The CyberWire Daily Briefing for 6.24.2013

Cyber Attacks, Threats, and Vulnerabilities

LulzSec Cyberattacks Force Officials To Shut Down Presidential Website (Cyberwarzone) Hacker attacks forced Brazil to shut down its presidential website and other government sites temporarily on Thursday, one day after cyber attacks briefly disabled other government sites

UAE on high alert for oil-protest hackers (Cyberwarzone) A cyber attack launched against the oil industry has not affected UAE companies, but security experts remain on high alert

UAE unscathed by coordinated cyber attack against oil companies (The National) Richard Sheng, senior director of enterprise security at Trend Micro Asia Pacific, said the IT threat landscape was evolving. "Cyber attacks are now targeted, customised and persistent," he said. "While hacktivists makes announcements of their attack

Cyber attacks a grave threat to Turkish institutions (www.worldbulletin.net) A good number of public institutions came under Cyber attack during the protests, which started in the end of May. Although most of the Cyber attacks were rendered ineffective, the web pages of the Ministry of the Interior, ?stanbul's Police Department

Cyber attack fails to hack Iranian Oil Ministry (Trend.az) The ministry's network as well as NIOC and some other affiliated websites are reportedly down due to the cyber attack. Various Iranian industrial, nuclear and government bodies have recently come under growing cyber attacks, widely believed to be

AnonGhost sets #opBURMA for august 15th 2013 (Cyberwarzone) AnonGhost known from the #opUSA, #opIsrael and #opPetrol operations are now setting their minds towards a new operation called #opBURMA

Hackers Poised for Biggest Attack on N.Korean Websites (The Chosun Ilbo) International hackers' collective Anonymous are poised for a massive cyber attack on North Korea to mark the 60th anniversary of the outbreak of the Korean War. The "hacktivists" threatened

South Korean Banking Clients Diverted onto Phishing Website via New Trojan; Trend Micro (Spamfighter) Trend Micro the security company says that its researchers have stumbled upon one malware strain which diverts Internauts accessing many banks in South Korea for transactions onto certain phishing site, which dupes visitors into divulging their financial as well as other personal information

Targeted Attack in Taiwan Uses Infamous Gh0st RAT (TrendLabs Security Intelligence Blog) From the arrest of one of the head members of the ransomware gang to the successful Rove Digital takedown, coordination between law enforcement agencies and security groups has time and again yielded positive results. This time, the Taiwan Criminal Investigation Bureau (CIB), in cooperation with Trend Micro, resolved a targeted attack involving the notorious Ghost RAT family. One person was arrested by the CIB

Facebook issues data breach notification — may have leaked your email and phone number (Naked Security) Facebook just published a data breach notification on its security blog. You might not immediately notice that from the title of the article, but the social networking giant is, indeed, reporting a data leakage problem

Firm: Facebook—s shadow profiles are —frightening— dossiers on everyone (ZDNet) The security researchers who found Facebook's 'shadow profiles' bug have rung the alarm that Facebook is compiling "frightening" dossiers on everyone possible. Facebook's shadow profile data collection activities came to light Friday when the social network disclosed a bug fix. The security researchers who found the vulnerability, Packet Storm Security, say Facebook is compiling "frightening" dossiers on everyone possible, including people without Facebook accounts

Facebook: Where Your Friends Are Your Worst Enemies (Packet Storm Security) Packet Storm has spent 15 years shedding light on dark subject matter. We strongly believe that it is in the interest of the public to give them the facts and let them know the details. The debate over privacy and the extensive overreach by government entities is currently a hot topic in the media and today's announcement will not make anyone feel any better about the situation. However, it does set the stage for a much larger discussion that must be had on a national and global scale

Anger mounts after Facebook's 'shadow profiles' leak in bug (ZDNet) Friday Facebook announced the fix of a bug it said inadvertently exposed the private information of over six million users when Facebook's previously

NSA targeted China's Tsinghua University in extensive hacking attacks, says Snowden (Cyberwarzone) Tsinghua University, widely regarded as the mainland's top education and research institute, was the target of extensive hacking by US spies this year

PRISM vs Tor (Cyberwarzone) By now, just about everybody has heard about the PRISM surveillance program, and many are beginning to speculate on its impact on Tor

Want NSA Attention? Use Encrypted Communications (InformationWeek) Bad news has emerged for fans of PGP and other encryption services. The NSA is taking a gloves-off approach when you go this route

LinkedIn outage was due to DNS records misconfiguration (Help Net Security) The mystery of the LinkedIn outage has been revealed: Network Solutions, its DNS provider, has been battered by a DDoS attack and while defending itself, misconfigured the DNS records of some of its

Password problems plague plethora of med devices (FierceHealthIT) Roughly 300 medical devices from 40 vendors were found to have password vulnerability problems, according to an alert recently issued by the Department of Homeland Security

New frontier for cybersecurity (Sky News Australia) This finding prompted a warning from the Department of Homeland Security's Cyber Emergency Response Team for industrial systems, which said security should be stepped up for surgical devices, ventilators, drug infusion pumps and other equipment

Dirt Jumper DDoS Variant Drive 'Much More Powerful' Than Predecessors (Threatpost) A variant of the Dirt Jumper DDoS engine called Drive has been detected. Drive includes new capabilities and has already targeted a number popular destinations on the Internet

Adobe Flash spoof leads to infectious audio ads (Webroot Threat Blog) We've seen quite a few audio ads infecting users recently. We think it's a good idea to go over an in-depth look at how they infect your computer and how to remediation them

Android ransomware marks profitable new era for cybercriminals (CSO) Such ransomware has been used against PCs for years, but is unique on mobile devices, Symantec says

New malware poses as Amazon order confirmation for 55-inch TV (GMA News) Security vendor Bitdefender said the new spam campaign targets customers of online retailer Amazon.com, directing them to a malware-infested webpage. "The fake notifications, which appear to confirm the order of 55-inch TVs associated with brands

Google Docs Abused to Protect Malicious Traffic (SecurityWeek) Researchers at FireEye have spotted a malware campaign using Google Docs to redirect victims and evade callback detection mechanisms. Connecting the malicious server via Google Docs, offers the malicious communication the protection provided by the legitimate SSL offered by Google, explained FireEye researcher Chong Rong Hwa

Cyber Trends

Exploring Iran's Hidden Internet (Cyberwarzone) With the first public Internet services available through dial-up in 1995, Iranians had around six years of unfettered, albeit slow, access before governmental regulations began to impose limitations on the availability of content

The Hidden Internet of Iran: Private Address Allocations on a National Network (Cornell University Library) While funding agencies have provided substantial support for the developers and vendors of services that facilitate the unfettered flow of information through the Internet, little consolidated knowledge exists on the basic communications network infrastructure of the Islamic Republic of Iran. In the absence open access and public data, rumors and fear have reigned supreme. During provisional research on the country's censorship regime, we found initial indicators that telecommunications entities in Iran allowed private addresses to route domestically, whether intentionally or unintentionally, creating a hidden network only reachable within the country. Moreover, records such as DNS entries lend evidence of a 'dual stack' approach, wherein servers are assigned a domestic IP addresses, in addition to a global one. Despite the clear political implications of the claim we put forward, particularly in light of rampant speculation regarding the mandate of Article 46 of the 'Fifth Five Year Development Plan' to establish a "national information network," we refrain from hypothesizing the purpose of this structure. In order to solicit critical feedback for future research, we outline our initial findings and attempt to demonstrate that the matter under contention is a nation-wide phenomenom that warrants broader attention

Ex UK intelligence chief : Hacking threat to the UAE, neighbours is real (Cyberwarzone) A former military intelligence supremo from Britain has warned firms in the UAE and its neighbours to be alive to the threat posed to their business by cyber criminals

Regional cyber security imperative in the Middle East (CSO) One of the most common means of cyber attack "Distributed Denial of Service (DDoS)" undermined the entire nation. Why this example? Imagine what attacks like these can look like on a regional level with every second country in the region being attacked

10000 users face phishing attacks daily in India: Kaspersky (Economic Times) About 10,000 Internet users in India face phishing attacks from cyber criminals daily, says a report by security solutions provider Kaspersky. Phishing is a form of Internet fraud in which criminals create a fake copy of a popular site (an

Too many CSOs ignore the reality of today's threats (CSO) Too many CSOs ignore the reality of today's threats. George Viegas argues that recent research, like Mandiant's APT1 report, finds too many security managers suffer from "ain't gonna happen to me" syndrome and fail to protect their business because of it

Report on crime against businesses ignores cybercrime (Help Net Security) A new Home Office report finds that the number of crimes committed against wholesale and retail business premises has fallen significantly over the last ten years - from around 21.5m in 2002 to seven

Phishing attacks impacted 37.3 million users last year (Help Net Security) 37.3 million users around the world were subjected to phishing attacks in the last year, which is a massive 87 percent increase for the number of targeted user in 2011-2012. According to the result

Report: Significant gap between IT staff and executives' understanding of security (Infosecurity Magazine) Gaps in understanding between IT staff and executives when it comes to cybersecurity is tracking to the rate at which advanced and zero-day attacks against businesses are growing, according to a Ponemon Institute survey of UK businesses underwritten by FireEye

Marketplace

Contractors doing secret work for NSA donate big to politicians (allvoices) The six largest contractors doing secret work for the National Security Agency (NSA) have given more than $16 million to lawmakers since 2007, according to Maplight, a firm that keeps track of political donations. The largest donor was Lockheed Martin

Cyber Careers (Army Times) Army Chief of Staff Gen. Ray Odierno has approved a new cyber school for soldiers to consolidate training of the Armys growing cyber force in one location at Fort Gordon, Ga., the first step in what could be a significant reorganization of soldiers with connections to cyberspace operations

General Dynamics selected to offer services in UK's G-Cloud iii framework (Computer Business Review) The cloud services provided will include system lifecycle services like the next-generation development and integration of Microsoft Dynamics CRM, email-as-a-service, cyber security and learning services. General Dynamics Information Technology UK

NSA contractor Booz Allen admits fault with hiring practices (VR-Zone) Booz Allen Hamilton is responsible for staffing many areas of the NSA's intelligence gathering network and of course information analysts, which included the likes of Edward Snowden. The type of information these employees can evaluate helps to bring

The Most Profitable Spy Organization in the World (Daily Press) Booz Allen Hamilton (NYSE:BAH) is today the most profitable company specialized in national intelligence, reporting revenues in March 2013 of $7 billion and a net profit of $219 million. Booz Allen Hamilton Holding Corporation (the complete name of the

Skype's Project Chess worked on letting U.S. agencies in (Help Net Security) A lot has been said, written and claimed about Skype and the possibility that the U.S. government, intelligence, and law enforcement agencies have been given access to the communication of its users

Malwarebytes acquires ZeroVulnerabilityLabs (Help Net Security) Malwarebytes, a provider of anti-malware software, announced the acquisition of ZeroVulnerabilityLabs, a vulnerability, exploit and security research and development firm whose technology proactively

Finding A Niche In Surveillance (Washington Post) New disclosures about the National Security Agency's surveillance efforts have given a boost to at least one Washington area company seeking to thwart prying eyes. Silent Circle, a National Harbor-based start-up that encrypts phone calls and texts so that users don't leave a trail, saw a jolt in business after news reports of the NSA's initiative

6 Cloud, Big Data Startups To Watch (InformationWeek) Check out what the Structure 2013 LaunchPad winners can do with cloud, big data problems

Microsoft pumps $678M in massive Iowa data center (Venture Beat) Microsoft is reportedly investing $678 million to expand its data center in West De Moines, Iowa

Products, Services, and Solutions

Former McAfee CTO Strikes Back with Crowdstrike (eSecurity Planet) Crowdstrike launches active defense platform. George Kurtz literally wrote the book on hacking. The seminal Hacking Exposed series that Kurtz co-authored started back in 1999 and is now in its seventh edition. Over that time period, Kurtz started

Four ad tech companies roll out privacy technology to protect consumers (FierceCMO) As concern over privacy issues grows, B2B marketers are looking for a solution to help address their customer's fears. Four companies, PubMatic, AdTruth, MediaMath and Truste, launched technology that may assist B2B marketers in tackling those concerns

Firefox moves ahead with plans to block third-party cookies (FierceCMO) Despite vociferous objections from the advertising community, Mozilla announced it is moving ahead with plans to block third-party cookies by default in its Firefox browser

Netgear releases the ProSafe WN203 Wireless AP (Help Net Security) Netgear has shipped its ProSAFE Single-Band Wireless-N Access Point (WN203) to satisfy demand from small and medium-sized businesses to improve the performance and security of their wireless networks

Barracuda Web Filter models with 10 GbE interfaces (Help Net Security) Barracuda Networks announced new high-performance 10 GbE interfaces for its Web Filter 1010 and 1011 models. The new models feature increased performance and capacity to offer comprehensive web content

Tabernus Certified by NATO Information Assurance (SBWire) NATO approved products are sold into the Military and Government via the NATO Information Assurance Product catalogue (NIAPC). NATO Certified products are also used by end users in the commercial sector as an independent verification of a products

Trustwave Launches SIEM Software for Enterprises (Softpedia) IT security solutions provider Trustwave has announced the availability of ... to help organizations protect themselves against various cyber threats

Hail Open Source Authentication! The Password Is 'dead' — Long Live The Pin! (Sacramento Bee) CertiVox, a leading provider of web 2.0 security services, today announced the launch of the M-Pin™ Strong Authentication System, the first open source, multi-factor authentication system based on proven elliptic curve cryptography, for web, cloud and mobile applications which will reduce authentication costs by up to 93% and banish username and passwords forever. The M-Pin System achieves this by turning any HTML5 browser into a strong authentication client that authenticates to the open-source M-Pin Server, which only stores one leak-proof cryptographic key, replacing the username / password database

Technologies, Techniques, and Standards

10 Most Common Security Vulnerabilities In Enterprise Databases (Dark Reading) Databases are among the most vulnerable systems in the enterprise. Here's where they are weak, and what you can do about it

Keeping Your Data Private Denies You Access to the Latest Tech (Wired) There are ways to encrypt all your emails, documents, photos and other sensitive data. But they'll lock you out from the increasingly social, distributed, and proscriptive future of computing. The only real computer privacy these days is the one everyone

How to run your own NSA spy program (IT World) The U.S. government takes a big data approach to intelligence gathering. And so can you! Everybody's talking about PRISM, the U.S. government's electronic surveillance program. We don't know all the details about PRISM (also called US-984XN). But we learned enough from a badly designed PowerPoint presentation leaked by NSA contractor Edward Snowden to feel outraged by its reach and audacity

Is SSH no more secure than telnet? (Internet Storm Center) In SSH's default (and most common) deployment: Yes. It is no more secure than telnet, but it can be better

Guide: How to find the darknet or deepweb (Cyberwarzone) The Darknet or Deepweb is a collection of un-indexed domains that are not being indexed by search engines. An estimation from 2011 reported that there is over 600 terabytes of data on the Darknet

Recommendations for securing Active Directory (Help Net Security) Active Directory plays a critical role in the IT infrastructure, and ensures the harmony and security of different network resources in a global, interconnected environment. Microsoft released a

5 Ways to Boost Your Company's Cybersecurity Strategy (Corporate Counsel) "The survey results tell us that many organizational leaders do not know or appreciate what they are up against... and have made little headway in developing strategies to defend against both internal and external cyber-adversaries," the report says

Cyber Security in the Internet of Things (blogs.hbr.org) What's more, as systems built by different OEMs interact, there is infighting among them as to what constitutes sensitive or competitive intelligence. Simultaneously, everyone must address the…What's more, government resources, with their own

BYOD: The why and the how (Help Net Security) Brad Keller and Robin Slade are Senior Vice Presidents at The Santa Fe Group. In this interview they talk in detail about the challenges involved in evaluating, deploying and maintaining BYOD

How to Protect Your Small Business From Cybercriminals (U.S. News & World Report) According to Symantec.com's 2013 Internet Security Threat Report, companies with one to 250 ... executive director of the National Cyber Security Alliance

Parenting with Pete: The right time to discuss internet safety (The Jersey Journal) Ironically, according to the National Cyber Security Alliance (NCSA), June is "National Internet Safety" month. With or without government monitoring

Protecting Your Devices from Cyber Criminals (TV News Check) This is according to a 2012 National Cyber Security Alliance/Symantec small business study. Bringing this issue closer to home, Goldstein reminds us that

Design and Innovation

If The Government Can Access Our Facebook Data, What Happens When We Have Computers On Our Faces? (TechCrunch) Is wearable computing the future or a trend whose bubble is about to burst? From fitness trackers to smartwatches to computers you wear on your face, this emerging market, enabled by the increasing miniaturization of hardware components and lightweight materials, has been exciting investors and early adopters alike

Research and Development

U.S. Army Welcomes Two New Draft Horses to Supercomputing Stable (SIGNAL Magazine) The U.S. Army Research Laboratory (ARL) at Aberdeen Proving Grounds, Maryland, has unveiled two new supercomputers that are among the fastest and most powerful devices of their kind

Smart Whistleblower platform Adleaks being designed by German researchers (Cyberwarzone) New Web-based technology might make leaking data easier and more secure in the future

Academia

Foundation Offers Scholarships to Turn Vets Into Cyberwarriors (Nextgov) The (ISC)2 Foundation and Booz Allen Hamilton on Thursday announced the launch of the U.S.A. Cyber Warrior Scholarship program, which will provide scholarships to veterans to obtain specialized certifications in the cybersecurity field

Legislation, Policy, and Regulation

Healey: NSA undermines U.S. cyberpower (FierceGovtIT) Pervasive National Security Agency surveillance of Internet content that involves foreigners suspected of terrorist ties undermines American cyber power, said Jason Healey, director of the Cyber Statecraft Initiative of the Atlantic Council

NSA can retain encrypted communications of Americans possibly indefinitely (InformationWeek) Leaked document details the procedures used by the NSA to limit data collection from US citizens

Who's vetting the vetters? (Daily News) As Edward Snowden is charged, a report identifies serious holes in the feds' security clearance process

Guardian newspaper: UK security agency has spy program; shares data with NSA (CNN) Britain's equivalent to the U.S. National Security Agency, the Government Communications Headquarters, has tapped into many of the world's key international fiber optic cables and is routinely downloading and analyzing vast quantities

Secret documents reveal broad extent of NSA domestic surveillance (Help Net Security) Two more top secret NSA documents that Edward Snowden shared with reporters of The Guardian have revealed that his claims about what the agency's analysts are authorized to do are true, and have shown

Five myths about the National Security Agency (Washington Post) When the National Security Agency was created through a top-secret memorandum signed by President Harry Truman in 1952, the agency was so secret that only a few members of Congress knew about it. While the NSA gradually became known over the

NSA's motherlode (The Week) How does NSA hack into emails? Now we know. The latest classified documents released by the Guardian and the Washington Post answer some of the bigger questions we've been asking about how the National Security Agency deals with content that belongs to what it calls a "U.S. person."

Obama studies more disclosure on surveillance programs (USA TODAY) The Obama administration has come under criticism after disclosures about National Security Agency programs that harvest phone numbers and Internet activity. In a series of public comments, Obama and aides have said the programs enable NSA analysts

Obama, civil liberties watchdog to meet on NSA surveillance programs (UPI) U.S. President Barack Obama will meet with "fierce civil libertarians" over concerns about government Internet and cellphone monitoring, the White House said. Members of the watchdog Privacy and Civil Liberties

America a new national security state (Shreveport Times) America has become a national security state driven by crisis and fear. Recent revelations that the National Security Agency has turned its vast spying capabilities onto Americans' communication -- their phone data, e-mail accounts and Facebook

National security checks and balances out of alignment (Post-Tribune) This was the impression given by members of the House intelligence committee as they held an open-to-the-public hearing Tuesday on the National Security Agency's snooping into Americans' phone and Internet records

Guest opinion: Notwithstanding the mission, NSA could use more oversight (The News-Press) First, the information assurance mission provides the solutions, products, and services, and conducts defensive information operations, to achieve information assurance for information infrastructures critical to U.S. national security interests

Going Courtless (Slate) The NSA searches its mass database of phone records without real judicial oversight. That's unacceptable

EU citizens' data must be protected against US surveillance (Help Net Security) The US PRISM internet surveillance case highlights the urgent need to pass legislation to protect EU citizens' personal data, most MEPs agreed in Wednesday's Civil Liberties Committee debate

Europeans Will Now Know When And What Data Gets Compromised In A Breach — Unless It Was Encrypted (TechCrunch) In the wake of the latest notice from a major internet company revealing that user data has been compromised — Facebook's admission of a security bug compromising data from 6 million users — the European Commission today is publishing new, Europe-wide rules that will require ISPs, carriers, broadband providers and others to report to both national regulators and to subscribers more specific

China fury at new snooping claims (Cyberwarzone) China yesterday attacked the United States as an espionage 'villain' after former spy Edward Snowden raised new allegations about the far-reaching extent of US cyber-snooping against Chinese targets

Snowden and the US-China cyber debate (Blouin News Blogs) A debate about the role insider firms like Booz Allen Hamilton and General Dynamics have in U.S. intelligence and defense arrangements might not hurt either. Yet while a deeper debate about domestic surveillance may benefit genuine internet freedom in

"Aaron's Law" Would Help Reform Our Awful Computer Crime Laws. Will Congress Pass It? (Slate) On Thursday, Rep. Zoe Lofgren brought a bill to the floor of the House of Representatives that would reform certain provisions of the Computer Fraud and Abuse Act, the controversial and outdated computer crime statute that I've criticized numerous times in this space. The bill is dubbed "Aaron's Law," after Aaron Swartz, the computer programmer and digital advocate who committed suicide in January. It addresses the sections of the CFAA that allowed prosecutors to threaten Swartz with charges that could have earned him decades in prison--charges that may have contributed to Swartz's decision to take his own life

U.S. legislators introduce Aaron's Law (Help Net Security) As the Internet's influence on global commerce, culture and information continues to tread new ground, there is a need to update and reform outdated laws that threaten its continued development

The U.S.-Russia Cybersecurity Pact: Just Paper (The Foundry) The U.S. and Russia announced the completion of a joint cybersecurity agreement, two years in the making, intended to promote international peace and security and improve cyber relations between the two countries. The agreement, however, amounts to little more than a piece of paper, as such policies will scarcely improve U.S. cybersecurity

India's digital battleground (Business Standard) Its job is to issue forecasts and alerts, coordinate responses to incidents of cyber-attack, and issue guidelines and advisories as required. CERT-In is also required to conduct regular cyber-security drills, within the country and bilaterally with

Defense spending bill includes $84M for Marine cyber center at Fort Meade (CapitalGazette.com) [T]he 148,000-square-foot center would house cyber operations for the Marine Corps, and be home base to 450 Marines working on cyber security. Fort Meade already is home to the National Security Agency and the U.S. Cyber Command

Air Force Cyber Command gains new commander to replace Vautrinot (San Antonio Business Journal) Air Force Cyber Command gains new commander to replace Vautrinot. James Aldridge: Web Editor- San Antonio Business Journal: Email | Twitter | Google+ | LinkedIn. Joint Base San Antonio - Lackland is welcoming a new commander to the 24th Air Force

New batch of Israeli graduates to foil cyber attacks (Kuwait News Agency) A new batch has graduated within the Israeli Army specially trained to foil any cyber-attack on Israeli institutions in the future, a military spokesman said on Sunday. The personnel are the third batch of a special force

Litigation, Investigation, and Law Enforcement

Edward Snowden missing after failing to fly to Cuba - live (The Guardian) Whereabouts of former NSA contractor whose leaks to Guardian have caused global controversy a mystery after he does not catch expected flight to Cuba

Snowden Saga Moves To Moscow (Washington Post) Edward Snowden, the former government contractor who leaked top-secret documents about U.S. surveillance programs, fled Hong Kong for Moscow on Sunday with the assistance of the anti-secrecy organization WikiLeaks and asked the government of Ecuador to grant him asylum

China Said To Have Made Call To Let Leaker Depart (New York Times) The Chinese government made the final decision to allow Edward J. Snowden, the former National Security Agency contractor, to leave Hong Kong on Sunday, a move that Beijing believed resolved a tough diplomatic problem even as it reaped a publicity windfall from Mr. Snowdens disclosures, according to people familiar with the situation

Russia Defiant As U.S. Raises Pressure Over Snowden (Reuters.com) Washington pressed Moscow on Monday to do all in its power to expel former U.S. spy agency contractor Edward Snowden before he gets the chance to take an expected flight to Cuba to evade prosecution in the United States for espionage

Offering Snowden Aid, WikiLeaks Gets Back In The Game (New York Times) WikiLeaks once again seized the global spotlight on Sunday by assisting Edward J. Snowden in his daring flight from Hong Kong, mounting a bold defense of the culture of national security disclosures that it has championed and that has bedeviled the United States and other governments

Hong Kong Government Issues statement on Edward Snowden (Cyberwarzone) Hong Kong Statement: The HKSAR Govt today (June 23) issued the following statement on Mr. Snowden

US charges Snowden with espionage (Washington Post) Federal prosecutors have filed a criminal complaint against Edward Snowden, the former National Security Agency contractor who leaked a trove of documents about top-secret surveillance programs, and the United States has asked Hong Kong to detain him

Edward Snowden: The cyber houdini (Cyberwarzone) Edward Snowden has succesfully distracted the media and the government. He was supposed to be in a plane heading towards Cuba - but he was not in the Cuba plane. Woot! now the United States have revoked his passport and have demanded that he is deported to the U.S. - but they have one problem. No one knows where he is at the moment

Snowden an eccentric, but hardly stood out at NSA (Los Angeles Times) Cedric Leighton, a retired Air Force intelligence officer who was the NSA's deputy director for training in 2009-10, said vetting procedures were stricter for analysts and those engaged in offensive cyber operations than for systems administrators like

Obama's 'insider threat' crackdown on leaks (MSNBC) A year and a half after Pfc. Bradley Manning was

Edward Snowden a —threat— to national security - Cheltenham MP (This is Gloucestershire) The newspaper says documents allege GCHQ has been tapping into internet and telephone cables, accessing personal information and sharing it with America's National Security Agency (NSA). The Lib Dem MP believes Mr Snowden has been "incredibly

The NSA Leaks Don—t Put Us At Risk (Chicago Tribune) If a person in government says the sun will come up tomorrow, it's sensible to believe that person -- but not until the first rays seep over the horizon. Skepticism is even more justified when the government has been caught hiding something from the public and needs to excuse the secrecy

In WikiLeaks Probe, Feds Used a Secret Search Warrant to Get Volunteer's Gmail (Wired) The Justice Department used a secret search warrant to obtain the entire contents of a Gmail account used by a former WikiLeaks volunteer in Iceland, according to court records released to the volunteer this week

Hacking Back is a Bad Idea after a Cyber Attack, DOJ Official Says (Main Justice) Hacking back is a bad idea, says the head of the Justice Department's cyber crime section. When a company's data systems are breached, the temptation is to dig back into the outside computer system where the company thinks the cyber attack originated

Former student gets 3 year in jail for hacking university network (Help Net Security) 29-year-old Joseph Camp, a former student of the University of Central Missouri, was sentenced to three years in federal prison without parole in federal court today for his role in a computer hacking

Video : Moroccan Anonymous-Hacker wanted by FBI arrested in Italy (Cyberwarzone) Without guns, without masks or bombs; all he needed is a computer and a keyboard to make up to $ 8 million out of bank hacking. Moroccan hacker known as "The Ghost" Rachid Ibn Al-Yamani, who was arrested in Rome, Italy was deported to the USA at the request of the Federal Bureau of Investigation (FBI) as reported by the Moroccan news outlet Hespress based on the Italian newspaper "La Republica" on Wednesday, May 29 2013

Bitcoin Foundation told to cease and desist (Infosecurity Magazine) The Bitcoin Foundation has received a cease and desist letter from the California Department of Financial Institutions, alleging that it may be engaged in money transmissions without the requisite state license

For a complete running list of events, please visit the Event Tracker.

Upcoming Events

International Common Criteria Conference (Orlando, Florida, USA, Sep 10 - 11, 2013) FBC invites you to participate in the International Common Criteria Conference (ICCC) taking place in Orlando, Florida. This is the first time since 2000 that the ICCC is taking place in the U.S. The ICCC has become the main marketing and meeting opportunity for all those involved in the specification, development, evaluation, and validation or certification of IT security.

NASA National Capital Region Industry Days (Washington, DC, USA, Jun 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in the marketplace.

AFCEA International Cyber Symposium 2013 (Baltimore, Maryland, USA, Jun 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The AFCEA International Cyber Symposium 2013 focuses on the critical missions of U.S. Cyber Command and the interface with Army Cyber Command, Marine Corps Forces Cyber Command, 10th U.S. Fleet Cyber Command, 24th Air Force Cyber, Department of Homeland Security, U.S. Coast Guard, DoD-CIO, National Security Agency (NSA), Defense Information Systems Agency (DISA), Defense Advanced Research Projects Agency (DARPA), Academia, Industry partners. The operational theme " Defining Full Spectrum Global Cyberspace Operations" will explore the operational security of DoD and Industry Networks, Cyber Operations with Joint and Coalition partners, and discuss the training and development of the cyber workforce.

ShakaCon (Honolulu, Hawaii, USA, Jun 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better than "sun, surf, and C Shells?" There are intensive training classes on hacking mobile apps and even lock picking (the set of tools is included in the class registration).

Northern Virginia Technology Council: Security Threats: What Keeps You Awake at Night? (McLean, Virginia, USA, Jun 27, 2013) It's no secret that cybersecurity events are increasing in frequency and intensity. Many of these events are severe and pose significant risk to us as individuals, to our businesses, as well as our economy and national security. We've seen many reports in the press recently of well-funded nation states attempting to pilfer our networks in search of intellectual property. Every day bad guys are trying to gain access to our credit card information and other forms of personal information to steal our money and identities while others brazenly attempt to take over our data and systems and hold them for ransom. How is this happening? What can we do to protect ourselves? This conference addresses these issues.

American Technology Awards Technology and Government Dinner (Washington, DC, USA, Jun 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology networking event bringing hundreds of tech industry, congressional, and government leaders together at one venue to celebrate the partnership between industry and government.

Digital Forensics and Incident Response Summit (Austin, Texas, USA, Jul 9 - 10, 2013) The 6th annual Forensics and Incident Response Summit will again be held in the live musical capital of the world, Austin, Texas. The Summit will focus on high quality and extremely relevant content as well as panel discussions in Digital Forensics and Incident Response. The 2013 theme is currently in development as the digital forensics and incident response community is constantly evolving and our content promises to be cutting-edge and relevant to ensure you will be able to utilize the ideas presented when you return to your organization.

London Summer 2013 (London, England, UK, Jul 9 - 16, 2013) SANS London Summer takes place at the London Marriott Hotel Kensington and gives security professionals the opportunity to take one of four of SANS most popular 6-day courses and the 2-day "Securing The Human" course.

3rd Cybersecurity Framework for Critical Infrastructure Workshop (San Diego, California, USA, Jul 10 - 12, 2013) NIST is inviting cybersecurity experts, industry and academia from across the nation to attend one of its regional workshops at UC San Diego to identify, refine and guide the many interrelated considerations, challenges and efforts needed to build this framework.

cybergamut Technical Tuesday: Remote Digital Forensics (Columbia, Maryland, USA, Jul 16, 2013) 'The remote control changed our lives. The remote control took over the timing of the world. Within three seconds, click, click, click. So can we do remote forensics?' Ken Zatyko of Assured Information Security will present results of a study into this question, including a look at related research and a trade study of the current state of the digital forensics industry. If you are interested in triage, validation, high speed networks, forward analysis, agents, and cloud computing this presentation is for you.

Mobility Solutions for the Federal Market (Falls Church, Virginia, USA, Jul 16, 2013) With the improvements in mobile technology, smart phones and tablets, DOD, DHS and Civilian agencies have an opportunity to improve their service delivery models and the programs that serve their constituents. In order to accomplish this, Agencies across all branches of government must understand how and where mobile technology can be leveraged, where it's already being successfully leveraged to improve service delivery, and identify the areas of improvement necessary within their agency or program to ensure today's workforce is leveraging mobile technology to help their agency accomplish their goals. Join us at this highly interactive July 16th Potomac Officers Club Mobility Summit where our speakers will be addressing strategic issues.

2013 World Comp (Las Vegas, Nevada, USA, Jul 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields of computer science, computer engineering, and applied computing.

Black Hat 2013 (Las Vegas, Nevada, USA, Jul 27 - Aug 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.

SECRYPT 2013 (Reykjavik, Iceland, Jul 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.