The CyberWire Daily Briefing for 6.18.2013

Cyber Attacks, Threats, and Vulnerabilities

British GCHQ spied on G20 delegates to gain advantage in talks (Help Net Security) The British GCHQ has monitored computers and intercepted phone calls made by the foreign participants of two G20 summit meetings in London in 2009 and provided crucial information in near-real time to

Evidence that the NSA Is Storing Voice Content, Not Just Metadata (Schneier on Security) Interesting speculation that the NSA is storing everyone's phone calls, and not just metadata. Definitely worth reading. I expressed skepticism about this just a month ago. My assumption had always been that everyone's compressed voice calls is just too much data to move around and store. Now, I don't know

It's not just metadata. The NSA is getting everything. (Rubbing ALcoholic) Read between the lines in Sen. Feinstein's carefully-crafted press statement. After a closed Senate briefing today, Senate Intelligence Committee leader Dianne Feinstein talked up the vast system of checks and balances protecting Americans from unwarranted dragnet surveillance by the NSA. She said (emphasis added)

Yahoo! Discloses Number Of Data Requests From U.S. Law Agencies, Says It Will Issue "Transparency Report" Soon (TechCrunch) Yahoo! is now the latest tech company to disclose the number of government requests for data it has received over the past 18 months, prompted by the fallout from the NSA spying scandal

Apple chimes in with the "Ain't no PRISM here!" chorus (Naked Security) Apple has joined in with the PRISM surveillance saga, insisting that nobody has direct access to its servers and that even it can't read customers' end-to-end encrypted conversations

Why Was Apple Late To The PRISM Party? (TechCrunch) If there's one striking thing about those PRISM slides, other than their hideous aesthetics, it's that Apple's allocated yellow oval, instead of a date, has the words "(added Oct 2012)" underneath it. That difference is most striking when you consider the fact that Apple competitor Microsoft cooperated with the government a full five years earlier

PalTalk: It Was 'Flattering' To Be Included In The PRISM Slidedeck (TechCrunch) The eyesore of a PowerPoint deck that contractor Edward Snowden had leaked had globally recognized names: Microsoft. Google. Yahoo. Facebook. Apple. AOL. Skype. YouTube. The NSA had allegedly collaborated with all of these Internet giants to request and access data on foreign users. But then there was also PalTalk. WTF? Even Stephen Colbert ribbed them last week. "You heard right

Mumbai Police Bank Accounts Hacked (eSecurity Planet) A skimming device was placed on an ATM next door to police headquarters, and thousands of dollars were then withdrawn from ATMs in Greece

225 Turkish Websites Hacked by Kurdish Hackers (Hack Read) While scrolling Zone-h, I got hold of a hack where a group of Kurdish hacker going with the handle of ColdHackers has hacked and defaced 225+ Turkish websites. All hacked sites were left with a deface page along with a message in Turkish language, explaining the reason for attacking Turkish sites, according to which

Anonymous Hacks Brazil's Largest Magazine VEJA's Twitter account, invites people to Protest against Government (Hack Read) The online hackavist [sic] group Anonymous Brazil has hacked the official Twitter account of one of Brazil's largest magazine @VEJA, asking the Brazilians to join them in protests against the increase of Bus fare. Anonymous Brazil posted an image on hacked Twitter account with a message saying: Its not about cents, its about our rights! The account was hacked few minutes ago and I am breaking the news for you

NetTraveler Attackers Using NSA PRISM Program as Bait (Threatpost) Never let it be said that attackers don't keep up with the news. The crew behind the NetTraveler cyberespionage attacks is now using the news about the NSA's PRISM surveillance program as bait in a new spear-phishing campaign. Security researcher Brandon Dixon of 9bplus came across a malicious email this week that plays off the

Scores of vulnerable SAP deployments uncovered (SC Magazine) Scan finds critical systems unpatched, facing the public web. Hundreds of organisations have been detected running dangerously vulnerable versions of SAP that are more than seven years old

Rogue ads target EU users, expose them to Win32/Toolbar.SearchSuite through the KingTranslate PUA (Webroot Threat Blog) Who would need a virtually unknown, but supposedly free, desktop based application in order to translate texts between multiple languages? Tens of thousands of socially engineered European ads, who continue getting exposed to the rogue ads served through Yieldmanager's network, are promoting more Potentially Unwanted Applications (PUAs) courtesy of Bandoo Media Inc and their subsidiary Koyote-Lab Inc

New boutique iFrame crypting service spotted in the wild (Webroot Threat Blog) In a series of blog posts shedding more light into the emergence of the boutique cybercrime 'enterprise', we've been profiling underground market propositions that continue populating the cybercrime ecosystem on a daily basis, but fail to result in any widespread damage or introduce potential ecosystem disrupting features. Despite these observations, the novice cybercriminals behind them continue earning revenue from fellow cybercriminals, continue generating and maintaining their botnets, and, just like small businesses in a legitimate economy model, continue to collectively occupy a significant market share within the cybercrime ecosystem

Researcher finds latest Office zero-day was first used in 2009 (CSO Magazine) Microsoft patched an Office zero day flaw that was recently reported by Google's security team but may have been first exploited over three years ago. After releasing its customary fixes on Patch Tuesday cycle last week, Microsoft revealed that a flaw

Damballa said that Malware Utilize P2P Communications to Escape Detection (Spamfighter) Many of the Internet's most hazardous malware threats are now routinely using peer-to-peer (P2P) command and control in an attempt to escape the detection and shut down that has impacted many conventional botnets, as per security vendor Damballa

Surveillance cameras can be hacked - who is watching you? (Infosecurity Magazine) A security expert has promised to reveal security flaws in thousands of surveillance cameras. He will not, he says, disclose the vulnerabilities to the vendors before his presentation at Black Hat, Las Vegas, starting 31 July

Palmer's company hit in cyber attack (Sky News) Mining magnate Clive Palmer says his company's computer systems were hacked and a laptop was stolen after he announced he was forming a political party

Why Cash is King in Today's Cyber World (SecurityWeek) There was a popular Aflac Insurance commercial series that ran several years ago featuring New York Yankee great Yogi Berra, known as much for his clever quips as his Hall of Fame baseball talents. In the spot Berra stated about the company, "they give you cash, which is just as good as money." Turns out Yogi may have been onto something because in today's cyber world, cash may be even better than money. Confused? Let me explain

Threatscape for Mac OS X Users (Kaspersky) Infographic: the Mac OS X threatscape

Security Patches, Mitigations, and Software Updates

Oracle Improves Java Security – What It Means For End Users (TrendLabs Security Intelligence Blog) About two weeks ago, Oracle published a blog post describing – and promising – to improve the security of Java. Since then, I've been asked a few times: what exactly did they say, and what does it mean for end users

Cyber Trends

Americans gave away online privacy to advertisers long ago (Quartz) New stories surface every day detailing the National Security Agency's administration of secret programs designed to keep the US "safe" in an era of internet communication and global networks. Having a strong opinion on any particular set of details would be premature

It takes 10 hours to identify a security breach (Help Net Security) Businesses are vulnerable to security breaches due to their inability to properly analyze or store big data, according to McAfee. The ability to detect data breaches within minutes is critical in

Account takeover attempts have nearly doubled (Help Net Security) ThreatMetrix announced its Cybercrime Index, a series of Web fraud data aggregated from 1,500 customers, 9,000 websites and more than 1.7 billion cyber events. In a recent six-month snapshot ending

Global Telework on the Rise (The American Interest) Roughly 20 percent of the world's workforce works from home at least once a week. Via Meadia's telework coverage often focuses on the American experience, but remote working is frequently generating more success stories abroad. According to research done by Ipsos, China, Russia, Indonesia, Turkey, and Saudi Arabia all have larger percentages of workers working from home. South Africa and India lead the world in telework, with both countries having 32 percent of their workforce engaged in fulltime telecommuting, and 82 percent working remotely at least once a week

Marketplace

NSA leak case gives vendors reason to reevaluate personnel (FederalNewsRadio.com) Ryan, of course, is referring to Edward Snowden, the former Booz Allen Hamilton employee who leaked details of a classified surveillance program. Booz Allen Hamilton will not likely be subject to a suspension and debarment proceeding, Ryan said

Social Media Background Checks: Proceed With Extreme Caution, Lawyer Says (Bloomberg BNA) Employers that wish to vet potential employees using social media sites like Facebook and Twitter must be very careful not to violate anti-discrimination laws, an attorney said June 17 at the Society for Human Resource Management's Annual Conference & Exhibition

Radware Ltd. (RDWR), Sourcefire, Inc. (FIRE), Fortinet Inc (FTNT): The Cyber War Expands (Insider Monkey) The Untied States is looking to help allies fend off cyber attacks. That's a good thing for this country and a good thing for companies in the cyber defense space

NTT to Acquire Managed Security Services Provider Solutionary (Security Week) In a bid to enhance its end Cloud Services portfolio and security offerings, Japanese IT and telecommunications services giant NTT has agreed to acquire Solutionary, an Omaha, Nebraska-based Managed Security Services Provider for an undisclosed cash sum

Products, Services, and Solutions

The Price to Pay for Facebook's Free Wi-Fi? A Scrap of Privacy (Wired) Facebook Wi-Fi, which gives users free wireless internet in exchange for "checking in" to businesses, has graduated from experiment to steadily spreading product

Worried Who's Watching Your Web Browsing? Adafruit's Onion Pi Tor Proxy Project Creates A Private, Portable Wi-Fi Access Point (TechCrunch) Adafruit Industries has put together a weekend project for people worried the NSA is watching how many reruns of Seinfeld they watch on their tablet. The Onion Pi Tor Proxy is a weekend project that uses the Raspberry Pi microcomputer, along with a USB WiFi adapter and Ethernet cable to create "a small, low-power and portable privacy Pi"

DeepCover Secure Authenticator From Maxim Integrated Protects Designs (Dark Reading) The use of ECDSA public-key cryptography saves cost and reduces key management complexity by eliminating the need for the host controller to store and protect the authentication key, which is required for comparable symmetric (secret-key) solutions

STMicroelectronics Signs Comprehensive Agreement With Rambus (MarketWatch) For its part, ST has secured license terms from the Cryptography Research, Inc. (CRI) division of Rambus to make it possible for ST to deploy Differential Power Analysis (DPA) countermeasures and CryptoFirewall(TM) core security technology across a

EiQ Networks unwraps new 'proactive' cyber defense monitoring (Infosecurity Magazine) The Massachusetts-based security and compliance specialist has introduced what it is calling the "first security monitoring solution to provide automated analysis of SANS Critical Security Controls"

Yahoo's going to boot us off our deadbeat accounts, but who is going to grab them? (Naked Security) Get thee to your unused Yahoo account before July 15 if you don't relish the thought of somebody taking control of your handle and doing heaven knows what with whatever email gets sent to it

Guidance Software Recognized as a Leader for E-Discovery Software (Sarbanes-Oxley Compliance Journal) Guidance Software, Inc. (NASDAQ: GUID), the World Leader in Digital Investigations™, has been named a "leader" in Gartner Inc.'s Magic Quadrant for e-discovery software, in its third annual industry report. Guidance Software's EnCase® eDiscovery has been placed in the leaders' quadrant every year since the report's inception

Technologies, Techniques, and Standards

Streamlining Coalition Mission Network Participation (SIGNAL Magazine) NATO and eight coalition nations participating in the Coalition Warrior Interoperability eXploration, eXperimentation and eXamination, eXercise (CWIX) are working to reduce the amount of time it takes to join coalition networks in the future

Vulnerability Disclosure – Open or Private? (TrendLabs Security Intelligence Blog) At the end of May, two Google security engineers announced Mountain View's new policy regarding zero-day bugs and disclosure. They strongly suggested that information about zero-day exploits currently in the wild should be released no more than seven days after the vendor has been notified. Ideally, the notification or patch should come from the vendor, but they also indicated that researchers should release the details themselves if the vendor was not forthcoming

Wall Street sets example for testing security defenses (CSO) Quantum Dawn 2 will test institutions' playbooks while also finding more efficient ways to share real-time information

Cloud data security: Share the responsibility, minimize the risks (TechTarget) "It's not a situation where you're absolved of the responsibility," said Jim Reavis, executive director of the Cloud Security Alliance, an organization that promotes best practices and training to improve cloud data security. "There's a fair amount of

How to Block the NSA From Your Friends List (Slate) After recent revelations of NSA spying, it's difficult to trust large Internet corporations like Facebook to host our online social networks. Facebook is one of nine companies tied to PRISM––perhaps the largest government surveillance effort in world history. Even before this story broke, many social media addicts had lost trust in the company. Maybe now they'll finally start thinking seriously about leaving the social network giant

Most Data Breaches Caused by Human Error, System Glitches (CIO) Companies can significantly decrease the cost of data breaches by teaching employees not to cut corners and by adopting a strong security posture and an incident response plan

Big Data causes big problems for security (Infosecurity Magazine) For enterprises, the ability to detect data breaches within minutes is critical in preventing data loss, yet only 35% of firms stated they have the ability to do this. The culprit? An ever-escalating array of data sources stemming from virtualization, anywhere, anytime work habits and an explosion of end-user devices and applications. In short, organizations around the world are finding themselves unable to harness the power of Big Data for security purposes

Healthcare attorney: 'Secure the human' to keep patient data safe (FierceHealthIT) For healthcare providers looking to ensure the security of electronic patient information, it's just as important to solidify employee knowledge as it is to encrypt data and implement improved IT solutions, said Lee Kim, an attorney with Pittsburgh-based firm Tucker Arensberg who also serves as chair of the mHIMSS Legal/Policy Taskforce

Design and Innovation

Graphical Tools Help Security Experts Track Cyber-Attacks in Real Time (eweek) Cyber-sleuths use tools that appear to have come straight out of a science fiction movie in their quest to detect attacks in time to raise defensive shields. The image on the screen shows a cyber-attack in progress, but it doesn't look like the rows of reports that you usually expect to see as event data flows from intrusion prevention systems, next-generation firewalls and security reporting systems

Spotting The Right Time To Innovate (InformationWeek) Everyone likes to talk about changing the game, but how do you actually see and shift the field? With every passing year, competitive intensity across industries seems to increase. The long-term impact of digitization, globalization and all other forms of connectivity in our hyper-networked world has shortened the half-life of innovations. Years ago, smart innovation plays could provide differentiation and lasting competitive advantage for a decade or more. Today, when we look at examples like the Flip camera, which went from dazzling to defunct in less than five years, or Blockbuster, which went from a market capitalization of $5 billion to roughly $300 million in less than a decade -- we're living in a fundamentally more dynamic (and deadly) era

Research and Development

Best Supercomputers Still Not Best for Big Data (IEEE Spectrum) China's new top-ranked supercomputer is at the top of the heap for some needs, but not for the kind of data sifting the NSA and Amazon.com do

GE wants to use artificial intelligence to predict the future of hospitals (Gigaom) GE Healthcare is pushing a system called Corvix for doing agent-based simulations on complex problems. In India, the technology simulated a population of 80 million people in order to determine the best places to build medical facilities

Scientists working to develop most powerful cyber security (Business Standard) Hackers at present are able to intercept communications without the sender or recipient knowing, Morello added. But quantum cryptography will be able to prevent access by detecting hackers and destroying or altering messages as hackers try to obtain them

Quantum Cryptography Promises Un-Hackable Industrial Communications (POWER magazine) What if you could send a control message between two points on the electricity grid—say between a control room operator and a turbine or between a system operator and a generating plant—and know that there's no way that message can be intercepted

Legislation, Policy, and Regulation

Texas becomes first state to require warrant for e-mail snooping (Ars Technica) Gov. Rick Perry signed HB 2268 on June 14, and it takes effect immediately

Still More Noise Than Signal, As US Spies Promise More Transparency (TIME) General Keith Alexander, commander of the U.S. Cyber Command, director of the National Security Agency (NSA) and chief of the Central Security Service (CSS), arrives at the Senate Appropriations Committee hearing on Capitol Hill in Washington June 1

National Security Agency to reveal details of foiled plots (The Australian) The National Security Agency plans to reveal details about terror plots it says were thwarted by surveillance, part of an effort to assuage concern about is secret online snooping. In a rare move, the NSA wants to declassify what its director says were

Does the NSA Really Need "Direct Access"? (IEEE Spectrum) We're now well into the second stage of the controversy surrounding the allegations that the NSA is conducting large-scale surveillance of U.S. citizens. Whistleblower/leaker/traitor (the exact term varying according to individual opinion.) Edward Snowden is being scrutinized, as are the articles written by Glenn Greenwald for The Guardian newspaper

In Electronic Snooping, Level Of Oversight Is Key (Washington Post) Americans are learning what electronics whizzes and hackers have known all along--that computers and smartphones, which make our lives more productive and entertaining, have at the same time ended privacy as most of us have understood it

Put The Spies Back Under One Roof (New York Times) Congress must act now to re-establish a government-run intelligence service operating with proper oversight. The first step is to appoint an independent review board with no contractors on it to decide where the line for government work should be drawn. The best response to the Snowden affair is to reduce the size of our private intelligence army and make contract spying a thing of the past. Our democracy depends on it

Opinion: Obama, NSA deserve thanks (The Hill) We should congratulate President Obama and his National Security Agency director, Gen. Keith Alexander, for defending the NSA and the other intelligence agencies that have been working to protect us from another major terrorist attack

Obama Defends Broad Surveillance (Washington Post) President Obama defended his administrations right to engage in extensive surveillance of U.S. communications in an interview with PBS host Charlie Rose, saying the programs had disrupted multiple terrorist plots and had adequate checks and balances

In First NSA Interview, Obama Can't Confirm If Courts Ever Rejected Spying Requests (TechCrunch) President Obama finally took a sit-down interview on the National Security Agency scandal and we've pasted a partial transcript below. Disappointingly, most of it is (very) generic and defensive. But, there is one important takeaway: President Obama couldn't answer whether oversight courts (FISA) have ever rejected a single NSA spying request. PBS's Charlie Rose asked, pointedly

Secret U.S. cyber actions exposed by Snowden leaks demand much larger debate (SC Magazine) In April 2009, Gen. Keith Alexander, director of the National Security Agency, took the stage at the annual RSA Conference in San Francisco for a keynote address. He told the crowd of thousands: "The NSA does not want to run cyber security for the government"

Snowden claims online Obama expanded 'abusive' security programs (CNN) A series of blog posts on Monday purportedly by Edward Snowden said he leaked classified details about U.S. surveillance programs because President Barack Obama worsened "abusive" practices instead of curtailing them as he

Spying on Foreigners is A Big Deal (Slate) As Edward Snowden has had more opportunity to talk, it's clear that one thing that bothers him about U.S. intelligence conduct is that something perfectly legal is happening—large-scale snooping on foreigners. And many Americans are going to shrug at that. The constitution is here to protect our rights, and spying on foreigners is exactly what the NSA is supposed to be doing

Apple, Facebook, Microsoft Detail Surveillance Requests (InformationWeek) Newly published information details the total number of government surveillance requests received; Google abstains, citing "a step back for users." Apple, Facebook and Microsoft, under fire from customers domestic and foreign, have received permission from the Department of Justice and FBI to detail the number of requests they've received for customer data from the U.S. government

Worried About PRISM? It's Just the Tip of the Surveillance Iceberg (Slate) The revelations of the highly classified National Security Agency program that takes records from Internet companies has received lots of attention recently. But it's really a small part of "a much more expansive and intrusive eavesdropping effort," notes the Associated Press. Those concerned that the U.S. government may be reading their emails should be more worried about a parallel NSA program that takes data straight from "the fiber optic cables that make up the Internet's backbone." But the existence of that program has been known for years

U.S. surveillance architecture includes collection of revealing Internet, phone metadata (Washington Post) On March 12, 2004, acting attorney general James B. Comey and the Justice Department's top leadership reached the brink of resignation over electronic surveillance orders that they believed to be illegal

Watching the NSA Watchers (National Review) Congress may not be capable of keeping a check on our Byzantine bureaucracy. On Sunday, former vice president Dick Cheney addressed the dilemma many conservatives face in assessing the revelations about the National Security Agency's data collection. On the one hand, they are suspicious of the federal government. On the other, they often mute such concerns when it comes to anything touching on national security

Cyber Warfare: What Are the Rules? (Huffington Post) Cyber warfare occurs when one country perpetrates a cyber attack against another country that would to the reasonable person constitute a state act of war. This is the time to encourage dialog to explore and define what constitutes a cyber attack and

China Understands 'Blunt' Message on Hacking: Obama (AFP) US President Barack Obama said that China has understood his "very blunt" message that cyber-hacking against the United States will lead to a deterioration of relations between the two powers

The German Prism: Berlin Wants to Spy Too (Spiegel) All of these motives probably play a role. The truth is that the Germans would love to be able to engage in more online espionage. Until now, the only thing missing has been the means to do so. Consequently, an outraged reaction from Berlin would have seemed fairly hypocritical

Canadian privacy commissioner proposes legal overhaul (SC Magazine) Canadian Privacy Commissioner Jennifer Stoddart has called for fundamental reforms to Canada's privacy law that would make companies more accountable for privacy violations

US, Russia create communications link on cyber security (The Australian Financial Review) The pact also establishes a formal channel through which the US Computer Emergency Readiness Team, run by the Department of Homeland Security, can exchange technical information with its Russian counterpart. Any shared data would be stripped of

DHS hopes get same cyber-spying powers as NSA (Daily Caller) Domestic spying capabilities used by the National Security Agency to collect massive amounts of data on American citizens could soon be available to the Department of Homeland Security — a bureaucracy with the power to arrest citizens that is not

Facts not enough for DHS to fight conspiracy theories (FierceHomelandSecurity) The Homeland Security Department needs to debunk falsehoods and conspiracy theories about it more aggressively, said Doug Pinkham, president of the Public Affairs Council, at a House hearing June 14

US Energy Department creates cybersecurity council (Infosecurity Magazine) The US Department of Energy is tackling cybersecurity for its various branches, including the National Nuclear Security Administration (NNSA), with a new cybersecurity council tasked with formulating best practices in the security arena

House approves FITARA version as part of national defense bill (Fierce Government IT) The House approved as an amendment to the fiscal 2014 national defense authorization act a version of the Federal Information Technology Acquisition Reform Act lacking earlier language regarding open source software

NPPD should do more to encourage FISMA compliance, evolve CyberScope, says OIG (Fierce Homeland Security) When the Homeland Security Department was designated in July 2010 as the lead agency to protect federal agencies' information systems and networks, the National Protection and Programs Directorate took on additional responsibilities. But a June 5 DHS Office of Inspector General report finds NPPD's Office of Cybersecurity and Communications has not fully met its obligations to improve the security posture of the dot-gov domain

FDA tells medical device makers and hospitals to strengthen security (Naked Security) The FDA hasn't seen patient deaths or injuries, but it has seen malware clogging up hospital equipment, passwords passed around like candy, and disregard for updating/patching old equipment

Litigation, Investigation, and Law Enforcement

Spygate Leaks Imperil State-Secrets Defense (Wired) First it was the President George W. Bush administration and then the President Barack Obama administration, which for years have been arguing in court that the state secrets privilege shields the government from lawsuits accusing it of siphoning Americans' electronic

As Snowden Chats His Credibility Wanes (Bloomberg.com) The real question is how the U.S. defense establishment went from employing Dr. Strangelove to hiring this pupil of Dr. Pangloss

Snowden Says He Can't Get A Fair U.S. Trial (Washington Post) Edward Snowden, who acknowledged leaking top-secret documents about extensive U.S. surveillance of telephone calls and Internet communications, claimed in an unusual live Web chat Monday that he sees no possibility of a fair trial in the United States and suggested that he would try to elude authorities as long as possible

Snowden Says Leaks Didn't Disclose U.S. Military Targets (Bloomberg) Edward Snowden, the former National Security Agency contractor who leaked classified documents about government surveillance programs, said he didn't reveal any U.S. operations "against legitimate military targets." I pointed out where the NSA has hacked civilian infrastructure such as universities, hospitals, and private businesses because it is dangerous," Snowden said during an Internet question-and-answer session today on the website of U.K.'s Guardian newspaper

Who Is Edward Snowden? Background on NSA Leaker Emerges (Viral Read) He was a teenage aficionado of role-playing video games and Japanese anime cartoons who dropped out of high school and turned his avid interest in computer technology into a career that paid him more than $100,000 a year before he turned 30, living every nerd's dream with a beautiful girlfriend and a job in the tropical paradise of Hawaii

WikiLeaks Trial Focuses Army Email List (Yahoo) A huge database of troop names and email addresses an Army private allegedly downloaded to a personal computer could be used by foreign adversaries to launch cyberattacks on service members, a government witness said Monday as the trial of Pfc. Bradley Manning entered its third week

WikiLeaks Breach Included Secret Details On Guantanamo Prisoners: Official (Reuters) The soldier accused of the largest release of classified data in U.S. history provided WikiLeaks with secret details of prisoners held at Guantanamo Bay, threatening "serious" damage to national security, the prison's former commander testified on Monday

Drug Traffickers Hacked Shipping Systems to Track Large Drug Shipments (SecurityWeek) Belgian and Dutch authorities investigating computer hacking attacks on shipping companies in the port city of Antwerp have uncovered a massive drug smuggling ring, police said Monday

Chase, Citigroup among banks reportedly hacked in $15-million heist (Los Angeles Times) Hackers allegedly targeted 15 financial institutions, including JPMorgan Chase & Co., Citigroup Inc. and E-Trade, as part of a nearly two-year-long scheme to hack into customer accounts online to steal at least $15 million, U.S. authorities announced this week

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

25th Annual FIRST Conference (Bangkok, Thailand, Jun 16 - 21, 2013) The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community.

Hack in Paris (Paris, France, Jun 17 - 21, 2013) This five day event will examine forensics, malware analysis, and corporate hacking techniques, and what could be better, it is held at the Euro Disney conference center outside of Paris. It has attracted a stellar lineup of speakers and promises to be a very technical event with heavy emphasis on training. This is its second year.

2013 ICAM Information Day and Expo (Washington, DC, USA, Jun 18, 2013) This day provides a forum for the Identity, Credential and Access Management (ICAM) community to get first-hand information on current identity management and related technologies.

Buzzword Forensics: Mobile is the Future…and the Future is Now (Laurel, Maryland, Sioux Falls, Jun 18, 2013) Digital forensics is evolving, as all forensic sciences must evolve. With the explosive growth of the Internet as context, the discipline of digital forensics has evolved significantly since the last millennium. In today's talk we briefly explore this evolution from the Paleolithic last millennium to our present, and increasingly mobile ecosphere. Mobile device forensics has something old and something new. Open source and commercial tools have had spotty records over the years with respect to mobile device forensics. We will explore some of the similarities and look explicitly at some of the major differences between classic computer forensics and mobile device forensics, using demos of Android forensics as an exemplar. Al Holt, adjunct professor at Towson University, will be the presenter.

NASA National Capital Region Industry Days (Washington, DC, USA, Jun 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in the marketplace.

AFCEA International Cyber Symposium 2013 (Baltimore, Maryland, USA, Jun 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The AFCEA International Cyber Symposium 2013 focuses on the critical missions of U.S. Cyber Command and the interface with Army Cyber Command, Marine Corps Forces Cyber Command, 10th U.S. Fleet Cyber Command, 24th Air Force Cyber, Department of Homeland Security, U.S. Coast Guard, DoD-CIO, National Security Agency (NSA), Defense Information Systems Agency (DISA), Defense Advanced Research Projects Agency (DARPA), Academia, Industry partners. The operational theme " Defining Full Spectrum Global Cyberspace Operations" will explore the operational security of DoD and Industry Networks, Cyber Operations with Joint and Coalition partners, and discuss the training and development of the cyber workforce.

ShakaCon (Honolulu, Hawaii, USA, Jun 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better than "sun, surf, and C Shells?" There are intensive training classes on hacking mobile apps and even lock picking (the set of tools is included in the class registration).

Northern Virginia Technology Council: Security Threats: What Keeps You Awake at Night? (McLean, Virginia, USA, Jun 27, 2013) It's no secret that cybersecurity events are increasing in frequency and intensity. Many of these events are severe and pose significant risk to us as individuals, to our businesses, as well as our economy and national security. We've seen many reports in the press recently of well-funded nation states attempting to pilfer our networks in search of intellectual property. Every day bad guys are trying to gain access to our credit card information and other forms of personal information to steal our money and identities while others brazenly attempt to take over our data and systems and hold them for ransom. How is this happening? What can we do to protect ourselves? This conference addresses these issues.

American Technology Awards Technology and Government Dinner (Washington, DC, USA, Jun 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology networking event bringing hundreds of tech industry, congressional, and government leaders together at one venue to celebrate the partnership between industry and government.