolving, as all forensic sciences must evolve. With the explosive growth of the Internet as context, the discipline of digital forensics has evolved significantly since the last millennium. In today's talk we briefly explore this evolution from the Paleolithic last millennium to our present, and increasingly mobile ecosphere. Mobile device forensics has something old and something new. Open source and commercial tools have had spotty records over the years with respect to mobile device forensics. We will explore some of the similarities and look explicitly at some of the major differences between classic computer forensics and mobile device forensics, using demos of Android forensics as an exemplar. Al Holt, adjunct professor at Towson University, will be the presenter.
NASA National Capital Region Industry Days (Washington, DC, USA, Jun 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in the marketplace.
AFCEA International Cyber Symposium 2013 (Baltimore, Maryland, USA, Jun 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The AFCEA International Cyber Symposium 2013 focuses on the critical missions of U.S. Cyber Command and the interface with Army Cyber Command, Marine Corps Forces Cyber Command, 10th U.S. Fleet Cyber Command, 24th Air Force Cyber, Department of Homeland Security, U.S. Coast Guard, DoD-CIO, National Security Agency (NSA), Defense Information Systems Agency (DISA), Defense Advanced Research Projects Agency (DARPA), Academia, Industry partners. The operational theme " Defining Full Spectrum Global Cyberspace Operations" will explore the operational security of DoD and Industry Networks, Cyber Operations with Joint and Coalition partners, and discuss the training and development of the cyber workforce.
ShakaCon (Honolulu, Hawaii, USA, Jun 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better than "sun, surf, and C Shells?" There are intensive training classes on hacking mobile apps and even lock picking (the set of tools is included in the class registration).
Northern Virginia Technology Council: Security Threats: What Keeps You Awake at Night? (McLean, Virginia, USA, Jun 27, 2013) It's no secret that cybersecurity events are increasing in frequency and intensity. Many of these events are severe and pose significant risk to us as individuals, to our businesses, as well as our economy and national security. We've seen many reports in the press recently of well-funded nation states attempting to pilfer our networks in search of intellectual property. Every day bad guys are trying to gain access to our credit card information and other forms of personal information to steal our money and identities while others brazenly attempt to take over our data and systems and hold them for ransom. How is this happening? What can we do to protect ourselves? This conference addresses these issues.
American Technology Awards Technology and Government Dinner (Washington, DC, USA, Jun 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology networking event bringing hundreds of tech industry, congressional, and government leaders together at one venue to celebrate the partnership between industry and government.