The CyberWire Daily Briefing for 8.14.2013
Post-coup violence in Egypt is accompanied by hacktivist attacks against government websites. The Syrian Electronic Army resurfaces to compromise the New York Post's social media presence via a breach at SocialFlow. The guttering cyber riot in South Asia continues as Pakistan's "MindCracker" defaces the Indian Railways website in retaliation for Indian hacktivists' assaults on Pakistani Army sites.
More emerges on the campaign against the Dalai Lama and other Tibetan activists—a watering hole attack appears to show an opportunistic convergence of interest between the Chinese government and Chinese criminal organizations.
TeamBerserk claims to have used stolen user data to approach (there's no apparent breach) networks at the US Army's White Sands Missile Range. JPMorgan Chase customers are the targets of what Trend Micro calls "a very thorough" phishing campaign.
BIND DNS software holes may give attackers control over name servers. Bogus Firefox updates are serving adware. Both baby monitors (in an unusually creepy and motiveless hack) and lighting control systems are shown vulnerable to hijacking.
Microsoft's Patch Tuesday receives its customary press reviews. Xerox works to fix a scanner flaw reported last week, and Bitcoin wallets get an upgrade.
IT World predicts that jamming will be the next big thing in do-it-yourself privacy and cyber vigilantism. GPS jamming got a New Jersey man arrested this week. Lavabit reveals more about its decision to shutter its secure email service.
Oracle's Ellison shows government surveillance some scarce love, but in general US President Obama's announced intelligence policy overhaul opens to chilly reviews.
Notes.
Today's issue includes events affecting China, Egypt, India, Pakistan, Russia, Syria, United Arab Emirates, United Kingdom, United States, and and Vietnam..
Cyber Attacks, Threats, and Vulnerabilities
Several Egyptian Government Sites Disrupted by Hackers as Violence Continues (Softpedia) Egypt is becoming a war zone with several people being killed in the clashes between Egyptian security forces and pro-Morsi supporters
NY Post is hacked by the Syrian Electronic Army on Twitter and Facebook (Graham Cluley) Security breach at SocialFlow social media firm leads to defacement of New York Post's Facebook and Twitter page
Official website of Indian Railways Hacked by Pakistan Cyber Army (Hack Read) In reply to Indian hackers for hacking Pakistan Army website, a hacker going with the handle of MindCracker from Pakistan Cyber Army has hacked and defaced the official website of Indian Railways. Hacker left a deface page along with a message on hacked website which explains the reason for hack was to retaliate against Indian hacker who had hacked the official website and Facebook page of Pakistan Army
Cyber criminals target the Dalai Lama website with Java watering hole exploit (V3) Criminals have launched a watering hole attack, using the Dalai Lama's Central Tibetan Administration website to spread data-stealing malware. Kaspersky Labs' principal security researcher Kurt Baumgartner reported discovering the attack in a blog post, confirming that a hacker group has hijacked control of the site and is using it to redirect unaware users to a malicious web page. He said the attack is interesting as the malicious code is written to specifically target Chinese and American visitors
New Mexico ISP Plateau Hacked (eSecurity Planet) TeamBerserk hackers claim to have leveraged the stolen user data to access a network connected to the U.S. Army's White Sands Missile Range
Sweeping mobile phishing attack requests bank customers' ID scans (Help Net Security) A very thorough phishing campaign is targeting customers of JPMorgan Chase Bank who use their mobile phones to do their online banking, warn Trend Micro researchers
BIND Vulnerability Enables DNS Cache Poisoning Attack (Threatpost) A vulnerability in the BIND domain name system (DNS) software could give an attacker the ability to easily and reliably control queried name servers chosen by the most widely deployed DNS software on the Internet, according to new research presented at the Woot Conference in Washington D.C. today
Malicious ads lead to outdated adware–laden Firefox "update" (Help Net Security) A series of Internet campaigns pushing bogus Firefox updates onto unwary users have been spotted by researchers, and among them is one that lures them in through "Green Card Lottery" ads
NHTSA Servers Back Online After Attack (Threatpost) The National Highway Traffic Safety Administration restored its servers yesterday, 10 days after an attack that knocked the agency's website offline
Baby–monitor hacker spies on and swears at sleeping 2–year–old (Naked Security) A hacker took over a baby monitor in a home in the US city of Houston, Texas, to spy on a 2-year-old girl, to broadcast obscenities at the child, to swivel the camera so as to watch her shocked parents as they came in, and to then call the parents insulting names
Hacking a smart lightbulb system (Help Net Security) The phenomenon of the Internet of Things (IoT) is positively influencing our lives by augmenting our spaces with intelligent and connected devices. Examples of these devices include lightbulbs, motion
From Vietnam with tens of millions of harvested emails, spam-ready SMTP servers and DIY spamming tools (Webroot Threat Blog) How would a cybercriminal differentiate his unique value proposition (UVP) in order to attract new customers wanting to purchase commoditized underground market items like, for instance, harvested and segmented email databases? He'd impress them with comprehensiveness and 'vertically integrated' products and services. At least that's what the cybercriminals behind the cybercrime-friendly market proposition I'm about to profile in this post are doing
Cybercrime–friendly underground traffic exchange helps facilitate fraudulent and malicious activity (Webroot Threat Blog) Throughout the last couple of years, the persistent demand for geolocated traffic coming from both legitimate traffic exchanges or purely malicious ones -- think traffic acquisition through illegally embedded iFrames -- has been contributing to the growing market segment where traffic is bought, sold and re-sold, for the sole purpose of monetizing it through illegal means
A new threat: Information integrity attacks (Defense News) As the United States aggressively addresses cyber attack weapons and actors, our adversaries morph their techniques and expand their targets. Several current
Security Patches, Mitigations, and Software Updates
The triumph of Patch Tuesday (ZDNet) And there are still zero-day exploits at times, probably more than we know about, but this too is inevitable. Even "Exploit Wednesday", when an unpatched
Windows 8 Boosts Security with 5 New Features (eSecurity Planet) Security experts have long held a dim opinion of the Microsoft Windows OS. But Windows 8's lineup of security features may help change their minds
Microsoft drops eight patches for 23 bugs, including IE and Exchange fixes (SC Magazine) Microsoft on Tuesday dispatched eight fixes for 23 vulnerabilities as part of its monthly patch update. Three of the fixes, or bulletins, were deemed "critical" because they addressed bugs that all allowed remote code execution (RCE) after a user opened a malicious file or viewed an infected web page
Microsoft moves to block MD5 certificates and improve RDP authentication (CSO) Windows optional security updates restrict use of MD5-based certificates and improve Remote Desktop Protocol network-level authentication
Xerox working to fix scanner bug (FierceCIO: TechWatch) We wrote last week about a bug in Xerox multifunctional copiers, which resulted in numbers being arbitrarily changed on scanned digital images. The problem was discovered by German computer scientist David Kriesel, who tested the issue on two different Xerox machines
Bitcoin wallets upgraded after Android cryptography problem (PCWorld) Bitcoin wallets upgraded after Android cryptography problem…a serious cryptography problem in Android that could allow attackers to steal the virtual currency
Cyber Trends
Next up: The Jamming wars (IT World) Our public spaces are bristling with surveillance gear, but Washington can't seem to get around to updating its privacy laws. What's next? Look for citizens to take matters into their own hands
Cyber attack danger grows (Boston Herald) Recent revelations about China hacking U.S. computers have raised awareness of cyber espionage, but some of the greatest threats local governments face are cyber attacks that can be used to defraud people or to plunge an entire city or state into chaos, according to one security expert
Exploring critical infrastructure security and government cyber security (Help Net Security) Chris Folk is the Director of National Protection Portfolio, The MITRE Corporation. Folk oversees work program development and delivery to: the DHS National Protection and Programs Directorate (NPPD), including Cybersecurity & Communication (CS&C), Office of Infrastructure Protection (OIP), and Federal Protective Services (FPS), and US VISIT. Folk brings more than 18 years of experience supporting the national and homeland security communities, working in operations, intelligence, infrastructure protection, and cybersecurity programs for the DoD, IC, and DHS. In this interview he discusses the challenges involved in working with several U.S. government agencies, approaching the insider threat, the resilience of the government cyber ecosystem, future threats, and more. How has your background prepared you for your current role as Director of the HS SEDI FFRDC National Protection Division? What are the main challenges involved in working in this position
IT security spending continues to increase, but does that matter? (CSO) Good news for the IT security industry! Canalys just released a report projecting that global IT security spending will increase by more than $30 billion by 2017--an annual compound increase of 6.6 percent
Marketplace
Rostelecom to Invest in Internet Filter as New 3G Network Comes on Line (Moscow Times) As Rostelecom begins finally to build up its 3G network, the state-controlled telecom company plans to spend $33 million on a system to manage mobile internet traffic, allowing it to block websites flagged by the telecommunications watchdog, Roskomnadzor, Vedomosti reported Tuesday
Deltek: $40B in Recompete Defense Contracts Up For Grabs (GovConWire) Defense Department components plan to offer three recompete contracts worth up to $40 billion combined starting this fall and continuing into the winter, the Washington Post reported Monday
Booz Allen to Lockheed Win Part of $6 Billion Cyber Award (Bloomberg) They will help the Department of Homeland Security develop a…available to the Defense Department and intelligence agencies, according to the federal
NSA revelations a mixed bag for private clouds (CSO) Data security fears won't fuel an exodus from public cloud services, experts say. Life in the cloud hasn't been the same since Edward Snowden began leaking secrets about government snooping on the Internet
Lavabit founder, under gag order, speaks out about shut-down decision (Ars Technica) Levison built e-mail "by geeks, for geeks"--and then turned off 410,000 accounts. Ladar Levison took 10 years to build his company--and he's 32, so that's most of his adult life. So when he shut down his encrypted e-mail service, Lavabit, without warning last week, it was like "putting a beloved pet to sleep." "I was faced with the choice of watching it suffer, or putting it to sleep quietly... it was very difficult," he told Democracy Now. "I had to pick between the lesser of two evils." What was that other choice? "Unfortunately, I can't talk about that," Levison said during today's interview
Why Ladar Levison Shuttered Encrypted Email Service Lavabit In The Face Of Government Pressure (TechCrunch) Today Ladar Levison, owner of the now-shuttered Lavabit email service, spoke to Democracy Now about his decision to close his company. In the interview, he expressed support of leaker Edward Snowden, and made it exceptionally plain the limits of what he is allowed to say
Can Kim Dotcom rescue secure email? (CSO) Mega looks to fill gap left by exit of Lavabit and Silent Circle
Smartronix Hires Former Digicon CTO Mr. Rick Kelley as Director of Technology to Grow Cloud Computing Practice (BWW) Smartronix announced today that it hired Mr. Rick Kelley as Director of Technology. In his new role, Mr. Kelley will manage a growing team of Cloud Solution Architects and guide the development and implementation of large-scale enterprise Cloud solutions
Cyber Defense Company Cyvera Raises $11 Million (Pulse 2.0) Cyvera will be using the funding to expand their business and sales operations in the U.S. and further develop their cyber defense solutions
Why did BlackBerry crumble? (The Guardian) One moment it was the hi-tech communication tool of world leaders and the financial elite. The next it had lost its cutting-edge reputation, aspirational appeal - and its customers
Products, Services, and Solutions
Skyhigh Networks Announces Skyhigh Secure (Dark Reading) Skyhigh Secure's mobile to cloud capabilities enable secure access of cloud services directly from mobile devices
Oracle launches appliance for rapid cloud deployment (ZDNet) Oracle has announced the Virtual Compute Appliance, a software and hardware stack designed to be able to support easy deployments of application on virtualised infrastructure
Panda Security announces new retail range for 2014 (African Business Review) Panda Security has announced the release of it 2014 range of retail solutions and for the first time a major innovation is the multi-platform protection for Mac and
Report: Use of Apache Web Server hits new low (FierceCIO: TechWatch) Use of the open-source Apache Web Server has hit a new low, according to the latest figures from research firm Netcraft. Across the 717 million websites that were surveyed this month, Apache was found to serve 46.96 percent of them--or below 50 percent. As reported by eWeek, this is the first time that has happened since December 2009…The Fierce Take: Obviously, the figures count only individual websites, but do not take their size or popularity into consideration. In this context, it could be argued that the resurgence of IIS could be due to its improved security, compared to the complexity of properly securing Apache on Linux
Technologies, Techniques, and Standards
Can We End CSRF With Header-Based Browser Policies? (Dark Reading) As the security community continues to look for easier ways to mitigate the risk of all-too-common Cross-Site Request Forgery (CSRF) attacks, many within the industry have lamented the difficulties that make it tough to do CSRF token deployment just right. With so many moving parts like, CSRF tokens are frequently used insecurely if at all. Which is why a pair of researchers from Qualys are now proposing a new header-based browser policy that they say could affect a much simpler, and therefore more broadly effective means of countering CSRF attack techniques
Steganography: What your eyes don't see (Infosec Institute) Steganography is the art of hiding information to prevent detection of a hidden message. It has been used throughout history by many methods and variation, ancient Greeks shaved heads of messengers and tattooed the secret message, once the heir grew back the message remained undetectable until the head is shaved again. Many ingenious techniques and methods were used by ancient civilizations. Earlier and near World War II invisible inks offered a common form of undetectable writing. An innocent letter could contain a very different message written between their lines
Are You Practicing the Safest ESX You Can? (Trend Micro) Here at Trend Micro, we are definitely looking forward to joining you at VMworld 2013. It's always interesting and exciting to hear about your successes with using virtualization and cloud to drive down costs and open new doors to responsiveness and agility. A key question we have on our minds (and hopefully yours too!) is: Are you confident that your security practices have got you covered across your physical, virtual and cloud environments? Are you practicing the safest ESX you can
How much confidential info is left unprotected in SharePoint? (Help Net Security) A Cryptzone security survey undertaken amongst SharePoint practitioners at the Microsoft conference in Las Vegas, reveals how many organizations have inadequate security and governance measures in place to help prevent data misuse and loss from their SharePoint environments
Start isolating critical XP systems now, experts warn (CSO) Lack of updates after April 8, 2014 adds security complications for companies, retailers running specialty software dependent on XP. Organizations that still need to use Windows XP after Microsoft pulls the support plug in eight months should spend the time they have left isolating software running on the aged OS
Catch Criminals Before the Damage is Done — Mitigating Account Takeovers (Data Breach Today) Online account takeover occurs when an unauthorized party gains access to an existing bank account by stealing the access credentials and is followed almost invariably by the illegal movements of funds. In today's increasingly connected world, the growth in connectivity, convenience, speed, technology adoption, and payment options allows people and businesses to conduct online financial activities more easily and efficiently. Consequently, fraudsters have developed the means to take advantage of this burgeoning attack surface through the increased use of smartphones to access the internet, malicious malware, socially engineered account takeovers, and other means. As we become more connected, attacks are becoming more sophisticated
Research and Development
Multi–service authentication via palm vein images (Help Net Security) Fujitsu has been creating and releasing palm vein biometric authentication and identification systems for over a decade, but have now presented a new one that definitely deserves some special attention
Legislation, Policy, and Regulation
Oracle's Ellison Calls NSA Surveillance 'Absolutely Essential' For U.S. Security (CBS News) Oracle CEO Larry Ellison sat down with CBS News' Charlie Rose at his Bay Area compound and gave his surprising opinion on the National Security Agency's surveillance program
Feds label Big Data 'security threat,' expand data programs anyway (Daily Caller) While the government assures Americans that the mountains of personal data it's amassing are safe from internal abuse and outside tampering, the Pentagon's research wing is raising the alarm over the threat metadata represents to privacy and national security. Foreign Policy writes that the Defense Advanced Research Projects Agency, or DARPA, recently released a request for researchers to examine whether aggregations of public data available online constitute "a national security threat
Obama's Clapper Mistake (New Yorker) Does President Obama understand why what people have learned, thanks to Edward Snowden, about the National Security Agency makes them angry? Maybe not. In a press conference on Friday, Obama said that his Administration would be "forming a high-level group of outside experts to review our entire intelligence and communications technologies
Obama's tepid agenda for NSA reform (Baltimore Sun) Our view: It will take more than half-hearted promises of transparency to make Americans 'comfortable' with domestic surveillance. President Barack Obama says he wants to make Americans more "comfortable" with the massive domestic and foreign electronic surveillance efforts being undertaken by the National Security Agency. But missing from his answers to questions about it at a news conference on Friday or from his proposals for reform was any understanding of what it is that made Americans uncomfortable in the first place. Mr. Obama seems to think it is the manner in which news of the NSA's programs came out, and not the content of them, that has Americans so upset
Obama's "independent" intelligence review group selected by DNI Clapper (Help Net Security) After his speech about transparency and greater oversight over US surveillance programs, as well as the announcement about forming an "independent", "high-level group of outside experts to review our
Reed Seeks Reform Of National Security Agency Data Collection (Olean Times) U.S. Rep. Tom Reed is hoping to gain support from fellow federal lawmakers in reforming National Security Agency data collection regulations. "We need to take a hard look to reform the NSA and its intelligence gathering programs in America," Rep. Reed said during his weekly media call Monday
WH Hopeful on Cyber Legislation Passage (GovInfoSecurity) Hope springs eternal at the White House, at least when it comes to Congress passing meaningful cybersecurity legislation, something it hasn't done in 11 years
The Impact of Cybersecurity Legislation and Policy (Infosecurity Magazine) A panel of critical infrastructure security experts gathered last week to discuss the impact of recent legislative and policy initiatives. According to one Obama Administration official, the industry should expect the first version of the NIST-led cybersecurity framework in early 2014
GCHQ Launches Twin–Track Approach to Cyber Incident Response Scheme (Infosecurity Magazine) Following a pilot project aimed at providing UK government and business with an effective cyber incident response capability, GCHQ (in the form of CESG and CPNI) has launched two schemes: its own to focus on major business and critical infrastructure attacks, and a CREST-led scheme for everyone else
Litigation, Investigation, and Law Enforcement
New York's Financial Services Subpoenas Bitcoin Firms To "Root Out Illegal Activity" (TechCrunch) Twenty-two Bitcoin companies received a letter from New York's top banking regulator to determine whether they respect the current financial regulatory guidelines. More importantly, the authority wants to create a new set of rules to make sure that bitcoins are not used for illegal activities
Q. & A.: Edward Snowden Speaks to Peter Maass (New York Times) In the course of reporting his profile of Laura Poitras, Peter Maass conducted an encrypted question-and-answer session, for which Poitras served as intermediary, with Edward J. Snowden. Below is a full transcript of that conversation
London Police Commissioner's cyber-crime open letter laughed at by industry (ComputerWorld) Adrian Leppard may 'control' police in UK's financial heartland but does he get cyber-crime. The City of London's Police Commissioner, Adrian Leppard, has been laughed at by cyber-security experts after writing an open letter to The Times this week, in which he refused to accept that police forces across the UK are struggling to get to grips with this new breed of cyber-criminals
Manning Played Vital Role In Iraq Despite Erratic Behavior, Supervisor Says (New York Times) A former leader of Pfc. Bradley Mannings Army intelligence unit in Iraq allowed him to keep working with classified information despite recurring concerns about his mental health because the unit was understaffed and Private Manning was playing an irreplaceable role in analyzing insurgent threats, according to testimony at his court-martial trial on Tuesday
1,213 Alleged Identity Thieves Arrested in China (eSecurity Planet) More than 700 million pieces of stolen personal information were seized by the police
eBay troll and fraudster 'Ebayisajoke' staked out and unmasked (Naked Security) For years now, there's been a thorn in eBay's side - a troll with many pseudonyms, one of which is Ebayisajoke
Truck driver arrested for leaving GPS jammer active at New Jersey airport (FierceCIO: TechWatch) Police have slapped a truck driver with a fine of almost $32,000 after he was caught using a GPS jammer in his vehicle when visiting Newark, New Jersey's Liberty International Airport
Russian denies cyber attack on Abu Dhabi bank, Carrefour (The National) Hackers harvested log-in credentials, personal data and credit and debit numbers from 17 multinational corporations including Carrefour over a seven-year
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
AIAA Aviation 2013 (Los Angeles, California, USA, Aug 12 - 14, 2013) Leading cybersecurity experts will speak at AIAA AVIATION 2013, being held August 12-14 at the Hyatt Regency Century Plaza, Los Angeles, Calif. Hosted by the American Institute of Aeronautics and Astronautics, the conference will address the risk of the evolving cyber threats to the world's $2.2 trillion commercial aviation enterprise.
Security in Government (SIG) (Canberra, Australia, Aug 12 - 14, 2013) The 25th annual Security in Government (SIG) conference is to be held from 12-14 August 2013 at the National Convention Centre in Canberra. Assistant Director for the National Security Resilience Policy Division in the Attorney General's Department, Robyn Devin said the SIG conference attracted protective security professionals from both the public and private sector.
A Cloud Computing Introduction for Manager (Columbia, Maryland, Sioux Falls, Aug 13, 2013) Cloud computing is becoming popular. More and more Technical Managers and Project Managers will be interacting with cloud computing, either developing clouds, using clouds, or selecting among cloud and non-cloud alternatives to accomplish their projects. This talk provides a brief and basic introduction to cloud computing, what managers need to know about cloud computing, what are some of the myths, and what they need to ask about cloud computing from service providers. The presentation will include selected questions specific to managers associated with government projects and security risks of cloud computing. This non-technical presentation will help managers understand cloud basics and how to ask better questions when a cloud becomes part of your project. Dr. Patrick Allen of Johns Hopkins University Applied Physics Lab will be the presenter.
Resilience Week 201 (San Francisco, California, USA, Aug 13 - 15, 2013) 2013 Resilience Week brings together colleagues across government, academia and industry to facilitate an exchange of ideas dedicated to promising research in resilient systems that will protect cyber-physical infrastructures from unexpected and malicious threats - securing our way of life. Four different symposia will be offered: Resilient Control Systems, Resilient Cyber Systems, Resilient Cognitive Systems, and Resilient Communication Systems. Keynotes will be provided by numerous leading subject matter experts - from agencies including: NSA, DARPA, Sandia National Laboratory, and Office of the Assistant Secretary of Defense for Research and Engineering.
Kirtland AFB/Sandia/DOE Cyber Security Seminar & IT Expo (Albuquerque, New Mexico, USA, Aug 15, 2013) This expo is designed to stimulate exchanges of information between industry partners and Kirtland AFB Information Management Officers', Information Technology personnel, Contracting Officers' as well as end-users, developers, scientists, researchers and project managers in the areas of cyber security and information technology.
National SCADA Conference (Melbourne, Victoria, Australia, Aug 15 - 16, 2013) The 12th Annual National SCADA Conference, Australia's largest and longest running SCADA conference, will bring together many of the luminaries of the Australian and International SCADA community to evaluate and find solutions for the increasing demands of the SCADA environment. The theme for 2013 will be delivering intelligence and improved performance to SCADA networks. The SCADA conference program will deliver fantastic first-hand knowledge from leading international and local SCADA experts with a great mix of burning SCADA issues, case studies, security and real world implementations together with practical advice. The networking opportunities provided coupled with the largest SCADA exhibition in the Southern Hemisphere ensure the National SCADA Conference is a must attend event for Australia's and New Zealand's SCADA Communit.
First International Conference on Cyber-Physical Systems, Networks, and Application (Taipei, Taiwan, Aug 19 - 20, 2013) CPSNA 2013 will focus on core challenges of cyber-physical systems. Given a tight integration of computation and the physical world, cyber-physical systems must compose robust systems, networks, and applications built upon predictable, analyzable, and certifiable models and abstractions. CPSNA 2013 will serve as a forum to discuss new ideas for such core challenges of cyber-physical systems.
SANS Thailand 201 (Bangkok, Thailand, Aug 19 - 31, 2013) SANS hands-on advanced Information Security training is coming to Thailand this August! SANS is bringing our Web App Penetration Testing course to the Crowne Plaza Bangkok Lumpini Park in Bangkok, Thailand.
2013 Cyber Security Division Transition to Practice (TTP) Technology Demonstration for Investors, Integrators, and IT Companies (I3) — West (San Jose, California, USA, Aug 22, 2013) This event will feature eight innovative cybersecurity technologies that have been developed at the Department of Energy National Laboratories and have the potential to strengthen and organization's cybersecurity posture. During this event cybersecurity professionals and technology investors from private industry will learn about these new technologies through presentations, demonstrations, and discussions with the research teams that produced these technologies. In addition, attendees will have an opportunity to schedule a private one-on-one discussion with the Researcher to discuss opportunities for commercializing the technologies and areas of interest to drive further cybersecurity research. Registration closes August 12.
Defense Logistics Agency Tech Expo (Fort Belvoir, Virginia, USA, Aug 20, 2013) Industry exhibitors are invited to showcase and discuss the latest information services and technology to the personnel at the McNamara HQ Complex.
Human Cyber Forensics Forum (Washington, DC, USA, Aug 21, 2013) This forum brings together subject matter experts to discover and share new means of recognizing the human indicators related to cyber intrusions, and the evolution of these human indicators in the coming decades.