The CyberWire Daily Briefing for 4.30.2013
The Guardian believes the cyber attacks it's sustained from the Syrian Electronic Army are opening shots in a pro-Assad campaign against Western media.
China reportedly shifts its cyber target set in Taiwan from government agencies to private industry. Taiwan announces expansion of its cyber security forces.
Apache webservers are under widespread, sophisticated attack. Compromised HTTP binaries redirect users to malicious sites where they're infected with (among other malware) the Blackhole exploit kit. The attacks conceal themselves by running in shared memory.
LivingSocial, recovering from last week's compromise, dumps the SHA1 hash in favor of more powerful encryption.
Researchers at Northwestern and North Carolina State find popular Android antivirus products easily defeated by obfuscated malware.
Despite longstanding and well-founded American woofing about the hazards of using Chinese hardware, US Africa Command purchases Chinese communication satellite services.
A study by the Economic Policy Institute disputes conventional wisdom about a shortage of tech talent in the US. The problem appears instead to be a mismatch of jobs with specific skills. Several approaches to remediating the mismatch are discussed, from MOOCs to student tracking platforms, but none seem an obvious breakout solution.
The US Defense Department considers elevating Cyber Command to an independent unified combatant command.
Litigation news is the usual squalid tally of creepy greed and motiveless malice, relieved by the curious story of the (alleged) CyberBunker DDoS specialist being extradited to the Netherlands. He's thought to be one Sven Olaf Kamphuis, "minister of telecommunications and foreign affairs for the Republic of CyberBunker."
Notes.
Today's issue includes events affecting China, Estonia, Finland, Germany, Italy, Lithuania, Mexico, NATO, Netherlands, Poland, Romania, Slovakia, Spain, Syria, Taiwan, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
Pro-Assad Syrian hackers launching cyber-attacks on western media (The Guardian) The Guardian has come under a cyber-attack from Syrian hackers who have targeted a series of western media organisations in an apparent effort to cause disruption and spread support for President Bashar al-Assad's regime. The Syrian Electronic Army
China's Shifting Cyber Focus on Taiwan (The Diplomat) Hackers from the Chinese military appear to have shifted the focus of their attacks against Taiwan from government institutions to the civilian sector, including think tanks, telecommunications, Internet nodes, and traffic signal control systems, the island's top civilian spy agency said in a new report
Taiwan to expand cyber security force: defense minister (Focus Taiwan News Channel) Minister of National Defense Kao Hua-chu said Monday that the military will establish a new information and electronic warfare squadron to better protect the country from cyber attack. Fielding questions at a hearing of the
Attack Using Backdoored Apache Binaries to Lead to Blackhole Kit (Threatpost) There is a newly identified ongoing attack campaign in which attackers are using compromised Apache HTTP binaries to redirect users to malicious sites serving various flavors of malware, including the Blackhole exploit kit. Rather than going the traditional route of simply injecting malicious code onto target Web sites, this attack crew is replacing the existing
Sophisticated Apache backdoor in the wild (Help Net Security) ESET researchers, together with web security firm Sucuri, have been analyzing a new threat affecting Apache webservers. The threat is a highly advanced and stealthy backdoor being used to drive traffic
Admin beware: Attack hitting Apache websites is invisible to the naked eye (Ars Technica) Newly discovered Linux/Cdorked evades detection by running in shared memory. Ongoing exploits infecting tens of thousands of reputable sites running the Apache Web server have only grown more powerful and stealthy since Ars first reported on them four weeks ago. Researchers have now documented highly sophisticated features that make these exploits invisible without the use of special forensic detection methods
Backdoor malware hits clearing house clients (GMA News) Security vendor Bitdefender said the fake payment receipts are part of what it called "a rising wave" of spam emails targeting credit card data. "This is not the first time ACH users are targeted by malware. In November 2011, a bank refusal e-mail came
Adobe PDF Zero-Day Flaw Enables Location Tracking (CRN) McAfee has detected ongoing attacks targeting an Adobe Reader zero-day vulnerability that could enable attackers to conduct location tracking of a malicious file. The firm said it detected malicious PDF files that can enable a sender to see when and
Texas Board of Professional Land Surveying Hacked (eSecurity Planet) Hacker DasTn wrote on the site, 'We chose the path of electronic jihad.' Hacker DasTn of The Outlaws recently defaced the Web site for the Texas Board of Professional Land Surveying
LulzSec Hackers Take Down NTT DoCoMo USA (eSecurity Planet) Following last week's publication of customer data, the hackers took down the company's U.S. Web site earlier today. After publishing customer information taken from NTT DoCoMo on Friday, members of LulzSec today announced that they had knocked NTT DoCoMo's U.S. Web site online
Hacker JokerCracker Hits Mexican Web Sites (eSecurity Planet) A hacker named JokerCracker recently defaced a seemingly random collection of Web sites in Mexico, including those of the Ministry of Government Administration and Finance of the State of Nayarit, the Insitute for the Education of Young People and Adults of Aguscalientes, a branch of the Universidad Iberoamericana, a balloon company called Globos Fiesta y Color
LivingSocial Ups Its Password Encryption Following Massive Breach (Threatpost) The popular daily deal site LivingSocial announced Monday it has abandoned the SHA1 hash for Blowfish's bcrypt following a massive data breach that impacted 50 million customers. The company confirmed last weekend that its computer systems were attacked and thieves gained access to names, e-mail addresses, date of birth (for some users) and encrypted passwords
Mobile AV Apps Fail To Detect Disguised Malware (Dark Reading) Ten of the top commercial Android antivirus software products were beaten by common malware obfuscation methods, according to new research
Good Morning, Captain: open IP ports let anyone track ships on Internet (Ars Technica) While digging through the data unearthed in an unprecedented census of nearly the entire Internet, Researchers at Rapid7 Labs have discovered a lot of things they didn't expect to find openly responding to port scans. One of the biggest surprises they discovered was the availability of data that allowed them to track the movements of more than 34,000 ships at sea. The data can pinpoint ships down to their precise geographic location through Automated Identification System receivers connected to the Internet
Faked celebrity gossip fuels Facebook scams (USA Today) The Top 10 Facebook scams revolve around come-ons to view lewd content relating to Kim Kardashian, Megan Fox, Justin Bieber, Selena Gomez and Chris Brown, according to analysis from Romanian anti-virus company BitDefender
Would you let a spammer give you a root canal? Sure you would! (Naked Security) We're all used to spam; most of us get quite a lot of it; some of us are awash in it. But even if we see only the occasional unsolicited message, one thing seems certain: as a sales and marketing tactic, it's not very convincing
How cybercriminals can target you on public networks (Help Net Security) The widespread use of mobile communication, including cell phones, laptops and tablets, makes consumers particularly vulnerable to fraud and malware risks over public internet connections
Cyber Trends
Recent Breaches More Likely To Result In Fraud (Dark Reading) A victim whose data is stolen in the last year will have a 1-in-4 chance of becoming a fraud victim as well, says Javelin's latest breach analysis. A year-old breach of a Utah Department of Health (UDOH) server that resulted in the theft of personally identifiable information on 780,000 Utahns will likely result in up to $500 million in fraud and other damages to the victims, underscoring the ultimate costs of security lapses, analyst and consulting firm Javelin Strategy & Research said in an analysis of the costs released on Monday
Symantec: Majority of enterprises reported at least one mobile security incident in the past year (FierceMobileIT) The majority of enterprises have reported at least one mobile security incident within the past 12 months, according to a survey conducted by security firm Symantec. The Symantec results jive with other surveys that have found increased enterprise mobile security risks and concerns about mobile devices, particularly personally-owned ones. For example, a survey of 1,600 members of LinkedIn's Information Security Group found that a majority of companies are concerned that BYOD could lead to data loss or unauthorized access to sensitive data
Marketplace
Pentagon Paying China — Yes, China — To Carry Data (Wired Danger Room) The Pentagon is so starved for bandwidth that it's paying a Chinese satellite firm to help it communicate and share data
Google pays record $31K bounty for Chrome bugs (IT World) Google this month paid a security researcher $31,336 for reporting a trio of bugs in Chrome
NATO conducts annual cyber defence exercise (IT News) The Western European and North American mutual defence pact organisation NATO has concluded an annual cyber defence exercise, defending a fictitious network against incoming attacks
SCIT Labs Awarded $389k Navy Cyber Security Contract (Sacramento Bee) Michael Hayden, former Director of the Central Intelligence Agency and National Security Agency, said, "SCIT technology shifts the cyber security focus from vulnerability elimination to consequence management. If successful, this technology will have
CACI to Update State Dept Security System Software (GovConWire) CACI International (NYSE: CACI) has won a potential $54 million contract to update software applications and other technology for mission systems used byBudget Year the State Department's bureau of diplomatic security. The development, modernization, and enhancement contract contains one base year and four option years, CACI said Monday
Google pays record $31K bounty for Chrome bugs (IT World) Google this month paid a security researcher $31,336 for reporting a trio of bugs in Chrome
America's tech talent shortage is a myth (Quartz) So it turns out the United States is not, in fact, the educational wasteland tech industry lobbyists would have you think. Companies like Microsoft often claim that America is suffering from an economically hobbling shortage of science, math, and computer talent. The solution, they argue, is to let employers fill their hiring gaps by importing tens of thousands of educated guest workers beyond what the law currently allows. Much as farmers want to bring in field workers from Mexico on short-term visas, software developers desperately want to bring in more coders from India
Meritful Launches A Student CRM Platform To Help Recruiters Keep Tabs On Campus Talent (TechCrunch) College recruiting is becoming increasingly competitive. Companies have begun to realize that top graduates not only bring a lot of talent and energy to the table, but they also tend to cost less than more experienced prospects. But in order to successfully woo those fortunate enough to have their pick, businesses need to begin the recruiting process earlier. If they're going to stand a chance
Why Massive Open Online Courses Matter to Recruiters (ERE) The world of education, training, and professional development is being disrupted by MOOCs. In case you're not familiar with that acronym, MOOC stands for Massive Open Online Course. Although they have been around for years, MOOCs have recently been heralded as the future of learning
Seattle 'white hats' probe cyber security flaws (My Northwest) He's 26, likes industrial and electronic music, has a bleached-blond Mohawk haircut and sometimes, Mikhail Davidov says, he starts his day "at the crack of noon." The late hours are in front of a computer, working on reverse engineering, tearing apart computer programs to find their vulnerabilities. Sometimes he works 18 hours straight. "There are few hackers out there who are `morning people,' " says Davidov
Products, Services, and Solutions
Kloudless Launches Service That Uses Connectors To Move Files Between Different Cloud Services (TechCrunch) Kloudless launched at Disrupt NY 2013 today with its service for moving data from email to different cloud platforms through connectors which act like pipes that flow between the different services. The service offers a plugin that the user installs in Outlook or as an extension through their web browser to use in Gmail or other apps, said CEO Eliot Sun. Kloudless does not store any data
Hartford Steam Boiler Launches Cyber Attack Protection for Small Businesses (Insurance Journal) The Hartford Steam Boiler Inspection and Insurance Co. (HSB), part of Munich Re, has launched HSB CyberOne, a new cyber risk insurance coverage for small businesses. The new product expands HSB's suite of products and services designed to protect
Panda Security Releases Panda Cloud Office Protection 6.5 (Albany Times Union) Panda Security, The Cloud Security Company, today announced the release of Panda Cloud Office Protection (PCOP) version
Self-updating apps are now banned from Google Play (Help Net Security) Google has made added a short but very significant clause to its Google Play Developer Program Policies, banning apps downloaded from the official store to "modify, replace or update its own APK binaries
Free firewall configuration search tool (Help Net Security) SolarWinds released its new Firewall Browser free tool, which enables IT professionals to easily troubleshoot firewalls and manage change requests from the convenience of the desktop
Google releases Android-based kernel code for Google Glass (FierceMobileIT) Google (NASDAQ: GOOG) has released its Android-based core kernel code for Google Glass, which should spur more app developers to join the Google Glass party. Google stressed that the current site for the kernel code will not be the permanent site
Procera Networks to Showcase Award-Winning NAVL OEM DPI Engine at Interop Las Vegas 2013 (Virtual Strategy) Procera Networks, Inc. (NASDAQ: PKT), the global network intelligence company, today announced it will demonstrate its award-winning Network Application Visibility Library (NAVL) at Interop Las Vegas 2013, taking place May 6-10 at the Mandalay Bay Convention Center. Procera will demonstrate its combined technology products with partners Napatech, the world's largest vendor of intelligent adapters for network monitoring and analysis, and Netronome, a fabless semiconductor company, at Interop booth #658
Technologies, Techniques, and Standards
Building A Detente Between Developers And Security (Dark Reading) Don't give a long list of software defects to the developers, if you value a good working relationship; better education, integration and tools can help smooth the waters
How secure [are] your confidential data? (Help Net Security) It seems ages ago that companies were first warned about the danger of confidential information being found in trash bags in front of the office, yet despite the use of shredders and complex security
Design and Innovation
Facebook's Graph Search Supremo Lars Rasmussen On Relocating To London, Building A New Team, And The Challenges Of Natural Language (TechCrunch) Lars Rasmussen, one of the two engineering directors who led in the creation of Facebook's new Graph Search and helps run its development, is leaving Menlo Park and setting up shop in Facebook's office in London. Graph Search, or at least the engineering part that he oversees, is coming with him. I took the opportunity of a quick reconnaissance mission he made to the city this week to ask
Research and Development
AMD's "heterogeneous Uniform Memory Access" coming this year in Kaveri (Ars Technica) Chip designer wants to replace GPU computing with heterogeneous computing
Google research director and AI expert Peter Norvig elected into AAAS (GigaOM) Artificial intelligence expert and Google Director of Research was elected to the American Academy of Arts and Sciences last week
Academia
CTB/McGraw Hill Launches the TASC, New High School Equivalency Assessment to Improve Accessibility and Affordability for Adult Learners (Sacramento Bee) Company recently selected by New York State to provide new high school equivalency assessment to state's adult learners; 40 states considering alternative exams
Legislation, Policy, and Regulation
Government Seeks to Fine Companies for Not Complying With Wiretap Orders (Wired Threat Level) A government task force is pushing for legislation that would penalize companies like Google, Facebook and Skype that fail to comply with court orders for real-time internet wiretapping, because they say they don't have the technical capability to
Online monitoring scheme bad news for security, opponents say (CSO) While such backdoors would help U.S. law enforcement, it would also provide a new vector for state-sponsored hackers
Flying High: Why The Military Is Taking Cyber Warfare Seriously (Forbes) In addition to the class in Cyber Warfare, there was also a cadet Cyber Warfare Club and an annual National Security Agency Cyber Warfare competition. The Air Force competes with other military branches and National Guard units; the instructor proudly
Should cyber warfare be elevated to highest command structure? (Stars and Stripes) Over the past year, defense secretaries Leon Panetta and Chuck Hagel have considered pulling U.S. Cyber Command out from under U.S. Strategic Command and making it a unified combatant command, on par with the six regional combatant commands
Litigation, Investigation, and Law Enforcement
How the FBI cracked a "sextortion" plot against pro poker players (Ars Technica) "We don't just fly out here and kick in your door knowing only a little." At 8:05am on the morning of December 1, 2010, an FBI search warrant team swarmed up to a Silicon Valley home on an unusual misson: find the "sextortionist" who had been blackmailing pro poker players over the Internet. One agent pounded on the door and shouted out, "FBI!" Movement was heard inside, but no one opened the door. The agent knocked again, but the door stayed shut, so out came the battering ram. Wham—the door gave and FBI agents flooded inside, guns drawn in the dim light
Troll admits to making death threats against children on Facebook (Naked Security) A 24-year-old UK man has admitted to posting threats on the Facebook tribute page of a teenager killed after being thrown from a truck. He told police he didn't think anybody would take the threats seriously. He was very wrong
How did a hacker get into UGA system? (Augusta Chronicle) University of Georgia officials thought they might have been under attack from hackers when the identities of thousands of employees and students went missing last fall. It turned out, however, to be the work of a single person, a former UGA student, who used a proxy server that disguised the Internet Protocol address of his computer. He later committed suicide
Cyber attack suspect to be sent home to Netherlands (Sydney Morning Herald) A Dutch citizen arrested in Spain on suspicion of launching what authorities have called the biggest cyber attack in internet history is expected to be handed over to the Netherlands within 10 days, a Spanish court official says
Top intelligence official orders broad review of information (Boston Globe) The new review of agencies' handling of information prior to the attack will be conducted in conjunction with the inspectors general from the CIA, Department of Justice (which oversees the FBI), and the Department of Homeland Security, which "have
Privacy surprises…that somehow aren't (Volokh Conspiracy) If you're looking for laws of unintended consequences, you can't do better than privacy. Take two examples plucked from last week's front pages
Fascinating New Case on Legal Standards for Searching a Remote Computer With Unknown Location (Volokh Conspiracy) Here's a fascinating issue that just led to an unusual opinion by Magistrate Judge Stephen Wm. Smith of the Southern District of Texas, who is no stranger to the Volokh Conspiracy for his, um, unusual opinions. The issue: What are the legal standards for the government to search a hacker's remote computer to determine the hacker's identity and location? In this case, someone hacked the e-mail account of a victim in Texas and used the e-mail account to access the victim's bank account. After the unauthorized access to the account was blocked, the hacker set up an e-mail address almost (not not quite) identical to the real e-mail account and tried to wire money to a foreign bank. The location of the hacker is unknown, although there are signs that he is abroad: The most recent IP address resolved to a country in Southeast Asia. In this case, the government applied for a search warrant to remotely access the intruder's computer and search it for evidence of who the intruder is and where he located
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
cybergamut CompTIA Security+Certification Boot Camp Training Program (Baltimore, Maryland, USA, Apr 29 - May 2, 2013) Security+ certification training delivers a foundational proficiency in the network security arena. Security+ Certified Professionals are better able and positioned to support small and medium-sized organizations that are at increased risk of cyber crime and other forms of security-related threats. Security+ certified professionals may now apply the CompTIA Security+ certification towards the Microsoft MCSA and MCSE Security certifications.
TechExpo Cyber Security Hiring Event (Columbia, Maryland, USA, Apr 30, 2013) A hiring event for experienced cyber security professionals, with many leading companies in attendance and interviewing on-the-spot. Learn from the distinguished speakers' panel, details of which will be forthcoming on the event site. All job-seekers should be US citizens with cyber security or IT experience. A security clearance is not required, but preferred.
INSA Leadership Dinner Featuring Betty Sapp, Director, NRO (Reston, Virginia, USA, Apr 25, 2013) - This leadership dinner will feature a keynote address from Betty Sapp, Director of the National Reconnaissance Office highlighting her focus on innovation at the NRO and for the Intelligence Community. Registration will open on Thursday, March 14 and will close Thursday, April 18.
Symposium on Cybersecurity & Information Assurance (Teaneck, New Jersey, USA, May 1, 2013) Fairleigh Dickinson University's Center for Cybersecurity and Information Assurance is pleased to announce its inaugural Symposium on Cybersecurity and Information Assurance to be held on May 1, 2013 in the Wilson Auditorium of the Metropolitan campus. This forum will gather top security professionals from government, industry, and academia to present the current state of cybersecurity affecting our daily lives. The symposium will raise the awareness of attendees about the cyber threats and some of the remedial measures. Among the various facets of this evolving area, focus will be on topics such as Survivability in Cyberspace, Security Pattern Usage in Software Development Lifecycle (SDLC), Network Security Service Implementation issues, and Thinking with a Security Mindset.
Critical Security Controls International Summit (London, England, UK, May 1 - 2, 2013) The SANS Institute will be hosting the Critical Security Controls International Summit in London from May 1st to May 2nd at the London Hilton on Park Lane hotel. The Summit focuses on the Critical Security Controls that the British government's Center for the Protection of National Infrastructure describes as the "baseline of high-priority information security measures and controls that can be applied across an organization in order to improve its cyber defense.
INSA Leadership Dinner with NGA Director Letitia Long (McLean, Virginia, USA, May 2, 2013) NGA At the Crossroads - Visualizing the Future. Join INSA and NGA Director Letitia Long as she shares her vision for transforming NGA and GeoInt in innovative ways that more effectively put the power of data and visual knowledge in the hands of users.
Interop Las Vegas (Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes, 350+ exhibiting companies and the latest technology.
ITWeb Security Summit 2013 (Sandton, South Africa, May 7 - 9, 2013) A conference devoted to cyber security, with a particular emphasis on countering the latest attack vectors. The gathering creates an opportunity for senior security professionals and business decision-makers to learn about new strategies and tactics, and hear insight and comment from leading international and local subject-matter experts, featuring expert insights, interactive workshops, an expo, valuable networking, sought-after SANS training, and practical solutions.
The Computer Forensics Show (New York City, New York, USA, May 8 - 9, 2013) For IT and business executives responsible for creating, implementing, and managing a proactive and comprehensive IT strategy for information security, risk management, compliance, and business continuity management. An understanding of risk and the application of risk assessment methodology is essential to being able to create a secure computing environment. (Co-located with ASIS New York City Security Conference and Expo.)
ASIS 23rd New York City Security Conference and Expo (New York City, New York, USA, May 8 - 9, 2013) Join more than 2,500 professionals in the Big Apple for the largest annual conference in the Northeast for security management and law enforcement professionals. This exciting event will focus on key challenges facing practitioners and organizations in the public and private sectors.(Co-located with the Computer Forensics Show.)
Software Engineering Institute Invitational Hiring Event (Arlington, Virginia, USA, May 8 - 9, 2013) Attention software engineers and cyber security professionals: Carnegie Mellon's Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing on May 8 & 9 at their offices in Arlington to fill immediate local positions. All candidates must be eligible to obtain a Security Clearance. Interviews are by appointment only. At the SEI, you will have opportunities to make an impact on internet security and work with some of the most talented people in the field.
Baltimore Tech-Security Conference (Baltimore, Maryland, USA, May 9, 2013) The Baltimore Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately.
CyberSecurity UAE Summit 2013 (Dubai, UAE, May 13 - 14, 2013) Review developments, strategies and best practice in global cyber security. Assess the nature of the latest threats being faced and the impact of these upon your organisation. Discuss the most promising cyber security technologies in the marketplace. Assess the trends to watch in global cyber security. International Case Studies: Discover the best practice in protecting your organisation from cyber-attack.
GovSec (Washington, DC, USA, May 13 - 15, 2013) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of protecting our communities, critical infrastructures, and key assets. The conference includes sessions devoted to cyber security.
cybergamut Technical Tuesday: Identifying TLS/SSL Encrypted Network Exploitation Activity Using Traffic Externals (Columbia, Maryland, USA, May 14, 2013) Jeff Kuhn of CACI describes recently completed CACI research using adaptive data analytics to distinguish encrypted exploitation activity from legitimate network traffic based on traffic externals in a real world environment.
Thriving in the Post-Sequestration GovCon Era (McLean, Virginia, USA, May 14, 2013) The Potomac Officers Club is hosting a summit for GovCon executives and government leaders to collaborate and share ideas on how to navigate a new era involving sequestration. At least five speakers, each experts in the intersection between the public and private sector, will discuss what is to come after the automatic budget cuts known as sequestration dissipate. Confirmed speakers include: Frank Kendall (Defense Undersecretary for Acquisition, Technology and logistics), Robert Hale (Defense Department Comptroller), Jim McAleese (founder of McAleese & Associates), Pierre Chao (managing partner and co-founder of Renaissance Strategic Advisors), and Stephen Fuller (George Mason University professor and director at the Center for Regional Analysis).
Second Maryland Cybersecurity Center Symposium (MC2) (College Park, Maryland, USA, May 14 - 15, 2013) Drawing on regional experts of national and international acclaim, MC2's second Annual Cybersecurity Symposium will showcase the latest research, trends, and topics in cybersecurity, including: keynote addresses by Dr. Fred Schneider, Randy Sabett, Dr. Kathleen Fisher and Dr. Steve Bellovin; tutorials by MC2 faculty and corporate partners; and Tech Talks by MC2 faculty. The MC2 Symposium program will broaden your knowledge, skillset, and awareness of cybersecurity problems and directions, and the event is sure to present unique opportunities to connect with colleagues across academia, industry, and the state and federal government.
FOSE (Washington, DC, May 14 - 16, 2013) FOSE is the premier event for government technology professionals interested in innovative, effective tools and solutions allowing you and your agency or organization to advance your mission. From IT managers and buyers to CIOs and other technology management professionals, FOSE has the right products, people and solutions for you in one very accessible location.
7th Annual INSA IC Industry Day (Springfield, Virginia, USA, May 15, 2013) This annual event is held at the TS/SCI level in cooperation with ODNI as a comprehensive forum for IC leaders to relate their budget priorities to industry. The theme of this year's IC industry day is Intelligence Program Priorities in a Budget Constrained Environment and will feature keynote addresses from DNI James Clapper, Dr. Roger Mason, ODNI, and Letitia Long, Director, NGA. Registration opens Wednesday, March 27.
Hack Miami (Miami, Florida, USA, May 17 - 19, 2013) The HackMiami 2013 Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference will showcase cutting edge tools, techniques, and methodologies that are at the forefront of the global threatscape.
CEIC 2013 (Orlando, Florida, USA, May 19 - 22, 2013) The largest digital-investigations conference of its kind and the only one to offer hands-on lab sessions for practical skills development. CEIC offers relevant and practical information from expert speakers. It will be of interest to anyone interested in cyber forensics and e-discovery. Former Director of Central Intelligence Michael Hayden will deliver the keynote.
IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)
International Workshop on Cyber Crime (IWCC) (San Francisco, California, USA, May 24, 2013) The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of digital forensics and to present the development of tools and techniques which assist the investigation process of potentially illegal cyber activity. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. (Co-located with the IEEE Symposium on Security and Privacy.)
Web 2.0 Security and Privacy (San Francisco, California, USA, May 24, 2013) The goal of this one-day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and to establish new collaborations in these areas. (Co-located with the IEEE Symposium on Security and Privacy.)
Maryland/DC Celebration of International Trade (Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international trade. Participate in expert discussions lead by manufacturers, legal, financial, transportation and industry experts as well as government leaders in eight vertical tracks for a total of 24 highly interactive 90 minute sessions.
IEEE-Cyber 2013 (Nanjing, China, May 26 - 29, 2013) This conference will cover cyber physical systems, cyber control and automation, cyber robotics, and the Internet of things.
Cyber Security @ CeBIT (Sydney, New South Wales, Australia, May 28 - 30, 2013) The Cyber Security Conference will serve as a platform where all those involved in securing and governing ICT within an organisation can discuss the newest challenges and strategies. The event is a must-attend for CIOs, CSOs, CISOs, Chief Risk Officers, Heads of Governance and Compliance and IT Directors. It is predicted that security service spending in Asia-Pacific will reach $7 billion in 2015, so ensure that you are investing in the best technologies for your business by joining us at the Cyber Security Conference on 28 May 2013 and hearing from leading financial institutions, retailers, airlines, telecoms companies and government.
Private Sector Crossovers: Protecting People, Property and Information (, Jan 1, 1970) With its annual cyber conference on May 29, the Howard County Chamber of Commerce and its GovConnects initiative will offer expert speakers on cyber security and efforts to protect government agencies and private industry. There will be opportunities for informal networking and formal, targeted match-ups for businesses interested in making connections with government contractors and agencies.
Cyber Security for the Chemical Industry (Franfurt, Hessen, Germany, May 29 - 30, 2013) It is becoming increasingly more important than ever to be aware of the latest cyber threats, and equipped to protect your company from them. In addition to physical security, these industries are faced with the ever-increasing risk of cyber attacks to their DCS and SCADA infrastructure networks as well as their R&D networks. These attacks can have a costly affect not only on profits, but also corporate reputation.
DGI Cyber Security Conference & Expo (Washington, DC, 2013, May 30, 2013) Data security threats continue to increase in number and sophistication. The growing use of collaborative technologies - from mobile devices and social media to virtualization and cloud computing - will continue to be one of the most significant factors impacting the security landscape. For these reasons, the federal government has increased efforts to minimize and prevent cyber security attacks, and will continue to place significant focus on securing the nation's cyber infrastructure.