The CyberWire Daily Briefing for 4.1.2013
Last week's distributed denial-of-service attack against Spamhaus has largely subsided. As large as the attack was, most Internet users found their experience little affected. A Guardian op-ed sniffs that the whole episode was a put-up job "spun by shoddy journalism," but this is surely wrong. Some coverage was unduly breathless, but the attack was significant for at least three reasons beyond its sheer size: 1) it exposed the extent to which DNS servers were unsecured, 2) it revealed deeper vulnerabilities in DNS, and 3) it suggested the difficulties legal systems encounter when faced with transnational exploits. (The market for DDoS defenses will also grow—IDC already forecasts 18.2% compound annual growth through 2017.)
A Rapid7 researcher finds vulnerabilities in Amazon Simple Storage Service (S3) buckets, due apparently to customer service misconfiguration. iMessage prank texts show the service's vulnerability to DDoS-like disruption. Islamist groups (al Qaeda Electronic Army and Hamas' Izz ad-Din al-Qassam Cyber Fighters, respectively) disrupt First National Bank Texas and American Express. An Indian hacker defaces a Pakistani election site.
Anonymous interposes itself into Korean tensions with attacks on North Korean websites. Attribution of the "cyber rampage" South Korea recently endured remains unclear, but Symantec believes the evidence points to centrally directed "hired guns," not hacktivists.
Sino-American tensions rise as US strictures against Chinese hardware begin to bite. The Chinese government also disputes British accusations of cyber espionage.
The Saudi government warns of "suitable measures" against services like Skype, What'sApp, and Viber if they don't comply with censorship laws.
Notes.
Today's issue includes events affecting Australia, China, India, Japan, Republic of Korea, People's Democratic Republic of Korea, Pakistan, Palestinian Territories, Russia, Saudi Arabia, Taiwan, Tunisia, Turkey, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
DDoS Attack Doesn't Spell Internet Doom: 7 Facts (InformationWeek) Despite a record-setting DDoS attack against anti-spam group Spamhaus, the Internet remains alive and well. Let's break down the key facts
Spamhaus DDoS Attacks: What Business Should Learn (InformationWeek) What should your company take away from this week's attacks? Lock down unsecured DNS repeaters being exploited by attackers and prep DDoS response plans
Biggest Cyber Attack in History. Cybersecurity Pioneer Narus Asks: 'Are You Safe?' (Technorati) It's funny how things work. Earlier this week I was interviewing the team at Narus. The company, an independent subsidiary of Boeing and more about digital, less about massive bodies of steel, is a pioneer in cybersecurity. Cybersecurity, the practices designed to protect networks, computers, programs and data from attack or damage. I was asking the company's president, John Trobough, "As a consumer, why should I care?" I mean, these big companies have money to throw at this kind of stuff, so I'm sure they've figured it out. Besides, what do I care if some chicken nugget-producing enterprise gets hacked? Or if some big bucks mobile company has a security breech when a clever employee outsources his work and watches cat videos instead? Some of those videos are pretty good. The very next day the world sustained what many touted as being the "biggest cyber attack in history"…On the whole, though, the global Internet as a whole was not impacted to the expected extent. You see, it's not necessarily a "massive," global cyber attack that we, as individuals should be concerned about. It's the potential smaller, personal ones. As a 2012 Norton Cybercrime report outlines, these consumer attacks are costing us
How a cyberwar was spun by shoddy journalism (Guardian) Journalistic scepticism was lacking when stories about a DDoS attack 'breaking' the internet surfaced. This is a real future risk. A veteran Reuters reporter related a piece of advice given by his editor: "It's not just what you print that makes you an authoritative and trusted source for news, but what you don't print." He wasn't talking about censorship, he was talking about what separates journalism from stenography and propaganda: sceptical scrutiny. The professionalism of the craft isn't simply learning to write or broadcast what other people tell you. Crucially it is the ability to delve, interrogate and challenge, and checking out stories you've discovered through your own curiosity, or robustly testing what other people tell you is true
Many Amazon S3 cloud storage users are exposing sensitive company secrets, claims report (Naked Security) Amazon S3 buckets full of holes. A security researcher tested a slew of (probably inappropriately misconfigured) storage buckets and found about one in six were open to the public, exposing content we think companies would probably have preferred remain private
Has Anyone Seen a Missing Scroll Bar? Phony Flash Update Redirects to Malware (Threatpost) Microsoft said it has received 70,000 reports this week of a new Trojan disguised as an Adobe Flash Player update that will change your browser's home page and redirect a Web session to an attacker's page
Phishing Campaign Using Military, Illicit Attachments (Threatpost) Look out for email attachments offering better sex tips and news about newly developed Chinese stealth frigates, because they are loaded with malware, according to a Securelist report written by Kaspersky Lab expert, Ben Godwood
Bitcoin Exchange Mt. Gox Targeted by Cyber Attack (Fox Business) Just as Bitcoin explodes beyond the $1 billion mark thanks to Europe's debt crisis, the emerging virtual currency was dealt a setback this week after a key exchange was hit by a powerful cyber attack that caused delays. Coupled with other recent technical glitches, this week's distributed denial of service (DDoS) attack against Bitcoin exchange Mt. Gox cuts into one of the electronic currency's greatest selling points: its relative safety compared with deposits in Cyprus
Cyber attack: ECP website brought down by Indian hacker (The Express Tribune) The cyber attack on ECP's website was a hot topic on Saturday. People on various internet forums complained about not being able to access the site. The attack came at a time when the traffic on the website had increased ahead of general elections, due
Flood of prank iMessage texts proves the app can be easily crashed (Ars Technica) The prank is analogous to a DDoS and underscores some problems with iMessage
Fake Link removal requests (Internet Storm Center) Over the last month we've had three requests to remove a particular link belonging to a specific security vendor. We're a nice enough bunch and if there's a good, honest reason to remove a link, we'll consider it. What make this interesting is that the requests weren't from the company or any of its staff and finally, the reason why the removal was requested. We did contacted the target company and let them know this was happening but as the third request has only just come in, it's worth bring to your attention. The emails looked like a reasonable, if somewhat odd, request as normally the more links back to your company's site, the better your ranking (a super simple explanation of search engines' ranking I know - but just go with it). As most web masters are super sensitive to Google rule changes, they may have automatically complied, thinking this was something new
Zero-Day Java Attacks Pose Risk for Businesses, Security Expert Says (Find the Edge) A cyber-security expert has emphasised the need for businesses to consider the effects a future cyber-attack on their system could have, in an article uploaded to Find the Edge today. Businesses will be vulnerable to viruses and other forms of cyber-attack if they fail to plan strategies to help minimise and respond to zero-day attacks on their systems, an IT expert has said. Adrian Spink, CEO at Company85, has used a new article on business website Find the Edge to explain why business leaders need to consider how exposed to these threats their organisations are
Anonymous declares war on North Korea, disables government websites (Examiner) An Anonymous hacktivist cell identified as Anonymous_Korea launched successful DDOS (distributed denial of service) attacks on multiple North Korean state websites on Saturday, March 30, only hours after the North Koreans issued an inflammatory statement declaring that they had entered into a "state of war" with South Korea
MTV Taiwan Hacked & Defaced, 500,000+ User Accounts Leaked by Turkish Ajan Hacker Group (HackRead) The members of Turkish Ajan Hacker Group Maxney & xXM3HM3TXx have hacked and defaced the official website of MTV (http://hello.mtv.com.tw) Taiwan; as a result 500,000 accounts of site's users have also been leaked online
First National Bank Texas Hacked, Social Security details leaked for #OpBlackSummer (CyberWarNews) Today the First National Bank Texas has been hit by hackers who have leaked credentials and other information online. The attacks come from Al Qaeda electronic army and the Tunisian cyber army aka @TN_cyberarmy who have released it in the name of #Opblacksummer which is an operation that they are currently undertaking
Hamas organization behind recent cyber-attacks on financial institutions (Examiner) The recent cyber-attacks against US financial institutions that began last year appears to be the work of the Izz ad-Din al-Qassam group, often shortened to "Al-Qassam Brigades", the military wing of the Palestinian Islamist political organization, Hamas, according to an analysis done yesterday by Sean Gallagher of Ars Technica, an online publication devoted to technology
Hired guns suspected in South Korean cyberattacks (CSO) The people behind both attacks were just doing their job because of the backdoor file's directory path, Symantec believes. The people behind this month's destructive cyberattacks against three banks and two broadcasters in South Korea were likely employees or hired guns of a single organization, a security vendor analyzing the attack code says
Who was behind South Korean cyber-attacks? (al Jazeera) Cyber-attacks on government sites and major financial institutions have become an annual event in recent years. Lately there's been a deluge of reports on the origins of the recent cyber-attack on major South Korean websites, and many agree that North Korea may have had a hand in it. In fact, there are few original analyses and even fewer of those that touch on certain aspects, that up until recently, have not been discussed in mainstream media
How destructive 'cyber rampages' can disable thousands of computers (Examiner) "This attack is as much a cyber-rampage as it is a cyber attack," said research director Rob Rachwald, a research director at computer security firm, FireEye. He was referring to last week's massive cyber attack that disabled 32,000 computers in South Korea. According to a March 30 article in SecurityWeek, the term "cyber rampage" was also used by Zheng Bu, senior director of security research at FireEye
Got Attitude? (Dark Reading) Attack Attitude: Does China really not care about attribution? Following up on my last blog post on the Comment Crew (or APT1, to quote a Mandiantism) attack and related coverage, I wanted to dig a little deeper into the comment crews observed attitude towards the documented attack activity and what we might learn from that about their operating environment and overall sentiment towards OPSEC and attribution when engaging in attack activity. In the United States, the general perception both in and outside of the security industry, is that China based threat actors simply don't care about attribution. Given the outwardly brazen appearance of the many attacks thought to have originated from China, you could certainly be forgiven for making this assumption. While not entirely incorrect, I firmly believe that what is actually going on – is far more deeply nuanced than we are currently giving the Chinese credit for
'Funded hacktivism' or cyber-terrorists, AmEx attackers have big bankroll (Ars Technica) "Cyber-fighters of Izz ad-Din al-Qassam" launch wave of attacks on US banks. The "cyber-fighters of Izz ad-Din al-Qassam" took American Express down for two hours yesterday afternoon. On March 28, American Express' website went offline for at least two hours during a distributed denial of service attack. A group calling itself "the cyber-fighters of Izz ad-Din al-Qassam" claimed responsibility for the attack, which began at about 3:00pm Eastern Time
Did Russian cybercrooks hack ABC [Australian Broadcasting Corporation] in 2011? (News.com.au) THE ABC is investigating claims that one of its websites was hacked by Russian cybercriminals in 2011. Information security analyst Patrick Gray first published the claim on his blog, risky.biz, saying cybercrooks obtained information from an ABC database, including an encrypted staff password, around October 2011
Cyber Trends
How to Survive the Year of the Hack (The Atlantic Wire) After three months of headlines from China to the White House and every geek haven in between, this week introduced the world to the cyber attack that may or may not be slowing down the entire Internet, followed by the digital assault on American Express. Yes, 2013 is already the year there were too many hacking incidents to keep track of, but "hacking" has also become a kind of catch-all for nefarious things done on a computer, and it's becoming increasingly difficult to tell apart global headline from personal headache. That kind of vagueness has left average Internet users wondering whether they could be exposed to the same threats as major companies and government systems -- and has demonized "hackers" like Aaron Swartz, Matthew Keys, and Weev, who face(d) felonies and jail time for low level computer crimes. With more than a few different kinds of "hacks" dominating the news in just the last couple of weeks alone, it's about time somebody defined the hacking headlines once and for all
Advanced Persistent Threats: Not-So-Advanced Methods After All (Dark Reading) Cybercriminals are taking a more systematic approach with their attack techniques, new IBM report finds. Cybercriminals behind heavily funded hacking operations are not necessarily using highly sophisticated malware to gain access to sensitive data or to spy on employees, according to a study released this week by IBM
The digital arms trade (The Economist) IT IS a type of software sometimes described as "absolute power" or "God". Small wonder its sales are growing. Packets of computer code, known as "exploits", allow hackers to infiltrate or even control computers running software in which a design flaw, called a "vulnerability", has been discovered. Criminal and, to a lesser extent, terror groups purchase exploits on more than two dozen illicit online forums or through at least a dozen clandestine brokers, says Venkatramana Subrahmanian, a University of Maryland expert in these black markets. He likens the transactions to "selling a gun to a criminal"
Cyber Threat to US Firms in China - US Chamber of Commerce Report (New Tang Dynasty Television) The survey is in line with a report by US security company Mandiant, who reported that more than 100 US firms have been targeted by Chinese hackers. Mandiant concludes that the attacks emanate from the Chinese army and are aimed at gathering trade
NSA Director: Information-Sharing Critical To U.S. Cybersecurity (Dark Reading) NSA Director and U.S. Cyber Command chief Gen. Keith Alexander discusses challenges to protecting U.S. interests in cyberspace. Information-sharing and visibility into the threat landscape are vital for the public and private sectors to defend cyberspace, National Security Agency Director Gen. Keith B. Alexander told an audience at The Georgia Tech Cyber Security Symposium yesterday
Marketplace
Sprint, Seeking OK on Merger, Agrees To Shun Huawei Gear (CIO Today) Although a House investigation concluded there were "credible reports" of Huawei's illegal behavior, there is no conclusive evidence that either Huawei or ZTE are installing telecom equipment with hidden codes to transmit information back to China. But with the recent back-and-forthing between the U.S. and China over cyber-security, the issue remains. Sprint and Softbank, the company planning to acquire the third-largest U.S. carrier, are committed to meeting national security concerns to make their merger a reality. The companies made it clear to Washington that they will no longer purchase or use equipment the Chinese telecom giant manufactures
Huawei Network Security Becomes Issue in Sprint Softbank Merger (eWeek) An agreement between U.S. law enforcement and wireless companies to drop Huawei from list of acceptable telecom vendors may look like paranoia, until you look a little deeper. To say that government officials in Washington are paranoid about Chinese spies would be incorrect. After all, as the saying goes, it's not paranoia if they really are out to get you. This is very much the situation in Washington, and it explains a lot about why a number of government agencies and members of Congress are insisting that Softbank and Sprint not use equipment from Chinese manufacturer Huawei when their merger goes through
U.S., China cyber battle intensifies (Politico) The United States and China appear locked in a cybersecurity war — of mostly words — that's beginning to escalate. Both the White House and Capitol Hill now explicitly criticize Beijing for failing to subdue the hackers and spies thought to reside within the country's borders. And there are real punishments on the horizon, as the U.S. government eyes trade penalties and other restrictions on China and its top technology firms
China 'resolutely opposes' U.S. curbs on IT imports: state media (Reuters) China expressed "resolute opposition" and "strong dissatisfaction" with a new U.S. cyber-espionage rule limiting imports of Chinese-made information technology products, state media reported on Saturday. The remarks underscore growing tension between the world's top two economies after the United States accused China of backing a string of hacking attacks on U.S. companies and government agencies
Cyber security solutions to grow by 18 percent in next five years: IDC (TelecomTiger) Given the increasing volumes and prevalence of cyber attack globally the worldwide market for DDoS prevention solutions (including products and services) will grow by a compound annual growth rate (CAGR) of 18.2% from 2012 through 2017 and reach
How to narrow the cyber talent gap (Federal Times) A recent flurry of reports underscores the cyber threats facing our nation, ranging from malicious hacking to state-sponsored cyber economic espionage and worse. In response, the president recently issued an executive order designed to protect our critical cyber infrastructure -- all those cyber-dependent things we take for granted, like our power grid, transportation system and water supply. It also briefly mentions what may be the most crucial element of our cyber infrastructure: human capital. That mention must now be translated into action
YarcData Selected by QinetiQ North America to Deliver Actionable Intelligence Through Graph Analytics (MarketWatch) uRiKA Big Data Appliance Enables Rapid Discovery Across Large Data Sets. YarcData, a Cray CRAY +3.29% company dedicated to providing "Big Data" graph-analytic solutions to enterprises, today announced a strategic partnership with QinetiQ North America (QNA), a leading defense solutions and advanced technology provider that delivers outstanding, cost-effective products and services to an international clientele of government and commercial customers. The partnership focuses on delivering the YarcData uRiKA Big Data appliance to QNA customers to improve the speed and effectiveness of discovering actionable intelligence through graph analytics
Products, Services, and Solutions
Eyelock And Stanley Security Solutions Partner To Commercialize Iris Biometrics (Dark Reading) Exclusive Partnership to Bring Secure Identity Authentication Solutions to the Enterprise Market in the U.S., Canada and Europe
Panda Refreshes Console With Management (Channelnomics) In a market increasingly overrun by new and legacy cloud players, Panda Security is attempting to give its partners a leg up as competitors close in
Password denied: when will Apple get serious about security? (The Verge) It's time for some real talk about how data is kept and accessed. Last Friday, The Verge revealed the existence of a dead-simple URL-based hack that allowed anyone to reset your Apple ID password with just your email address and date of birth. Apple quickly shut down the site and closed the security hole before bringing it back online. The conventional wisdom is that this was a run-of-the-mill software security issue. "It's the kind of server misconfiguration you see on the internet ten times a week," one might say. "And it's not as if your iTunes password even gets you to real money. This is why Apple added two-step verification." Or, "Apple saw the hole and shut it down before most users even knew it was there. This is how things are supposed to work." No. It isn't
Internet Evidence Finder Adds Mac OS X File System Support and Timeline Feature (Forensic Focus) With a strong commitment to helping thousands of its customers in the world's top law enforcement, military, government and corporate organizations recover data from a broad range of Internet-related communications, Magnet Forensics (formerly JADsoftware) has launched v6.0 of its industry-leading forensic software
Research and Development
Quantum Cryptography Secures the Electrical Grid (Design News) Renewable energy sources are slowly building their presence in the nation's electric grid system. The grid readily supplies the energy demand of the country, which is now projected to rise 30 percent by 2035. The increasing availability of renewable energy reserves hopes to balance out the rise in demand while providing an environmentally friendly form of sustenance. However, the intricacy of renewable energy requires sophisticated methods of grid operation for both energy management and security applications
Academia
If online students aren't engaged, blame their teacher (Quartz) A very wise old online professor, Bill Pelz, once told me that the lecture is the most efficient way to pass important concepts and theories from the professor's notepad to the student's iPad without going through either brain
Competition Seeks Next Generation of Cybersecurity Experts (Mashable) Think of it as an American Idol in which the contestants aren't fighting for record deals but rather a pathway to joining the next generation of American offensive and defensive cybersecurity experts. Meet Cyber Aces, a series of experimental state competitions that use a videogame to target participants with the right skills -- a mixture of a deep understanding of networking, operating systems and systems administration -- to receive a $25,000 scholarship for National Security Agency-level cybersecurity training. Many participants are high school and college-aged, but entrants also include Ph.D. recipients and military veterans
Legislation, Policy, and Regulation
UK battles to defeat cyber crime (The Independent) Hackers costs the economy 27bn pounds a year, but companies are fighting back. A team of 10 computing experts must tackle half a billion possible cyber attacks made on their employer, a large multinational, every day. They are overrun. A system developed by Detica, a unit of BAE Systems with a 300m pound turnover, helps them prioritise the 81 most significant threats that day. There are 17 suspicious-looking emails, inviting staff to an "exclusive event" or to look at a contact list. Another, from one Fraser Anderson, reached five staff members. Two opened the email that was ostensibly describing a conference in Seattle
China opposes and combats cyber attacks (Financial Times) Sir, The report "Security services and business join forces in fight against cyber crime" (March 27), by your defence and diplomatic editor James Blitz, accuses the Chinese government of sponsoring cyber attacks on the UK. We are genuinely disappointed and seriously concerned about the report as the accusations in it do not square with facts by any measure
Bolster cyber-attack defenses (The Japan Times) There is the view that its cyber-attack capability is larger than South Korea's. North Korea has been deeply isolated in the international community -- with United Nations-initiated economic sanctions slapped on it because of its nuclear weapon and
S. Korea, US step up cyber warfare partnership (ZDNet) S. Korea, US step up cyber warfare partnership. Summary: The two governments will work on a draft deterrence strategy to fend off unexpected attacks, and South Korea will also increase personnel for its Cyber Command unit
Maritime advisory panel to meet 'virtually' on April 2 to discuss cyber security (Government Security News) The advisory panel, which makes recommendations on maritime security to the commandant of the Coast Guard and the secretary of the Department of Homeland Security, will discuss the executive order issued by the president on February 12 and
Litigation, Investigation, and Law Enforcement
Government Fights for Use of Spy Tool That Spoofs Cell Towers (Wired Threat Level) The government's use of a secret spy tool was on trial on Thursday in a showdown between an accused identity thief and more than a dozen federal lawyers and law enforcement agents who were fighting to ensure that evidence obtained
Saudi govt warns of 'suitable measures' against WhatsApp, Skype, Viber (Russia Today) Saudi Arabia says it will take "suitable measures" if providers of internet messaging applications such as WhatsApp fail to comply with its rules. The move comes a week after the government warned providers to comply with censorship requirements
Pakistani man arrested for military espionage in Germany (Pakistan Today) A Pakistani man working in a German technology research centre was arrested on Friday and detained on suspicion of military espionage, Germanys state prosecutor said. The 28-year-old employee was registered as a student at the centre where he worked in the northwestern city of Bremen. Named only as Umar R, the man is suspected of "attempting to procure information about sophisticated military technologies" since October, a statement from the prosecutor said
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
CSO40 (Braselton, Georgia, USA, Apr 2 - 3, 2013) The CSO40 Security Confab + Awards will honor and share the critical viewpoints of today's leading CSOs, CISOs and security executives at the nation's leading CSO thought leadership conference.
Cloud Connect Silicon Valley (Santa Clara, California, USA, Apr 2 - 5, 2013) Cloud Connect returns to Silicon Valley, April 2-5, 2013, for four days of lectures, panels, tutorials and roundtable discussions on a comprehensive selection of cloud topics taught by leading industry experts.
An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders (National Harbor, Maryland, USA, Apr 6, 2013) UMUC is pleased to present An Evening in Cyberspace: Supporting Tomorrow's Cybersecurity Leaders. Join us for this special black-tie event to support the next generation of cybersecurity students. The evening will feature a reception, dinner, keynote and entertainment.
Cyber 1.3 (, Jan 1, 1970) Maj. Gen. Suzanne Vautrinot, USAF, commander, 24th Air Force, and commander, Air Force Network Operations, will discuss the global strategic implications that relate to the cyber domain at the Space Foundation national conference Cyber 1.3, to be held Monday, April 8th, at The Broadmoor Hotel in Colorado Springs, Colorado. Cyber 1.3 is a full-day conference that takes place immediately before the official opening of the 29th National Space Symposium. The conference includes a networking breakfast, a luncheon and concludes with a networking reception, co-sponsored by General Dynamics Advanced Information Systems. Government Executive Media Group is a Cyber 1.3 media co-sponsor.
HITBSecConf2013 (Amsterdam, the Netherlands, Apr 8 - 11, 2013) HITB2013AMS will feature cutting edge attack and defense research including the a presentation on the inner workings of the iOS 6.1 Evasi0n jailbreak presented by members of the world famous Evad3rs Team, a brand new kernel level exploit affecting _all versions_ of Microsoft Windows up till Windows 8 and even a presentation on remotely hacking airplanes.
SANS Northern Virginia 2013 (Reston, Virginia, USA, Apr 8 - 13, 2013) This event features comprehensive hands-on technical training fand includes several courses that will prepare attendees for DoD 8570 and GIAC approved certification exams. Four of the courses can apply to a SANS Technology Institute's Master of Science Degree in Information Security Management or Master of Science Degree in Information Security Engineering.
INFILTRATE 2013 (Miami, Florida, USA, Apr 11 - 12, 2013) INFILTRATE is a deep technical conference that focuses entirely on offensive security issues. Researchers focused on the latest technical issues will demonstrate techniques that you cannot find elsewhere.
Software Engineering Institute Invitational Career Fair (Pittsburgh, Pennsylvania, USA, Apr 11 - 12, 2013) Attention software engineers and cyber security professionals, the Carnegie Mellon Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing on April 11 & 12 at their offices in Pittsburgh to fill immediate local positions. All candidates must be eligible to obtain a Security Clearance. Interviews are by appointment only. At the SEI you will have opportunities to make an impact on internet security and work with some of the most talented people in the field.
Information Tech Expo Series - Hawaii (Oahu, Hawaii, USA, Apr 12 - 19, 2013) This 6-series showcase will feature stops at 5 DoD locations and 1 Intel Center on the island of Oahu. Celebrating 20 years of these expos is a true testament to the government and military's readiness to learn from and work with industry partners. .
InfoSec World Conference & Expo 2013 (Orlando, Florida, USA, Apr 15 - 17, 2013) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
Cyber Guardian 2013 (Baltimore, Maryland, USA, Apr 15 - 20, 2013) Cyber Guardian is the SANS Institute's annual, interactive training session for cyber security professionals. All courses are associated with a GIAC Certification, and cover topics like intrusion detection, perimeter protection, hacker techniques, penetration testing, and advanced forensics. Cyber Guardian will feature the popular SANS NetWars Tournament on April 18-19, a hands-on, interactive training exercise.
A Dialogue on Cyber Warfare from Legal and Corporate Perspectives (New York, New York, USA, Apr 16, 2013) Conversation on Cyber Warfare and the LawThe Journal of Law & Cyber Warfare in partnership with the Columbia Society of International Law is honored to host this first cutting edge conference on the complex issues of cyber warfare.States are faced with the multi-faceted challenges of cyber warfare. No longer confined to the world of technology professionals and spies, these threats are a growing part of the daily lives of corporations and individuals. The constitution and legislation are both scarce and obsolete and the bench and the bar lack the resources and expertise to decide or advocate on these issues.
Infosec Southwest 2013 (Austin, Texas, USA, Apr 19 - 21, 2013) InfoSec Southwest is intended to be a general security and hacking conference with no specific industry or topical focus. As such, nearly all topics (other than vendor pitches) are fair game and the attending audience is expected to span all demographics.
Mobile Device Security for Defense and Government (Alexandria, Virginia, USA, Apr 23 - 24, 2013) This Defense Strategies Institute conference addresses the challenges of operating mobile devices in networks whose security is mission critical. The symposium's overall theme will focus on DOD's plan to maximize the potential uses of mobile devices. Within specific key areas: wireless infrastructure, mobile devices and mobile applications. The thought leadership and community goal of this event is to advance flexible and secure mobile devices to benefit the warfighter and keep pace with changing technology.
Infosecurity Europe (London, England, UK, Apr 23 - 25, 2013) Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every segment of the industry, it's the most important date in the calendar for Information Security professionals across Europe.
INSA Leadership Dinner Featuring Betty Sapp, Director, NRO (Reston, Virginia, USA, Apr 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community. Registration will open on Thursday, March 14 and will close Thursday, April 18.
23rd Annual Government Procurement Conference (Washington, DC, USA, Apr 25, 2013) This unique one-day event attracts more than 3,000 participants representing government agencies, prime contractors and small businesses from around the country. Participating companies are able to network with procurement officials from federal, state and local government agencies under one roof.