The CyberWire Daily Briefing 10.15.13

Summary

By The CyberWire Staff

Improved (and improving) versions of the Egobot Trojan are being used in a cyber espionage campaign directed against financial, industrial, and infrastructure targets. While the targets are located in many countries, including Australia, Brazil, South Korea, and the US, they all appear "Korea-related." No attribution yet, but a South Korean MP releases ROK government reports on long-standing North Korean cyber attacks. (North Korea says tu quoque, and besides, it's all just a provocation anyway.)

The usual cyber-rioting continues in the Middle East and the Subcontinent. RedHack again defaces a Turkish Website, and the Greek Foreign Ministry discloses its email system has been hacked by Anonymous.

Two denial-of-service attacks were committed over the weekend, one hitting Germany's Pirate Party, the other GitHub.

Britain's Independent uses its experience with the Syrian Electronic Army as a study in the Assad regime's attempts at information warfare by spoofed accounts.

Mandiant, long subject to retailiation by Chinese agencies displeased by Mandiant's exposure of their activities, receives bogus limo-service invoices. The pdfs carry a malicious payload and originate (unsurprisingly) with Chinese cyber units.

A Dexter variant has been used to compromise thousands of South African bankcards.

A D-Link router firmware flaw opens a backdoor vulnerability. Chrome appears susceptible to exposure of user history files.

Several attack surfaces are newly worrisome: vessel-tracking systems, GPS, smartphone sensors, and public Wi-Fi hotspots. Digital fingerprinting of physical devices raises controversy.

Reports of NSA email contact list harvesting prompt more surveillance backlash. Brazil creates a government email system to thwart interception.

Notes.

Today's issue includes events affecting Australia, Brazil, Canada, China, European Union, Germany, Greece, India, Iran, Israel, Democratic People's Republic of Korea, Republic of Korea, Morocco, Netherlands, Pakistan, Russia, Saudi Arabia, South Africa, Syria, Turkey, United Kingdom, United States.

Selected Reading

Cyber Trends

Are hackers really out to damage the networks? (Let's Talk Security) I don't know if you're aware that under EU legislation commonly known as Article 13a, telecommunications organisations are required to inform their national regulator of any major service outages (any that meet a certain criteria), and in the UK this would be Ofcom

Legislation, Policy and Regulation

Brazil creating email for gov't use to fight spies (San Jose Mercury News) Brazilian officials say that all government employees will start using an encrypted email service in an effort to stop foreign spies from intercepting emails. But experts question the ability of Brazil to protect its government emails from the eyes of the U.S. National Security Agency. The entire system is compromised if any user of an encrypted email sends a message to somebody on an outside program, like Gmail

NSA Leaks Prompt Rethinking of U.S. Control Over the Internet's Infrastructure (BBC) The leaders who run the internet's technical global infrastructure say the time has come to end U.S. dominance over it. In response to leaks by NSA whistleblower Edward Snowden, Fadi Chehadé, who heads the Internet Corporation for Assigned Names and Numbers, and others have called for "an environment, in which all stakeholders, including all governments, participate on equal footing"

Conservative peer Lord Blencathra hits out at online spying by GCHQ (Guardian) MPs should be able to vote to approve surveillance programmes or put a stop to them, says former minister

Former spy agency chief calls for Parliamentary oversight (CTV News) The agency accused of spying on mining and energy operations in Brazil sure as "heck" does not collect intelligence to aid Canadian businesses, says its former head, who is calling for greater government oversight to assure Canadians that its work is not violating their civil liberties

India believes in complete freedom of cyber space: Kapil Sibal (Live Mint) The site of the impact of a cyber crime should determine jurisdiction, says information technology minister Kapil Sibal

Mikko Hypponen: "You should not be worried about PRISM. You should be outraged" (Graham Cluley) Mikko Hypponen is one of the best known names in the anti-virus industry. In this article he argues that there is a danger that we are accepting blanket and wholesale surveillance from one country onto the rest of the world

NSA collects millions of e–mail address books globally (Washington Post) The National Security Agency is harvesting hundreds of millions of contact lists from personal e-mail and instant messaging accounts around the world, many of them belonging to Americans, according to senior intelligence officials and top-secret documents

Snowden: Americans, NSA hits YOU in the WALLET — have I got your attention now? (Register) Whistleblower says spooks slurp email, IM contact lists from world+dog. The National Security Agency is hurting the US economy with its "dragnet" surveillance, says uber-leaker Edward Snowden

N.S.A. Director Gives Firm And Broad Defense Of Surveillance Efforts (Huffington Post) The director of the National Security Agency, Gen. Keith B. Alexander, said in an interview that to prevent terrorist attacks he saw no effective alternative to the N.S.A.'s bulk collection of telephone and other electronic metadata from Americans. But he acknowledged that his agency now faced an entirely new reality, and the possibility of Congressional restrictions, after revelations about its operations at home and abroad

It's risky business for companies that don't arm themselves against cyber threats (Washington Post) For the past couple of years, Gen. Keith Alexander, the head of both the National Security Agency (NSA) and the U.S. Cyber Command, has been outspoken in warning that private-sector computer networks, upon which the U.S. economy depends, are vulnerable to intrusion. Gen. Alexander stated repeatedly that such attacks -- attempts at espionage, intellectual property theft or sabotage -- should be met with stronger defenses that would require the sophisticated tools of the government. He argued this case before Congress, which considered legislation that would have eased the way for closer cooperation between the government and the private sector. The legislation made sense, but Congress failed to reach agreement on a bill in the last session

NSA Hack Attacks: Good Value For Money? (InformationWeek) Do the National Security Agency's online espionage capabilities provide good value for money? Recent reports have disclosed that the NSA uses a fleet of high-latency -- codenamed "Quantum" -- servers to redirect targeted systems to another fleet of servers, codenamed "FoxAcid," that launch tailored drive-by attacks. The agency's malware reportedly targets a range of vulnerabilities, from publicly known flaws to zero-day bugs that only the NSA possesses

NSA Claims It Doesn't Do Online Attacks; That's A Different Organization…Run By The NSA (TechDirt) There are times you just shake your head and wonder who the NSA top officials think they're kidding with their statements. Take, for example, some recent comments from the NSA's number two guy in charge, Chris Inglis, the Deputy Director, who gave an interview to the BBC where he tried to paint the NSA as not being quite as bad as everyone says, but admitted that there could be more transparency. That's all the usual stuff, but the following tidbit caught my eye

Government surveillance encounters growing backlash (Tulsa World) From Silicon Valley to the South Pacific, counterattacks to revelations of widespread National Security Agency surveillance are taking shape, from a surge of new encrypted email programs to technology that sprinkles the Internet with red flag terms to confuse would-be snoops

BitTorrent Bashes NSA In Stunning Billboard Campaign (HackRead) If you live in New York or San Francisco, you will know the importance of its billboards and strange messages mentioned on them. Last week the popular internet protocol BitTorrent used the billboards to bash the United State's National Security Agency (NSA) for spying over people all over the globe. An important point is that BitTorrent did not reveled its identity until last Tuesday when its name was

A Necessary Evil: What It Takes For Democracy to Survive Surveillance (Wired) Where exactly is the maximum tolerable level of surveillance, beyond which it becomes oppressive? That happens when surveillance interferes with the functioning of democracy: when whistleblowers (such as Snowden) are likely to be caught

US cities increasingly ignoring privacy, gobbling up data on residents (Naked Security) Federal money earmarked to thwart terrorist attacks in the US is instead getting funneled into increasingly pervasive surveillance of citizens, the New York Times reports

Cybercom Activates National Mission Force Headquarters (DoDLive) Army Gen. Keith B. Alexander, Cybercom's commander, says the U.S. Cyber Command has activated the headquarters for its Cyber National Mission Force, the one of its three forces that would react to a cyber attack on the nation

Products, Services, and Solutions

Lavabit back online to allow personal data downloads (ZDNet) After shutting down while the US government demanded it hand its SSL keys over, Lavabit is back online to allow users to retrieve their data

Twitter Makes Itself More Powerful by Making Private Messaging Simpler (Fast Company) Twitter has changed how you can receive direct messages so that users don't have to be "following" each other to exchange the private communications. The new system is opt-in only, which allows users to preserve the privacy and quiet state of their direct messages feed if they prefer

Analyzing APK files inside an online Android application sandbox (Help Net Security) Anubis is an online project developed by International Secure Systems Lab, which focuses on analyzing of binaries for different type of systems. The online sandbox was first providing capabilities of

Real–time operational risk and compliance monitoring (Help Net Security) Corvil announced a real-time general purpose risk and compliance monitoring solution for all kinds of electronic trading businesses. The solution monitors and captures all information as it is

CipherCloud delivers searchable strong encryption (Help Net Security) CipherCloud has delivered techniques to improve the searchability, usability and security of cloud data protected with AES 256-bit encryption. The solution also enables organisations to comply

Bitdefender TrafficLight for Firefox 0.2.10 (PC Advisor) Bitdefender TrafficLight is a free browser extension which can help to protect you from a range of web threats

Facebook Unfriends Another Privacy Setting (InformationWeek) Facebook will eliminate the setting that keeps you unsearchable. Here's how to make sure the wrong people can't see your private posts

Yara rules for leaked KINS toolkit (Help Net Security) Just a few days ago, the source code of the famous KINS banking Trojan was leaked. KINS aims to infect as much computers as possible in order to steal credit cards, bank account credentials and related information from victims. Seen as a replacement to Citadel, it was identified in the wild not long ago. Now, this leak can lead to new variants and malware families

New approach for real–time security incident response (Help Net Security) NetCitadel announced a new analytics-driven, context aware approach for protecting enterprise networks from increasingly sophisticated security attacks and APTs

Technologies, Techniques, and Standards

Big Data Detectives (Dark Reading) Could big data be the key to identifying sophisticated threats? Security experts are on the case. For Vigilant, it started in 2009. And as with most companies, it started small. The security services startup, now part of audit and consulting firm Deloitte, wanted a way to bring information about external threats to clients that were using SIEM (security information and event management) systems to monitor their own environments. The Vigilant team knew that the combination of external threat data with internal security event data could be a powerful way to improve enterprise defenses, but crunching all that data would be a monumental task

NSA: Can it find signals over noise? (ZDNet) Strip away the politics and privacy debate and the NSA's penchant for hoarding data is a major big data problem

Rejiggering IT Security Budgets For Better Perimeter And Systems Control (Dark Reading) Put the 'boring' blocking and tackling tools before shiny new expenses. As is the case in any other business, IT security leaders must contend with finite resources and as a result they must depend on smart decisions about where to target their budget to ensure they leave as few gaps as possible. The only problem, one which security folk have dealt with for years, is that they tend to be seduced by the latest innovation over the fundamental management tools necessary to implement enough control over network and system infrastructure to properly manage their risks

Do You Have The Right Balance Of On–Premise And Cloud–based Technology For Cyber Security? (Forbes) While cyber-security technology may be one of the hottest areas in technology in terms of investment, it is also the most interesting. Right now we are living in an age in which the world is being run by a massive amount of technology that wasn't created to exist safely in a networked world. In addition, the rise of mobile devices and the Internet of Things has radically extended the data center and increased the need for cyber-security technology

A five–pillar survival guide for an insecure cyber world (CSO) Edward Snowden's action demonstrated that an ordinary insider with a U.S. security clearance can intercept and distribute highly confidential information, even in an age of complex technology designed to prevent such action. What further risks are there? Here are five pillars to consider in rethinking your approach to data security in a cyber-environment in which both values and risks increase daily

Security–Enhanced Android: NSA Edition (Bloomberg) Tech giants listed as part of the National Security Agency's Prism spying program have gone to some lengths to convince the world they aren't in bed with the U.S. government. Google has filed a request with the U.S. Foreign Intelligence Surveillance Act court asking permission to disclose more information about the government's data requests. So there's a certain irony that NSA programmers are now refining code that Google has approved for the company's mobile operating system, Android. Google spokeswoman Gina Scigliano confirms that the company has already inserted some of the NSA's programming in Android OS. "All Android code and contributors are publicly available for review at source.android.com," Scigliano says, declining to comment further

Stop, thief! Five new tricks used by cybercriminals — and how to stay safe… (We Live Security) Most of us are pretty web-savvy: when an email arrives saying we need to enter our bank details, we think, "Oh, please!" — and don't click. But cybercriminals don't rest — and new techniques can sometimes fool even veteran PC users

Two telemetry projects should mean better testing and fewer false alarms (Naked Security) Two major cross-industry telemetry projects were presented at last week's Virus Bulletin conference in Berlin. The first is designed to up the standard of anti-malware testing, which in turn encourages better products, and the second aims to help reduce the chances of products mis-identifying clean

5 steps to survive a Meaningful Use audit (FierceHealthIT) Although the government will hit only a small percent of the nation's providers with a Meaningful Use attestation audit, the stakes are high: Any single attestation misstep could be grounds for loss of the full incentive payment

Marketplace

BlackBerry Reassures Customers in Open Letter: 'You Can Continue to Count on Us' (ABC News) BlackBerry has had a heck of a few weeks. It has reported a $1 billion quarterly loss, that 40 percent of its workforce will be laid off before the end of the year and its much anticipated BBM app for iPhone and Android was delayed. On top of that, there have been reports that Apple and Motorola have been snatching up its best employees and engineers and that two of the BlackBerry founders are looking to buy the company back

Northrop Grumman to Hackers: Can You Crack Me Now? (Daily Finance) Earlier this year, Chinese spies allegedly hacked Lockheed Martin's F-35 program, along with more than two dozen weapons systems. Further, last October the Defense Science Board found that the Department of Defense, and its contractors, had sustained "staggering losses," allowing adversaries to develop countermeasures to America's advanced weapons systems

Does Trend Micro Have 20/20 Vision of the Future? (PC Magazine) With great technology comes great power. Of course this also means it comes with greater threats from cybercriminals. To raise awareness of the need for cyber security and warn against increased dependence on technology, security software company Trend Micro released a new web series entitled "2020"

Lockheed, LifeJourney strike partnership to bolster Cyber and STEM awareness (Baltimore Business Journal) Lockheed Martin has struck a partnership with a Baltimore-based company that works to foster interest among area high school students in careers in science, technology, engineering and math (STEM)

Michael Baker Corporation and Integrated Mission Solutions, LLC Announce Successful Completion of Merger; IMS to Change Name to Michael Baker International, LLC (Wall Street Journal) Michael Baker Corporation ("Baker") (NYSE MKT:BKR) and Integrated Mission Solutions, LLC ("IMS"), an affiliate of DC Capital Partners, LLC, today announced the successful consummation of the previously announced merger of IMS's wholly owned subsidiary, CDL Acquisition Co. Inc. ("Merger Sub"), with and into Baker. In connection with the merger, IMS is changing its name to Michael Baker International, LLC ("Michael Baker International")

Draft RFP Details $6B Defense, Intell Community IT Program (GovConWire) The office responsible for the Defense Intelligence Agency's contracting functions has released a draft request for proposals for a potential five-year, $6 billion contract covering information technology services for defense and intelligence agencies

Cyber warrior shortage hits anti–hacker fightback (Reuters) For the governments and corporations facing increasing computer attacks, the biggest challenge is finding the right cyber warriors to fight back

Cyber security: Hire ethical hackers, treat them like special forces, says S Ramadorai, TCS (Econmic Times) S Ramadorai, vice-chairman of TCS and chairman of the National Skill Development Agency, says the private sector must play a crucial role in enhancing cybersecurity capabilities. The IT veteran calls for hiring and training young, talented people to handle cyber attack units. Edited excerpts from an interview with ET

Research and Development

Army, Universities, Industry Form Cyber Research Consortium (ExecutiveGov) The U.S. Army Research Laboratory has formed an alliance with the private and academic sectors with the goal of preventing cyber attacks on military computer networks

Mandiant Corp. to participate in DARPA initiative to secure military computers without passwords (Military Aerospace Electronics) U.S. military researchers are looking to cyber security experts at Mandiant Corp. in Arlington, Va., to develop software approaches for securing military computers with advanced biometrics rather than user passwords in ways that focus on the unique aspects of the individual

Security Patches, Mitigations, and Software Updates

D-Link to padlock router backdoor by Halloween (ComputerWorld) D-Link will address by the end of October a security issue in some of its routers that could allow attackers to change the device settings without requiring a username and password

Cyber Attacks, Threats, and Vulnerabilities

Cybercriminals Use Egobot Trojan to Target South Korea–Related Organizations (Softpedia) Symantec researchers have been monitoring a cyber-espionage campaign aimed mainly at South Korean organizations and executives doing business with South Korea. According to experts, the attackers target financial and investment companies, infrastructure and development organizations, defense contractors and government agencies. The targets are located all around the world, including in Korea, Australia, Brazil and the United States

'Thousands' of North Korea Cyber Attacks on South: Ministry Data (SecurityWeek) North Korea has staged thousands of cyber attacks against the South in recent years, causing financial losses of around $805 million, a Seoul lawmaker said Tuesday citing government data. "A lot of data related to our national infrastructure, including chemical storage facilities and information relating to personal financial dealings have been stolen," ruling party MP Chung Hee-Soo said

BSNL Telecom India Domain Hacked and Defaced by P4K-M4D-HUNT3R-Z (HackRead) A Pakistani hacker going with the handle of Ch3rn0by1 from P4K-M4D-HUNT3R-Z has hacked and defaced the official domain of India's Bharat Sanchar Nigam Limited (BSNL) Telecom yesterday. The defaced domain belongs to BSNL's Regional Telecom Training Centre (RTTC), Ahmedabad which was left with a deface page along with a message, bashing the site admin for poor security. The deface message was expressed

Iranian Hacker Hacks Israeli Job Portal, Leaks 3349 Login Accounts of Israeli Users (HackRead) An Iranian hacker going with the handle of Dr.3v1l from Black_Devils B0ys hacking group has breached to an Israeli based job search portal, as a result login account information of over 3349 Israeli citizens have been leaked and dumped online. Dr.3v1l contacted me on Twitter regarding his latest hack with a Pastebin link that shows login accounts of over 3000 site users. The link also shows a message

Greek Foreign Ministry Admits Anonymous Hacked Email Systems (Softpedia) On Monday, Greece's Ministry of Foreign Affairs admitted that Anonymous hackers breached its email systems

Union of Turkish Public Enterprises Hacked by RedHack (Softpedia) Hackers of the RedHack group have breached and defaced the official website of the Union of Turkish Public Enterprises. This is just the latest in a long series of attacks launched by the hacktivist collective against the Turkish government

Germany's Pirate Party Hit by Another DDOS Attack (Softpedia) The website of Germany's Pirate Party, an organization that militates for the freedom of the Internet, has been disrupted once again due to a distributed denial-of-service (DDOS) attack

GitHub Down Due to DDOS Attack (Softpedia) GitHub is once again unavailable due to a distributed denial-of-service (DDOS) attack. Both GitHub.com and Gist are impacted. "We have confirmed GitHub.com and Gist are both undergoing a large DDoS attack and are working to mitigate the attack," reads a message posted moments ago on GitHub's status page

Hacked off: What happened when the Syrian Electronic Army attempted a cyber attack on The Independent? (The Independent) Last week The Independent was victim of a cyber-attack by the Syrian Electronic Army. Luckily, our defence was strong. But what did they want from us anyway

The Long Shadow Of Saudi Aramco (Dark Reading) New threats, realities of targeted attacks forcing oil and gas companies to rethink and drill down on security. There's a mindset shift slowly permeating the oil and gas industry that it's no longer immune to hackers

WhatsApp crypto snafu drops trou on users' privates (Register) 'Very basic error' leaves messaging app open to snoopers. Mobile messaging service WhatsApp came for criticism over the robustness of its cryptography last week after a fix for a January security snafu was slammed for not being robust enough

Cyber private investigator in Wichita: No one has secrets anymore (Wichita Eagle) Emery Goad, a private investigator and one of the possible victims of the cyberhacking attack on Wichita's City Hall this week, was shredding paper containing his private information on Thursday

Now the Chinese Are Hacking Us Through Our Limos (Foreign Policy) Kevin Mandia, CEO of the cybersecurity company Mandiant, takes a lot of limo rides. Normally, his limo company emails him PDF copies of his invoices after every trip. Recently, though, something changed

SA banks in massive data breach (Mail & Guardian) A variant of malware called Dexter has cost local banks tens of millions of rand in one of the worst breaches of customer card data in SA history

Spamvertised T–Mobile "Picture ID Type:MMS" themed emails lead to malware (Webroot Threat Blog) The cybercriminals behind last week's profiled fake T-Mobile themed email campaign have resumed operations, and have just spamvertised another round of tens of thousands of malicious emails impersonating the company, in order to trick its customers into executing the malicious attachment, which in this case is once again supposedly a legitimate MMS notification message

Attackers in Asia compromise data for nearly 150k in California (SC Magazine) Hackers said to be located overseas may have compromised the personal data of tens of thousands of California residents in a computer attack that dates back to March. Among the sensitive information that may have been accessed are the names, addresses, dates of birth and Social Security numbers of 144,493 Monterey County residents

Thousands of Sites Hacked Via vBulletin Hole (Krebs on Security) Attackers appear to have compromised tens of thousands of Web sites using a security weakness in sites powered by the forum software vBulletin, security experts warn

D–Link router flaw lets anyone login using "Joel's Backdoor" (Naked Security) Members of the embedded systems hacker collective /dev/ttys0 spend their time playing around with devices like home routers and set-top boxes

Android Scareware Delivered via Advertising SDK (Softpedia) Security researchers warn that the Android advertising SDK from InMobi is leveraged by cybercriminals to distribute a piece of scareware. Bitdefender experts have uncovered several legitimate applications that include the advertising SDK in question, including an older version of the Brightest Flashlight Free app hosted on Google Play

CryptoLocker: The Ransomware There's No Coming Back From (InfoSecurity Magazine) A ransomware threat known as CryptoLocker is making the rounds, scrambling files in the process. And once it's triggered, there is no way to recover them

Flaw In Chrome May Leave Users' Personal Information At Risk (Dark Reading) Vulnerability in Chrome browser could enable attackers to collect data from history files, Identity Finder says. Security flaws in Google Chrome could enable attackers to capture personal data stored in the browser's history files, researchers said Friday. In a blog posted last week, researchers at security firm Identity Finder outlined methods for accessing personal data from Chrome's History Provider Cache, even if the data has been entered on a secure website. Some data also may be accessible through Chrome's Web Data and History databases, the researchers say

'Paunch' Arrest Puts Blackhole Hackers on Data Diet (TechNewsWorld) While Paunch will be out of circulation for awhile, the arms bazaar where he sold his wares will continue to operate. "Americans must be cognizant that there is a organized community of cyberweapons merchants who have developed and sold capabilities which bypass traditional cyberdefenses," said Tom Kellermann, vice president of cyber security for Trend Micro

Captain, Where Is Your Ship — Compromising Vessel Tracking Systems (Trend Labs Security Intelligence Blog) In recent years, automated identification systems (AIS) have been introduced to enhance ship tracking and provide extra safety to marine traffic, on top of conventional radar installations. AIS is currently mandatory for all passenger ships and commercial (non-fishing) ships over 300 metric tons. It works by acquiring GPS coordinates and exchanging vessel's position, course and information with nearby ships, offshore installations, i.e. harbors and traffic control stations, and Internet tracking and visualization providers

Hacking GPS On Columbus Day (Kaspersky Lab Daily) In 1492, under a charter from the monarchs of Spain, an Italian man named Christopher Columbus severely underestimated the Earth's circumference, sailing three ships into what he would reportedly die believing was the East Indies, but which was in actuality an Archipelago thousands of miles away, now known as the Bahamas

The many security problems of ATMs (Help Net Security) As much as they are useful, ATMs are also very vulnerable to tampering and attacks from individuals looking for money. eWeek reports that at the SecTor security conference held this week in Toronto, Canada, Trustwave senior consultant John Hoopes provided insight into the attacks that are frequently executed against Point of Sale (POS) systems and ATMs, and the things defenders can do to prevent them

Internet sites "fingerprint" users by secretly collecting browser info (Help Net Security) A group of European researchers have released the results of their research into just how many of the most visited Internet websites track users without their knowledge with the help of "device fingerprints"

Device tracking by web sites can be a good thing (ZDNet) Yes, many web sites try to keep track of the physical devices from which you connect to them. This could be nefarious, but much more likely the site has very good security reasons to do it

Microsoft "failed update" phish might well sound believable — watch out! (Naked Security) Occasionally we find an attempt at phishing that we grudgingly have to admit shows a resourceful sense of occasion. Here's an example: an email supposedly from Microsoft to sort out the after-effects of recent failed updates

How secure is encrypted credit card data, really? (CSO) Adobe revealed last week that it was the victim of a sophisticated hack that exposed product source code, and sensitive data on about three million customers to attackers

Do Smartphone Sensors Present Security Risk? (InformationWeek) Variations in how different smartphone accelerometers record data raise concerns that advertisers, intelligence agencies or others could use this information to identify individual devices

Public WiFi Hotspots Ripe for MITM Attacks (InfoSecurity Magazine) Ah, the public hotspot: oases of connectivity in airports, coffee shops, bookstores, town centers and at chains that range from Starbucks to Barnes & Noble to McDonalds

Malware Authorized with Digital Certificate Witness Huge Proliferation; McAfee (Spamfighter News) Experts from McAfee the security company state that malware accompanied with digital authorization is rapidly spreading as it's made to cleverly counteract sandboxing as well as white-listing defense systems

Academia

Lockheed, Tech Council of Maryland host Cyber Security Awareness Day (Washington Business Journal) Lockheed Martin teamed up with the Tech Council of Maryland and the National Cyber Security Alliance to promote cybersecurity awareness amongst high school students, the defense giant announced Friday

The Cybersecurity Pipeline (InfoSecurity Magazine) When it comes to educating the current and future information security workforce, the (ISC)² US Government Advisory Board Executive Writers Bureau asks: Where are universities in the flow

Litigation, Investigation, and Enforcement

Feds Demand Supreme Court Thwart Challenge to NSA Phone Spying (Wired) The President Barack Obama administration is urging the Supreme Court to reject a challenge to the National Security Agency's once-secret telephone metadata spying program

Effort underway to declassify document that is legal foundation for NSA phone program (Washington Post) In the recent stream of disclosures about National Security Agency surveillance programs, one document, sources say, has been conspicuously absent: the original -- and still classified -- judicial interpretation that held that the bulk collection of Americans' data was lawful

Lawyers say NSA eavesdropping on U.S. citizen may have led to strike (Reuters) U.S. intelligence officials may have used National Security Agency data collected by eavesdropping on U.S. citizens or residents to target a Somali militant leader in a lethal missile strike, defence lawyers in a California terrorism-funding case said

Completely private email is not legal and shouldn't be (ZDNet) Lavabit, Edward Snowden's email provider back before he skipped town, is claiming in appeals court that it's immune from criminal subpoena. This is unreasonable and it's a good thing he will almost certainly lose

Secret U.S. surveillance court suspends Silicon Valley lawsuits until government shutdown ends (ZDNet) The secretive court suspends operations until the government ends its shutdown. A number of Silicon Valley tech companies are battling the court for data disclosure transparency

Defense ministry probes cyber command's alleged online smear campaign (Yonhap) South Korea's defense ministry said Tuesday it has launched an investigation into allegations that its Cyber Warfare Command posted online messages in favor of the ruling camp during last year's presidential campaign, shedding light on the secretive unit

Dutch Carriers Abused Data Retention Law for Marketing Purposes (CIO) While the law was widely violated, the companies were not punished

What We Learned From The First Jailhouse Interview With Alleged Silk Road Leader Ross Ulbricht (Forbes) Early Monday, San Francisco Magazine revealed that it had obtained the first interview with alleged Silk Road mastermind Ross Ulbricht since his arrest. Nearly two weeks ago, Ulbricht was arrested at the Glen Park branch of the San Francisco Public Library system, accused by federal prosecutors of narcotics trafficking, money laundering and hiring hitmen as the head of the $1.2 billion (sales) online drug bazaar, the Silk Road

Design and Innovation

NSF–Backed DC I–Corps Kicks Off First Cohort with 20 Federal Laboratory, University and Regional Inventors, Entrepreneur Teams (A. James Clark School of Engineering, University of Maryland) DC Innovation Corps (I-Corps), the new, National Science Foundation-backed program aimed at translating the region's vibrant research community into successful startups and licensed technologies, kicks off its first cohort this week at the George Washington University with 20 teams of inventors and current and aspiring entrepreneurs

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Hack-in-the-Box Security Conference 2013 (Kuala Lumpur, Malaysia, October 14 - 17, 2013) The 11th annual HITB Security Conference (16th/17th October) will be a triple track offering featuring keynotes by Andy Ellis, Chief Security Officer at Akamai and Joe Sullivan, Chief Security Officer at Facebook. This year's event also features all new 2-day training courses (14th/15th October) on a wide variety of topics including Android exploitation, extreme web hacking, infrastructure security, exploiting injection flaws and a special iOS security course by the world famous Evad3rs team. The full speaker list and conference agenda will be released after the Call for Papers closes on the 25th of July.

USDA Cyber Security Symposium and Expo 2013 (Washington, DC, USA, October 15, 2013) The Cybersecurity Expo, running in conjunction with the Summit, will allow exhibitors the opportunity to provide live demos and share information with government personnel and industry partners. Summit topics will focus on today's vulnerabilities, incidents, security lifecycle, risks and mitigations; it will also identify ways to work together and build a solid security foundation program to meet future challenges and trends in cyber security..

SNW Fall 2013 (Long Beach, California, USA, October 15 - 17, 2013) SNW is the world's largest independently produced conference series focused on the evolution of architecture for a new world of mobility, Big Data and business agility. Produced by Computerworld -- and co-owned by Computerworld and the Storage Networking Industry Association (SNIA) -- SNW remains unbiased and vendor agnostic. Unlike events focused on a specific vendor agenda and product portfolio, SNW provides a forum of open thought leadership and practical education that defines the spectrum of storage, data and infrastructure solutions available to a highly qualified audience of enterprise technology decision-makers.

Hexis Exchange (Athens, Greece, October 16 - 17, 2013) Attendees will have the opportunity to participate in a knowledge exchange of the latest enterprise security topics through expert led business and technology forums, hands-on sessions, and training. Such topics will include: emerging cybersecurity threats, big data management, advanced analytics, government regulation & compliance, and data retention challenges & solutions.

Cybersecurity Symposium: "Protect. Defend. Educate." (Linthicum, Maryland, USA, October 16 - 17, 2013) The Cybersecurity Symposium being held October 16-17, 2013, will deliver first-class training for government and industry security professionals while simultaneously offering high-level keynote speakers, essential networking opportunities, and an informative technology exposition. The Symposium sessions will have a special emphasis on security challenges facing today's security professionals and cyber awareness training for security professionals responsible for protecting sensitive and classified information from the ever increasing threats of mobile devices, espionage, terrorism, and cyber-attacks to ensure our national security. Register by August 31 to ensure the reduced early bird registration fee. This event is free for government employees and active-duty military personnel. Exhibit space and sponsorship opportunities are also available.

NSU Healthcare Cyber Security Summit (Fort Lauderdale, Florida, USA, October 17, 2013) In today's modern healthcare systems, data is everywhere, including sensitive patient data that needs to be secured and monitored. Join top healthcare security professionals from Nova Southeastern University, AccessData, and RSA to hear about current regulations that affect healthcare companies of all sizes, ways to protect sensitive data, and learn techniques to monitor access for suspicious activity. If you are responsible for the privacy or security of your company's healthcare data, you will benefit from presentations from these leading experts in the field. NSU's Chief Information Security and HIPAA Security Officer, John Christly, will examine the threats to the privacy and security of todays' modern healthcare operations. You will also hear from experts from AccessData and RSA on how to detect and prevent data breaches. RSVP at the link.

Nuclear Regulatory Commission Cyber Security Conference & Expo (Rockville, Maryland, USA, October 17, 2013) This one-day conference will consist of cyber sessions in the NRC Auditorium given by government and industry speakers. Exhibit tables will be set-up just outside the Auditorium and companies will have the opportunity to demo their latest technologies to NRC's IT personnel.

Securing the Internet of Things Summit (San Francisco, California, USA, October 21, 2013) The Internet of Things is still in its infancy and the security community has a chance to build in new approaches to security if we get started now. More secure embedded operating systems and applications, more scalable approaches to continuous monitoring and threat mitigation and new ways of detecting and blocking active threats are evolving and can be tremendously effective. SANS is looking to bring together community talent and ideas to develop new solutions, demonstrate security technology that already works and to provide a force multiplier to making the Internet of Things be more secure than the first phases of Internet evolution.

13th Industrial Control Systems Cyber Security Conference (Atlanta, Georgia, USA, October 21 - 22, 2013) Industrial Control Systems (ICS) operate the infrastructures of electric power, water, chemicals, manufacturing, transportation, defense, etc. and link the digital and physical worlds. Their cyber security presents challenges that are distinct from securing traditional IT systems. The conference is attended by control & operations engineers and their IT counterparts from critical infrastructure industries, by ICS and security vendors, and by universities. Run under the Chatham House rules of confidentiality, the conference discusses ICS cyber incident case studies, provides regulatory updates, discusses solutions in the form of policies and procedures, presents demonstrations of hacking ICS and ICS protocols, and provides a status of ICS security solution field demonstrations.

Cloud Connect (Chicago, Illinois, USA, October 21 - 23, 2013) Cloud Connect returns to Chicago October 21-23, 2013 with an all new program built around the leading cloud platforms. Cloud Connect provides the independent guidance IT professionals need to successfully build, operate and manage the cloud, and the tools to measure application performance and business metrics.

cybergmut Technical Tuesday: Cyber Security Strategy — Why We're Losing and What's Needed to Win (Columbia, Maryland, USA, October 22, 2013) CrowdStrike's Steve Chabinsky of CrowdStrike explains the situation. Everybody seems to be spending more on cybersecurity, but with questionable return on investment. In fact, the problem clearly is getting worse, and current strategies show no indication of reversing that trend. This non-technical presentation explores the typical cyber risk environment, considers the proper balance and likely effectiveness of threat deterrence, vulnerability mitigation, and consequence management to reduce cyber risk, and examines the current and evolving roles of government agencies and the private sector in addressing the problem. Backed by powerful, real-world examples of threat actor tactics, this presentation will help managers develop a better understanding of how their current security approach is most likely to succeed or fail over time, and what strategies are the most likely to shift the advantage to the good guys. cybergamut is co-hosting this event with the Maryland Chapter of InfraGard.

Cyber Security Seminar and IT Expo at Peterson AFB (Colorado Springs, Colorado, USA, October 22, 2013) The Cyber Security Seminar and IT Expo is a one-day event held on-site where industry vendors will have the opportunity to display their products to personnel attending briefings concerning the latest updates in Cyber Security Awareness. This is an excellent and unique opportunity to meet IT personnel from USNORTHCOM, NORAD, Army Space Command, USSPACECOM, and the 21st Space Wing all in one day.

Hack.lu 2013 (Luxembourg, October 22 - 24, 2013) Hack.lu is an open convention/conference where people can discuss about computer security, privacy, information technology and its cultural/technical implication on society.

Joint Federal Cyber Summit 2013 (Washington, DC, USA, October 23 - 24, 2013) This collaborative government wide event is truly one of a kind, with speakers and attendees anticipated to represent more than 10 federal government agencies. Information sharing will be accomplished through keynote speakers on both days, along with numerous targeted breakout sessions (including a session with a federal CISSO panel), hands on live demonstrations, and industry exhibits.

NSU's 12 Simple Cybersecurity Rules For Your Small Business (Fort Lauderdale, Florida, USA, October 24, 2013) In this presentation twelve simple and inexpensive techniques for protecting small businesses from cyber threats will be discussed. While complex and expensive solutions exist to improve the security of information technology most of these products are not designed for the specific needs of small businesses. The techniques that will be discussed in the presentation are designed to address the most common threats encountered by small businesses without requiring significant expertise and expense. RSVP at the link.

BREAKPOINT 2013 (Melbourne, Australia, October 24 - 25, 2013) Over two days, 14 world-renowned speakers front Breakpoint to share their knowledge on a full range of security issues, from unpublished research to the latest trends in information security.

Ruxcon (Melbourne, Australia, October 26 - 27, 2013) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts.

2013 ACT–IAC Executive Leadership Conference (Williamsburg, Virginia, USA, October 27 - 29, 2013) Advances in technology and massive increases in data available can both challenge and transform Government mission performance. ELC-2013 focuses on how to make this transformation a reality, in and for agencies. We will hear from nationally prominent speakers and work across government and industry to learn new ideas and techniques. Four mission-oriented tracks will focus on initiatives for driving results using data and the "Innovate, Deliver, Protect and Analyze" paradigm that is at the heart of the Government's strategic vision.

FIRST Energy Symposium (Leesburg, Virginia, USA, October 28 - 29, 2013) Recent reports have shown that the Energy Sector has seen a large increase in the reported number of cyber attacks. The need to protect against threats and improve upon incident management has never been greater. Many control systems are already networked and are target of sophisticated attacks. Organizations will benefit from having a specialized team to work on detection and handling of cyber attacks, analyzing incidents and sharing information with other security organizations. The FIRST Symposium will focus on lessons learned from attacks and technology and sector specific security aspects. Strong emphasis will be given to organizational issues like creation and operation of incident response teams.

SAP NS2: National Security Solutions Summit (Falls Church, Virginia, USA, October 29, 2013) Join us for a day of learning and networking focused on how to advance U.S. national security and homeland security through I.T. innovation. Top-notch speakers will address the new challenges facing U.S. national security and critical infrastructure -- as well as powerful, affordable technologies that are available today to tackle those challenges while saving money and simplifying operations. Learn how your organization can run faster, smarter, leaner in the most secure environments -- with world-class, breakthrough solutions that are bold alternatives to business as usual.

RSA Conference Europe (Amsterdam, the Netherlands, October 29 - 31, 2013) Information security today isn't optional. It's business-critical. Over three days, RSA® Conference Europe 2013 imparts the must-know actions to manage growing cyber threats. With over 60 sessions spanning 10 hours, attend the educational and networking event that builds your knowledge and furthers your career.

Regional Cyber Security Forum & IT Day (CSFI) — Hawaii (Honolulu, Hawai'i, USA, October 30, 2013) 2013 marks the 10th anniversary of National Cyber Security Awareness Month and FBC will host the 1st Annual Cyber Security Forum & IT Day (CSFI) at Fort Shafter - Club Hale Ikena to coinside with the anniversary, and activities surrounding this month. The goal of CSFI is to raise cyber security awareness, and to promote best practices in cyber while allowing DoD personnel and industry partners the opportunity to share the most up to date remediation strategies. The event will feature four educational cyber sessions to go along with an exhibit hall..

NSA Hawaii — Cyber Security, Intelligence & IT Day (Honolulu, Hawai'i, USA, October 30, 2013) Be a part of the 1st Annual Cyber Security, Intelligence and IT Day set to take place at the new National Security Agency (NSA) Hawaii Rochefort facility. The event will be hosted by NS/CCS Hawaii Technology Directorate and will focus on Cyber Security, Big Data and Cloud Computing. There are other areas of interest listed below as well. This is an extremely unique opportunity to network with NSA personnel in Hawaii at their location. Educational sessions will be provided to attendees to coincide with government and industry exhibits.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.