The CyberWire Daily Briefing for 6.25.2013
South Korea goes on cyber alert as hackers mark Korean War anniversary with attacks on government sites. Anonymous Africa continues to ride the governments of Zimbabwe and Swaziland. In the US, the city of Waterville, Maine, suffers as a target of opportunity for hacktivists pushing intervention in Syria.
Data breaches in Florida and Texas expose personal information of, respectively, aspiring teachers and Houston municipal employees.
The Independent claims to have a "suppressed" police report showing widespread criminal private-sector hacking of unusual scope and ferocity.
Facebook's "dossier" problems are analyzed. The social network also sees fresh exploitation of its Graph Search functionality to scrape openly posted phone numbers. Added to what Dumpmon researchers found freely available on Twitter, this amounts to dismal testimony to a general carelessness prevailing in social media.
Pushdo botnet variants show increasingly stealthy command-and-control communication. Carberp malware source code is now for sale on the black market for $50k.
China uses PRISM as a pretext to whack Cisco as a security risk. Cisco has been a target of retaliatory protectionism since the US expressed concerns about Huawei. Other US tech firms struggle from beneath PRISM-related odium.
Former DCI and NSA Director Hayden gives Russia Today an interesting overview of the entire PRISM affair.
The US Senate considers strengthening intelligence oversight. PRISM leaker/whistleblower Snowden (who told Chinese journalists he joined Booz Allen to expose US espionage) remains on the wing amid Sino-Russian-American squabbles over extradition. Fresh leaks are expected; the Australian government in particular shows signs of nervousness.
Notes.
Today's issue includes events affecting Australia, Canada, China, Ecuador, European Union, Iran, Democratic People's Republic of Korea, Republic of Korea, Russia, South Africa, Swaziland, Syria, Turkey, United Kingdom, United States, and and Zimbabwe..
Cyber Attacks, Threats, and Vulnerabilities
Cyber attack hits South Korea websites (BBC News) "The government can confirm a cyber attack by unidentified hackers that shut down several sites including the Blue House," the Science Ministry said in a statement, referring to the presidential office. The website for the office for Government Policy
South Korea Sounds Alert After Official Websites Hacked (SecurityWeek) South Korea issued a cyber attack alert Tuesday after hackers penetrated a number of official websites, including the presidential Blue House, on the anniversary of the outbreak of the Korean War
Technical Problems, Not Cyberattacks Caused Iranian Oil Network Outage (SecurityWeek) Over the weekend, an Iranian government agency boasted that they'd successfully blocked a cyberattack that had targeted the networks of the Oil Ministry and the National Iranian Oil Company (NIOC). After the proclamation was made early Saturday, the head of IT at the NIOC, Ahmad Tavallaei, posted to the Iranian Oil Ministry's website that a technical problem - not a cyberattack - was the cause of network problems, which eventually led to a temporary shutdown
Anonymous Africa Attacks Swaziland Government, Zimbabwe Ministry of Defence (Softpedia) Anonymous Africa continues its operation against governments they consider corrupt. The hacktivists' latest targets are the official portal of the government of the Kingdom of Swaziland and the website of Zimbabwe's Ministry of Defence
City of Waterville Police website hacked, server rooted by Group HP Hack (HackRead) Making his name in cyber world, NeT-DeViL from Group HP Hack has came up with another high profile hack. This time the official server of City of Waterville has been hacked and defaced yesterday against the role of UN, US, UK and Iran's role in Syrian crises. The sites were left with a deface page along with a message and a Youtube video, showing wounded Syrian children. The deface message was expressed in
EMI Music India Website Hacked & Defaced by Turk Hack Army (HackRead) On 14th June 2013, the xXM3HM3TXx hacker from Turk Hack Army had hacked and defaced the official website EMI Music India (www.emimusic.in), known as a giant of music industry in India and all over the world. The hacker left a deface page along with a message on the hacked EMI website and greetings to the whole crew, yet the reason for attacking the site was not mentioned anywhere
Data of 47K training to become Florida teachers exposed (SC Magazine) The sensitive information of several thousand individuals training to become Florida teachers was inadvertently made available online by a university that was handling the data
Payroll company error prompts security breach concern (Houston Chronicle) Technical issues encountered by the city of Houston's payroll contractor could have potentially exposed personal information for nearly 5,000 local government workers, including more than 1,000 in the Houston Police Department
The other hacking scandal: Suppressed report reveals that law firms, telecoms giants and insurance companies routinely hire criminals to steal rivals' information (The Independent) Some of Britain's most respected industries routinely employ criminals to hack, blag and steal personal information on business rivals and members of the public, according to a secret report leaked to The Independent
Media phone–hacking? Tip of the iceberg, says leaked police report (The Register) Thought the NotW was bad…check out the lawyers, insurers. A suppressed report from "Britain's FBI" has revealed that the rich, insurance companies, law firms and telecoms companies hired private investigators to run unlawful hacking and blagging campaigns of the type that brought down Rupert Murdoch's News of the World, according to The Independent
Bug Exposes Facebook Data Correlation, Privacy Issues (Threatpost) An information disclosure bug has drawn back the curtain on some of the data correlation Facebook does with users' contact details and opened the social network's policies up to criticism
Facebook 'dossier' find raises contact list privacy questions (CSO) Given the lack of privacy, people need to separate their personal contact lists from their business address book, one analyst noted
Hacker Scrapes Thousands Of Public Phone Numbers Using Facebook Graph Search (TechCrunch) A hacker has exploited Facebook's graph search to collect a database of thousands of phone numbers and Facebook users. Both parties agree that all the information was left public by users (even if the users themselves may still not realize it). But Facebook issued him a cease and desist after the hacker continued to scrape data and argued with Facebook that the availability of the information
The race for resources (Internet Storm Center) A week ago one of our readers, Cedric, submitted a PHP web shell he found on a compromised server. PHP web shells are a pretty common thing – once attackers identify a vulnerability that allows them to upload such a PHP file (which is usually a RFI, Remote File Inclusion, vulnerability), they install it to make further activities easier. PHP web shells have gone a long way and are today very powerful. The attacker can use a PHP web shell to navigate through directories, upload and download files and do much, much more
SIP-based API-supporting fake caller ID/SMS number supporting DIY Russian service spotted in the wild (Webroot Threat Blog) One of the most common myths regarding the emerging TDoS (Telephony Denial of Service) market segment, portrays a RBN (Russian Business Network) type of bulletproof infrastructure used to launch these attacks. The infrastructure's speculated resilience is supposed to be acting as a foundation for the increase of TDoS services and products. Fact or fiction? Keep reading
Scam Sites Now Selling Instagram Followers (TrendLabs Security Intelligence Blog) Another scam site is offering to increase a user's Instagram followers. Unlike previous attacks, however, these sites require payment – with the amount depending on the number of followers you prefer
Latest Pushdo Variants Challenge Antimalware Solution (TrendLabs Security Intelligence Blog) Command-and-control (C&C) server communication is essential for botnet creators to control zombie computers (or bots). To hide this from security researchers, they often use rootkits and other "tricks". However, hiding the network traffic - specifically from monitoring outside an infected computer - is not an easy task, but is something that the botnet creators have improved through the years
Carberp malware source code offered for sale with $50,000 price tag (CSO) Includes Chinese-made rootkit module
Taking a closer look at the Glazunov exploit kit (Naked Security) Following on from my recent articles on the Redkit exploit kit, I thought I would take a look at another exploit kit that is not that well known
Raspberry Pi bot tracks hacker posts to vacuum up passwords and more (Ars Technica) Dumpmon scours Twitter for sensitive data hiding in plain sight
Apple Phishing Scams on the Rise (Threatpost) Apple has one of the more gilded consumer brands and the company spends a lot of time and money to keep it that way. Consumers love Apple. Scammers and attackers do too, though, and security researchers in recent months have seen a major spike in the volume of phishing emails abusing Apple's brand, most of which are focused on stealing users' Apple IDs and payment information
Yahoo says unleashing people's old accounts will be fine, just fine (Naked Security) It will be OK, the company says. We're not giving away your content or personal details, and we're sending bouncebacks for a month. Has that convinced critics? Unlikely
Top five data breaches in 2013…so far (SC Magazine) Midway through 2013 we've sorted through the endless breaches that have already taken place, and have decided on what we believe are the top incidents in 2013 thus far. Don't forget to check out our "breaches" section for more information on the topic
Cyber Trends
Cybercrooks target SMBs with new types of attacks (CSO) He added that Symantec has partnered with the National Cyber Security Alliance because "of the worry that there's just not enough awareness
Australian boards urged to wake up to cyber threat (The Australian Financial Review) Data breaches cost Australian companies an average of $2.72 million during 2012, according to research firm Ponemon. Photo: Reuters Company boards and
Nearly 200,000 new malware samples appear daily (Help Net Security) Most companies greatly underestimate the number of new malicious programs appearing daily, and only six per cent recognize the true scale of the threat, according to B2B International and Kaspersky
Marketplace
Senate Spotlights Companies Working With Secret Data (Corporate Counsel) Following some high-profile leaks of classified data, the spotlight was shining last week on corporations hired to do secret intelligence work for the federal government. The scrutiny came from congressional hearings as well as from a new report on political contributions by private contractors
Expect security clearance delays (Air Force Times) Over the last decade, the government has fought tooth and nail -- largely successfully -- to speed up the security clearance process and encourage intelligence agencies to share more information with one another. But as Washington reels from the recent
Cisco China Sales Vulnerable as Media Urge Domestic Shift (Bloomberg) Cisco Systems Inc. (CSCO) faces a backlash in China, where it generates about $2 billion in annual sales, after state-run media said the company poses a security threat and urged a shift toward domestic suppliers
Skype ditched peer-to-peer supernodes for scalability, not surveillance (ZDNet) Before Microsoft acquired Skype in 2011, the voice calling service was already ditching its "near impossible to wiretap" peer-to-peer model in favor of the cloud. Skype's principal architect explained in an email on Sunday why the company redesigned its backend infrastructure, which many have claimed made it easier for governments to wiretap calls
Encryption Firm Silent Circle Sees Surge in Enterprise, Govt Clients (GovConExecutive) Silent Circle, which provides communications encryption tools and services for enterprises and government agencies, has witnessed a surge in its business since the company's launch in October 2012, The Washington Post reported Monday
NSA Prism Spying Scandal: Tech Companies Struggle to Open Up (Bloomberg BusinessWeek) The phone calls began late in the morning, Silicon Valley time, on June 6. Representatives of nine leading U.S. technology companies received a flurry of calls and e-mails from reporters at the Guardian and the Washington Post, asking them to comment on explosive stories they would soon publish. Their reports, based on government documents leaked by former National Security Agency contractor Edward Snowden, alleged that the country's leading Internet firms were giving the NSA and the Federal Bureau of Investigation "direct access" to their servers and thus to the e-mails, photos, and other private information of hundreds of millions of users around the world. The papers gave the companies roughly two hours to respond, according to spokespeople for four of the businesses
Interpol anti-hacker agents to attend Trend Micro cyber boot camp (V3.co.uk) Interpol has officially partnered with security firm Trend Micro to benefit from its tools and expertise in the ongoing war against cyber crime. The partnership will see Interpol and Trend Micro establish a new Global Complex for Innovation (IGCI)
Soltera to support SPAWAR info operations (UPI) Sotera Defense Solutions Inc. provides systems, solutions and services in support of the U.S. intelligence community, Department of Defense, Department of Homeland Security and federal law enforcement agencies. Recommended Stories. U.S. seeks to buy
Products, Services, and Solutions
Microsoft and Oracle Team Up To Bring Java, Oracle Database, Linux and WebLogic Server To Azure And Windows Server (TechCrunch) Ahead of their joint press conference later today, Microsoft and Oracle announced a new partnership that will bring a number of Oracle products to Windows Server and the company's Azure cloud computing platform. These Oracle products include Java, Oracle Database and Oracle WebLogic Server
Napatech, Procera to showcase 80 Gbps DPI at Cisco Live 2013 (Telecompaper) Intelligent network adapter vendor, Napatech and global network intelligence company, Procera Networks have announced the companies will demonstrate an 80 Gbps Deep Packet Inspection (DPI) offering at Cisco Live 2013 in Orlando, Florida
Codecademy for the cloud: Google's new Cloud Playground is pure genius (Venture Beat) The biggest challenges with adopting a new platform are unfamiliarity, uncertainty, and switching costs. Which is exactly why Google's new Cloud Playground is a perfect way to get serious about tempting developers to switch from Amazon or Microsoft's clouds
Major part of DCGS now open source (FierceGovIT) A recently created military software open source foundation received its first major chunk of code when Lockheed Martin donated in May middleware software used in the Distributed Common Ground System, a military data analysis tool the subject of mounting controversy
Datameer Democratizes Advanced Big Data Analytics (InformationWeek) Datameer 3.0 promises drag-and-drop machine learning with clustering, column-dependency, decision tree and predictive recommendations on top of Hadoop
Google Mine Wants To Track Your Stuff (InformationWeek) Google reportedly is testing Google Mine, a Google+ offshoot that lets you share info about your real-world objects. Sounds more like a gold mine for Google
Hadoop: From Experiment To Leading Big Data Platform (InformationWeek) 6th annual Hadoop Summit, held this week in Silicon Valley, will highlight Hadoop's evolution from backroom science project to mainstream big data manager
Technologies, Techniques, and Standards
US-CERT Warns Of Default Password Risks (Dark Reading) Change default passwords to strong ones, use stronger authentication methods before putting network-connected system online, US-CERT recommends
DDoS attacks: What they are and how to protect yourself (Help Net Security) Ameen Pishdadi is the CTO at GigeNET. In this interview he discusses the various types of DDoS attacks, tells us who is at risk, tackles information gathering during attacks, lays out the lessons that
Creating a DDoS Mitigation Strategy (BankInfoSecurity.com) Creating a DDoS Mitigation Strategy. Listen To This Interview. In defending against distributed-denial-of-service attacks, enterprises must comprehend the motives of the cyber-assailant, Booz Allen Hamilton's Sedar Labarre says. "[Organizations] need
Thinking About Security Considerations in SCADA Systems (1) (Electrical Engineering Portal) SCADA System can be affected by a number of threats, which may be natural or intentional. So it is very much important to focus on security aspects of SCADA Systems
Connecting the Dots, Missing the Story (Slate) With Big Data, the government doesn't need to know the "why" behind anything. Could Big Data have prevented 9/11? Perhaps--Dick Cheney, for one, seems to think so. But let's consider another, far more provocative question: What if 9/11 happened today, in the era of Big Data, making it all but inevitable that all the 19 hijackers had extensive digital histories
Why Hadoop projects fail — and how to make yours a success (Venture Beat) Without doubt, "big data" is the hottest topic in enterprise IT since cloud computing came to prominence five years ago. And the most concrete technology behind the big data trend is Hadoop
Design and Innovation
CIA Unveils Redesigned Public Website (Central Intelligence Agency) The Central Intelligence Agency (CIA) today introduced a major redesign of its public website…to make it more accessible to users. The revamped website includes a wealth of new and updated information along with innovative features. As Director John O. Brennan noted, "The new and improved website reflects CIA's strong commitment to educating and informing the American people about the Agency's history, mission, and organization. I encourage the public to explore the website and learn more about an American institution dedicated to protecting our country's security"
Big Data Needs Creative Types, Too (InformationWeek) Teradata technologist sees a growing need for both left-brain and right-brain types in data-driven enterprises. We hear a lot about the shortage of data scientists, those hard-to-find professionals trained to analyze massive data sets, gain insights from them, and communicate that information to an organization's management team. These data gurus must be well-versed in multiple technical and business disciplines, including analytics, computer science, math, modeling and statistics. Oh, and people skills are good to have, too
Comment: Securely Embracing 'Shadow-IT' — the Apps an IT Department Can't Control (Infosecurity Magazine) For what seems like an eternity, IT departments have been worried about overspending, projects running late and even website frailties and attacks - all of which are laudable concerns and ones that should be kept in mind. But today there is an even larger concern, and it's called 'Shadow-IT'
Security Needs More Designers, Not Architects (Dark Reading) The better we design the user experience, the more we reduce our risk. A few years ago I somewhat egotistically wrote Mogull's Law in a blog post. It states, "The rate of user compliance with a security control is directly proportional to the pain of the control vs. the pain of noncompliance." A shorter version of saying this is, "Computer users will take the path of least resistance"
Research and Development
DOE Opens New Smart Grid Integration Testing Facility (IEEE Spectrum) The U.S. Department of Energy (DOE) and the National Renewable Energy Laboratory (NREL) are launching a new user facility for testing utility-scale renewable energy grid integration
Medical ontology helps automate image-retrieval system (FierceHealthIT) How do you train a computer to effectively retrieve medical images? Researchers at Case Western Reserve University in Cleveland, Ohio claim some success as part of an effort to build a large-scale medical image retrieval system for consumers
Academia
Canadian academic urges greater digital diplomacy on Ottawa (FierceGovernmentIT) A Canadian academic is lamenting his country's lack of social presence in diplomacy, arguing in a paper that lack of Canadian diplomatic presence on social media channels such as Facebook and Twitter will condemn the country to "progressively fade in international affairs"
Legislation, Policy, and Regulation
There is no "right to be forgotten" by search engines, says top EU court advisor (PC World) The senior advisor to Europe's top court said Tuesday that Google is not responsible for third party information in its search results and that there is no general "right to be forgotten" under the current data protection laws
Encryption would exempt ISPs from data breach notification to EU customers (CSO) New rules on how to implement the ePrivacy law come into force in August
G8 governments sign Open Data Charter (FierceGovIT) During its summit in Northern Ireland, the G8 issued a declaration and signed an Open Data Charter on June 18, stating their intent to promote machine readable and publicly-available government data
CHIME, others want feds to take their time with health IT regulation (FierceHealthIT) The College of Healthcare Information Management Executives, the American Medical Informatics Association and a bevy of other healthcare information technology stakeholders want the federal government to tread carefully in its efforts to regulate the industry
Canada's long-delayed spam laws risk being quietly shelved (Naked Security) Anti-spam legislation in Canada should have been in force several years ago but it's unlikely that the laws will have any teeth for several more years, and they may even fall by the wayside. So Canadians, unless you want to be the weak link, pester your politicians to pull their collective fingers
International cooperation in the fight against cybercrime (Help Net Security) Today's cyber threats are becoming increasingly more targeted and sophisticated with criminal networks operating across the world, coordinating complex attacks against targets in a matter of minutes
NSA instigates security measures to hamper future whistleblowers (ZDNet) Former NSA contractor Edward J. Snowden, currently on the run, has set a precedent which may hamper future whistleblowers in the United States. Once the now-fugitive leaked details about surveillance on American citizens to the media, Snowden went on the run -- moving from Hong Kong to Russia over the weekend -- and is expected to attempt to reach Cuba. The U.S. government has revoked his passport and warned other countries not to help the former contractor on his international travels, predictably using political weight to try and bring the whistleblower to heel and back on American soil
Cheney : Lawmakers favored secrecy on surveillance (Boston Herald) Cheney said he was directly involved in setting up the program, run by the National Security Agency, or NSA, in the weeks after the 9/11 attacks. He said it has had "phenomenal results" in preventing terrorist attacks. Cheney did not specify which
US must increase security transparency to gain popular support — former NSA director (RT) US security officials must scrutinize the surveillance programs disclosed by Edward Snowden and inform the American public better about their potential benefits, former NSA and CIA director Michael Hayden admitted in an interview on RT's SophieCo
Focus Should Be On Government Secrecy, Not Snowden, Whistleblower Advocates Say (Washington Post) Some members of Congress and Secretary of State John F. Kerry say Snowden has betrayed his country. Whistleblower advocates acknowledge that he might have committed a crime, yet they firmly identify Snowden as a whistleblower. This presents a dilemma
What Allowing The NSA's Surveillance Says About You And Me (Talk Radio News Service) Over the past few weeks I've listened intently as Washington has tried to deal with the revelations that the NSA is data mining every phone call we make and monitoring our e-mails and
UNCLE SAM'S DRAGNET Why Americans have the right to be left alone (Sky Valley Chronicle) In 1929, Secretary of State Henry Stimson dismantled the department charged with breaking
Bill Seeks Limits On Call Data Collection (Washington Post) The chairman of the Senate Judiciary Committee on Monday renewed long-frustrated efforts to expand congressional oversight of government surveillance programs following disclosures about the intelligence community's collection of phone and Internet records
U.S. Senators to NSA: That FISA fact sheet isn't totally factual (Venture Beat) The National Security Agency is "misleading" those who read its FISA fact sheet, explaining what intelligence the NSA can collect and how it handles Americans' data, according to Senators Ron Wyden and Mark Udall. The two wrote a letter to NSA chief General Keith Alexander urging the agency to correct the "inaccuracy"
2013 Joint Strategic Plan on Intellectual Property Enforcement (White House) As President Obama has made clear, "[o]ur single greatest asset is the innovation and the ingenuity and creativity of the American people. It is essential to our prosperity and it will only become more so in this century." So it matters that we have the right approach to intellectual property enforcement; one that is forceful yet thoughtful, dedicated and effective, and that makes good and efficient use of our resources
Litigation, Investigation, and Law Enforcement
China, Russia Extradition Row Is Pure Realpolitik (Wall Street Journal) In any big game, it's important to always know the score. And now, in light of how China and Russia are handling the Edward Snowden affair, President Barack Obama knows this: There will be no personal favors in these relationships, only coldblooded calculations
The Age Of American Impotence (Wall Street Journal) Funny how Mr. Putin always seems to discover his inner civil libertarian when it's an opportunity to humiliate the United States
Whistle-Blow A Happy Tune (San Francisco Chronicle) Snowden is smart enough to have amassed huge amounts of U.S. intelligence but dumb enough to run to Hong Kong - then Moscow - to out himself as a whistle-blower. As of my deadline, his final destination is unclear. He's smart enough to have won a top-security clearance from a government dumb enough to give it to him
Portrait In Respect (Wall Street Journal) The Obama Administration wants the world to know that it cares very deeply about bringing self-admitted national-security leaker Edward Snowden back to the U.S. to stand trial. If only the world seemed to care as much about what the U.S. thinks
U.S. Is Worried About Security Of Documents Snowden Has (Washington Post) The ability of contractor-turned-fugitive Edward Snowden to evade arrest is raising new concerns among U.S. officials about the security of top-secret documents he is believed to have in his possession - and about the possibility that he could willingly share them with those who assist his escape
Hong Kong: Shadowy Envoy Encouraged Fugitive To Leave (Washington Post) The message was blunt and was delivered Friday night by a shadowy emissary who didn't identify himself but knew enough to locate Edward Snowden's secret caretaker: The 30-year-old American accused of leaking some of his country's most sensitive secrets should leave Hong Kong, the messenger said, and if he decided to depart the authorities would not interfere with his travel plans
Leaker's Flight Raises Tension Between U.S. And 3 Nations (New York Times) Frustrated Obama administration officials pressed Russia on Monday to turn over Edward J. Snowden, the national security contractor who disclosed surveillance programs, while warning China of consequences for letting him flee to Moscow
Kerry Reproaches Russia as Ecuador Considers Snowden Asylum (Bloomberg) The U.S. lashed out at Russia for letting former U.S. intelligence contractor Edward Snowden transit through Moscow as Ecuador considered his bid for asylum
Snowden in Moscow: An Unexpected Windfall for Russian Spies (AFP via SecurityWeek) Former US intelligence contractor Edward Snowden's stop in Moscow is an unexpected windfall for the Russian secret services even if it risks worsening the already strained relations between the Kremlin and Washington
China and U.S. war over Snowden (Cyberwarzone) China rebuked the United States on Tuesday for accusing it of facilitating the flight of fugitive U.S. spy agency contractor Edward Snowden, and said suggestions that it had done so were "baseless and unacceptable"
U.S. Said to Explore Possible China Role in Snowden Leaks (Bloomberg) U.S. intelligence agencies are investigating whether Edward Snowden's leaks may be a Chinese intelligence operation or whether China might have used his concerns about U.S. surveillance practices to exploit him, according to four American officials
China Outsmarted US in Snowden Chess Game: Experts (Cyberwarzone) China interceded to allow Edward Snowden's dramatic flight from Hong Kong, calculating that infuriating the United States for now was necessary to prevent deeper corrosion to their relationship, analysts and media said Monday
What the PRISM Stories Tell Us About the Press (Volokh Conspiracy) If you don't share my fascination with the journalistic ethics of the Snowden reporters, you can skip this long piece. But both of the protagonists have now defended themselves, so I'm posting their messages, with commentary
Obama Has Charged More Under Espionage Act Than All Other Presidents Combined (Slate) The U.S. government charged former National Security Agency contractor Edward Snowden with three felonies, including two under the Espionage Act. He now becomes the eighth person to be charged under the Espionage Act under Obama, according to Firedoglake. That is more than double all previous presidents combined. Prior to Obama's administration only three people who leaked information had been charged under the 1917 statute that was never really intended for leakers. The arguments that Obama uses now to use that statute to go after those who reveal information were first brought up by Ronald Reagan's administration when it went after a Navy civilian analyst who leaked photographs to a British military magazine. But now the practice has become widespread
Did Edward Snowden Hand Over His Laptops to the Guardian or Another Media Outlet? (Slate) In a conference call with reporters on Monday, WikiLeaks founder Julian Assange stayed mostly quiet about Edward Snowden's travel plans. But while Assange refused to comment on Snowden's whereabouts ("he is in a safe place and his spirits are high"), he still managed to make news by implying that the NSA leaker may have turned over the four laptops he left Hawaii with to one or more media outlets. According to the Guardian, those laptops may contain access to "some of the US government's most highly-classified secrets"
EXCLUSIVE: Snowden sought Booz Allen job to gather evidence on NSA surveillance (South China Morning Post) Edward Snowden tells the Post he took a job at NSA contractor Booz Allen Hamilton to collect proof of surveillance programme
South Africa government Knew British Agents were spying (Cyberwarzone) South Africa was well aware British agents were spying on foreign delegates during the 2009 G20 summit, but chose to deal with the matter privately to avoid being embarrassed, reports the Mail & Guardian (M&G)
Snowden on the run, leaks continue unabated (Help Net Security) The chase is on for whistleblower Edward Snowden and the U.S. government. After legally leaving Hong Kong for Moscow, and despite having his U.S. passport revoked, the former NSA sysadmin and analyst
Snowden leaks may embarrass Canberra (Brisbane Times) Australian officials said it was still unclear precisely what information Mr Snowden may have taken from the National Security Agency and his former employer, defence and intelligence consulting firm Booz Allen Hamilton. Despite this officials said
Contractor who cleared Snowden's background check under investigation, OPM IG says (FierceGovernment) The contractor the Office of Personnel Management uses to conduct security clearance checks may have committeed contract fraud, OPM Inspector General Patrick McFarland said in a June 20 Senate Homeland Security and Governmental Affairs subcommittee on efficiency and effectiveness of federal programs and the federal workforce hearing
Kim Case A Hard Nut To Crack (Washington Post) The seeds of a great mystery story hang over the case of Stephen Jin-Woo Kim, who has pleaded not guilty to charges that he leaked highly classified information about North Korea to Fox News reporter James Rosen four years ago
How Barrett Brown shone light on the murky world of security contractors (The Guardian) Unlike Edward Snowden or Bradley Manning, Brown is not a celebrity. But after helping expose a dirty tricks plot, he faces jail
Google gets 35 days to wipe its WiSpy data (Naked Security) The UK's Information Commissioner's Office (ICO) is, once again, rattling its stick at Google, demanding that it delete the Street View car data that it's already told the company to delete - twice
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
GovConnects Business Breakfast: "Secured Space." What It Is - Who Has It - Who Needs It (UMUC, Dorsey Station, Elkridge, Jul 10, 2013) With today's Cyber threats, all businesses, institutions and the general public are at risk as never before. Learn about the lastest technologies, measures and solutions being used today and into tomorrow to protect your intellectual property.
NASA National Capital Region Industry Days (Washington, DC, USA, Jun 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in the marketplace.
AFCEA International Cyber Symposium 2013 (Baltimore, Maryland, USA, Jun 25 - 27, 2013) Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the Cyber symposium will engage the key players, including the U. S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The AFCEA International Cyber Symposium 2013 focuses on the critical missions of U.S. Cyber Command and the interface with Army Cyber Command, Marine Corps Forces Cyber Command, 10th U.S. Fleet Cyber Command, 24th Air Force Cyber, Department of Homeland Security, U.S. Coast Guard, DoD-CIO, National Security Agency (NSA), Defense Information Systems Agency (DISA), Defense Advanced Research Projects Agency (DARPA), Academia, Industry partners. The operational theme " Defining Full Spectrum Global Cyberspace Operations" will explore the operational security of DoD and Industry Networks, Cyber Operations with Joint and Coalition partners, and discuss the training and development of the cyber workforce.
ShakaCon (Honolulu, Hawaii, USA, Jun 25 - 28, 2013) This is the fifth year this "laid back security conference in paradise" is being held. Some solid presentations and training on malware analysis and penetration testing. After all, what could be better than "sun, surf, and C Shells?" There are intensive training classes on hacking mobile apps and even lock picking (the set of tools is included in the class registration).
Northern Virginia Technology Council: Security Threats: What Keeps You Awake at Night? (McLean, Virginia, USA, Jun 27, 2013) It's no secret that cybersecurity events are increasing in frequency and intensity. Many of these events are severe and pose significant risk to us as individuals, to our businesses, as well as our economy and national security. We've seen many reports in the press recently of well-funded nation states attempting to pilfer our networks in search of intellectual property. Every day bad guys are trying to gain access to our credit card information and other forms of personal information to steal our money and identities while others brazenly attempt to take over our data and systems and hold them for ransom. How is this happening? What can we do to protect ourselves? This conference addresses these issues.
American Technology Awards Technology and Government Dinner (Washington, DC, USA, Jun 30, 2013) TechAmerica Foundation hosts its Eleventh Annual Technology and Government Dinner at the Ronald Reagan Building in Washington DC. The dinner continues to serve as the premier Washington, DC technology networking event bringing hundreds of tech industry, congressional, and government leaders together at one venue to celebrate the partnership between industry and government.
Digital Forensics and Incident Response Summit (Austin, Texas, USA, Jul 9 - 10, 2013) The 6th annual Forensics and Incident Response Summit will again be held in the live musical capital of the world, Austin, Texas. The Summit will focus on high quality and extremely relevant content as well as panel discussions in Digital Forensics and Incident Response. The 2013 theme is currently in development as the digital forensics and incident response community is constantly evolving and our content promises to be cutting-edge and relevant to ensure you will be able to utilize the ideas presented when you return to your organization.
London Summer 2013 (London, England, UK, Jul 9 - 16, 2013) SANS London Summer takes place at the London Marriott Hotel Kensington and gives security professionals the opportunity to take one of four of SANS most popular 6-day courses and the 2-day "Securing The Human" course.
3rd Cybersecurity Framework for Critical Infrastructure Workshop (San Diego, California, USA, Jul 10 - 12, 2013) NIST is inviting cybersecurity experts, industry and academia from across the nation to attend one of its regional workshops at UC San Diego to identify, refine and guide the many interrelated considerations, challenges and efforts needed to build this framework.
cybergamut Technical Tuesday: Remote Digital Forensics (Columbia, Maryland, USA, Jul 16, 2013) 'The remote control changed our lives. The remote control took over the timing of the world. Within three seconds, click, click, click. So can we do remote forensics?' Ken Zatyko of Assured Information Security will present results of a study into this question, including a look at related research and a trade study of the current state of the digital forensics industry. If you are interested in triage, validation, high speed networks, forward analysis, agents, and cloud computing this presentation is for you.
Mobility Solutions for the Federal Market (Falls Church, Virginia, USA, Jul 16, 2013) With the improvements in mobile technology, smart phones and tablets, DOD, DHS and Civilian agencies have an opportunity to improve their service delivery models and the programs that serve their constituents. In order to accomplish this, Agencies across all branches of government must understand how and where mobile technology can be leveraged, where it's already being successfully leveraged to improve service delivery, and identify the areas of improvement necessary within their agency or program to ensure today's workforce is leveraging mobile technology to help their agency accomplish their goals. Join us at this highly interactive July 16th Potomac Officers Club Mobility Summit where our speakers will be addressing strategic issues.
2013 World Comp (Las Vegas, Nevada, USA, Jul 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields of computer science, computer engineering, and applied computing.
Black Hat 2013 (Las Vegas, Nevada, USA, Jul 27 - Aug 1, 2013) Black Hat USA is a major international security conference, featuring learning, networking, and skill-building. Sessions include training, briefings, technical presentations, and more.
SECRYPT 2013 (Reykjavik, Iceland, Jul 29 - 31, 2013) The 10th International Conference on Security and Cryptography (SECRYPT 2013) will take place from 29 to 31 July 2013 in Reykjavik, Iceland…The conference will focus on information systems and network security, including applications within the scope of knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. It will bring together researchers, mathematicians, engineers and practitioners interested in security aspects related to information and communication.