The CyberWire Daily Briefing for 5.2.2013
Bloomberg breaks news of another major Chinese cyber espionage campaign, this one directed against defense and security contractor QinetiQ North America. The campaign lasted at least five years, involved multiple (and diverse) points of attack, and succeeded against a company whose considerable security expertise failed to prompt effective action once warnings appeared. The attackers stole technology that now appears in fielded Chinese systems. The notorious People's Liberation Army Unit 61398 (a.k.a. "Comment Crew") is blamed for the attack; Terramark, HBGary, and Mandiant were engaged to contain it, apparently with mixed success.
The story is worth close attention because it's by no means an aberration. As a Center for Strategic and International Studies senior fellow put it to Businessweek, "The line forms to the left when it comes to defense contractors that have been hacked."
The US Department of Labor's website (now fixed) was hacked to serve malware in a watering hole attack. Unknown parties breached a US Army Corps of Engineers database recording physical vulnerabilities in dams.
In industry news, South Carolina's recovery from last year's data breach offers lessons for businesses approaching this market. VentureBeat offers Fixmo as an example of how an international company can succeed in the US security market. Struggling tech companies continue to grasp at cyber as a profitable lifeline. Apple thinks its designs have suffered from skeuomorphism. (Who knew?)
The US FBI wants backdoors it can use to push through carrier reluctance to cooperate with eavesdropping. Thirty-six governments worldwide now use FinFisher for surveillance.
Notes.
Today's issue includes events affecting Australia, Austria, Bahrain, Bangladesh, Brunei, Bulgaria, Canada, China, Czech Republic, Estonia, Ethiopia, Germany, Hungary, India, Indonesia, Japan, Republic of Korea, People's Democratic Republic of Korea, Latvia, Lithuania, Macedonia, Malaysia, Mexico, Mongolia, Netherlands, Nigeria, Pakistan, Panama, Qatar, Romania, Serbia, Singapore, South Africa, Taiwan, Turkey, Turkmenistan, United Arab Emirates, United Kingdom, United States, and and Vietnam..
Cyber Attacks, Threats, and Vulnerabilities
China Cyber Hacking the U.S. for 5 Years, Report Confirms (International Business Times) QinetiQ North America (QQ) a world leading defense technology and security company providing satellites, drones and software services to the U.S. Special Forces deployed in Afghanistan and Middle East suffers humiliation as intelligence officials confirmed that China was able to steal the U.S. classified documents and pertinent technological information - all this because of QinetiQ's faulty decision-making
'Chinese' attack sucks secrets from US defence contractor (The Register) Just when it looked like US-China relations couldn't get any more frosty, news has emerged that defence contractor QinetiQ suffered a massive breach of classified data over three years which may have leaked advanced military secrets to the infamous PLA-linked hacking gang Comment Crew
Chinese 'Comment Crew' hackers emptied QinetiQ of top-secret military data (TechWorld) One of the US's critical military and espionage contractors QinetiQ North America (QNA) was successfully pillaged for huge amounts of top-secret know-how by the infamous Chinese 'Comment Crew' or PLA 61398 hacking group in a campaign stretching over years, Bloomberg has reported
China Cyberspies Outwit US Stealing Military Secrets (Businessweek) Among defense contractors, QinetiQ North America (QQ/) is known for spy-world connections and an eye- popping product line. Its contributions to national security include secret satellites, drones, and software used by U.S. special forces in Afghanistan and the Middle East. Former CIA Director George Tenet was a director of the company from 2006 to 2008 and former Pentagon spy chief Stephen Cambone heads a major division. Its U.K. parent was created as a spinoff of a government weapons laboratory that inspired Q's lab in Ian Fleming's James Bond thrillers, a connection QinetiQ (pronounced kin-EH-tic) still touts
China's hackers shifting focus: report (Taipei Times) China's cyberarmy now numbers more than 100,000, has a budget of more than US$2.71 million and targets telecoms and think tanks, the NSB said. The National Security Bureau (NSB) believes that the Chinese military has shifted the emphasis of cyberattacks on Taiwan from government institutions to civilian think tanks, telecommunications service providers, Internet node facilities and traffic signal control systems, according to an NSB report
Jaws, Nuclear Weapons, and Cyber War (Huffington Post) The top Chinese official of the People's Liberation Army, General Fang Fenghui, created his own Jaws effect when he recently announced that the consequences of a major cyber attack "may be as serious as a nuclear bomb." You yell cyber, everybody says
Reputation.com resets all user passwords following breach (Naked Security) Fortunately, the few passwords that were nabbed were salted and hashed. Also, the company doesn't request sensitive information such as Social Security Numbers and doesn't store financial data such as credit card numbers or bank accounts. Kudos for good security practices, guys
US Department of Labor website hacked, serves malware, now fixed (Naked Security) A subdomain of the US Department of Labor's main website, running off a separate server - what's known colloquially as a microsite - was modified to serve up malware. Paul Ducklin takes a quick look at the attack
Watering Hole Attack Claims US Department of Labor Website (Threatpost) The United States Department of Labor website was hacked in a watering hole attack. The website was redirecting visitors to a malicious site hosting the Poison Ivy remote access Trojan
Army Corps database on dams compromised (CSO) Expert says breach aimed at collecting 'vulnerability and targeting data' for attacks, but another says simple engineering espionage more likely
Wave of Online Frauds Follow Boston Tragedy, Reports Trend Micro (SPAMfighter News) According to Trend Micro the security company, after the terrible bombing of April 15, 2013 during the marathon race at Boston (USA), cyber-criminals have
Fake Apple Store Invoices Deliver Malware (eSecurity Planet) A massive spam campaign addresses recipients by their names, and identifies itself as a 'third reminder' to pay an invoice
ESEA gaming client hijacks GPUs for Bitcoin mining (CSO) The co-owner of widely used computer gaming service ESEA has admitted that the company used its client software to mine bitcoins using customers hardware without their knowledge. Some ESEA users say that the unannounced activity overheated their graphics cards, damaging them in the process
ThreatMetrix's cautionary infographic on using Starbucks wi-fi (CSO) A pretty good infographic on the dangers of working online from your local coffee shop
Beware of encryption companies bearing gifts! (Naked Security) An iPhone messaging app that claims to be "totally secure" is offering a £10,000 prize to anyone who can intercept a message from it. Paul Ducklin wonders how you are supposed to win the prize if the app really is "totally secure"
Trend Micro Uncovers Trojan Vernot in Fresh Version (SPAMfighter News) Researchers from Trend Micro the security company report about one fresh version of Vernot a notorious Trojan, which they've analyzed and nicknamed BKDR_VERNOT.B. The Vernot, notably, is a perfect example of how malware can bypass security detections by resorting to genuine software and services for carrying out their malevolent activities
We rooted Wii U encryption and file system, says hacker group (Ars Technica) Nintendo says it has "no reports" of unauthorized game playing
Nearly Nine in Ten Websites Contain One Serious Vulnerability (Threatpost) For at least the third year in a row, the number of serious vulnerabilities per website has fallen. That sounds like good news until you look at the numbers and realize that the average website carried an astonishing 56 holes in 2012, according to statistics compiled by WhiteHat Security and based upon data gathered from tens of thousands of websites
Veracode Maps Out Security Risks Accelerated By Connected Vehicles (Dark Reading) Infographic provides tips for securing the latest and future generations of connected vehicles. Veracode, Inc., the leader in cloud-based application security testing, today released the "Connected Vehicles: Too Smart For Their Own Good?" infographic, which maps out the IT security risks of features in connected cars
Five Habits Of Highly Successful Malware (Dark Reading) Malware not only waits for the defenses to grow complacent, but actively hides itself in ways to avoid
Utah health data breach offers a lesson in the benefits of prevention (FierceHealthIT) The theft of Social Security numbers provides cyber criminals a gift that keeps on giving, posing the potential for fraud for years. When Eastern European hackers gained access to healthcare information for roughly 780,000 Medicaid participants in Utah in March 2012, the Social Security numbers for 280,000 beneficiaries were compromised
Living Social Hack: Big Data Makes A Big Target (InformationWeek) LivingSocial.com is one of the latest in a long line of "big scores" by hackers
Responding to the 'Dark Seoul Cyber Attack' (The Korea Herald) On March 20, 2013, South Korea suffered a cyber attack that resulted in the denial of service of several major banks, broadcasters, and the defacement of the websites of a telecommunications operator. Although reported as a major cyber attack, multiple
Despite hack, security experts urge no fear of Google Glass (CSO) Because of the hardware limitations, jailbreaking the device did not add much more risk than a rooted smartphone, one security expert said
Security Patches, Mitigations, and Software Updates
D-Link publishes beta patches for IP camera vulnerabilities (CSO) D-Link said the patches are for those who want to manually update their camera's firmware
Cyber Trends
Consumer Reports: 58 Million U.S. PCs Infected With Malware (Dark Reading) The recently-released Consumer Reports' Annual State of the Net Report statesthat a projected 58.2 million American adults had at least one malware infection that affected their home PC's features or performance in the past year. The cost of repairing the damage from those infections was nearly $4 billion, the report says
Gartner: More than one-third of CIOs expect their companies to stop supplying mobile devices by 2016 (FierceMobileIT) More than one-third of chief information officers surveyed by Gartner expect their companies to stop supplying mobile devices to employees by 2016. Based on its CIO survey, Gartner predicted that half of enterprises will require their employees to supply their own devices for work by 2017
M2M deployment to speed up enterprise mobility, survey finds (FierceMobileIT) The deployment of machine-to-machine communications technology is expected to speed up enterprise mobility, according to a survey of IT decision makers by Harris Interactive on behalf of SAP. The survey of 751 IT decision makers in six countries found that M2M is seen as a natural evolution of the consumerization of IT. Enterprise uses of M2M technology include fleet management, factory automation, remote facility monitoring and maintenance, inventory tracking and billing services, as well as physical security
Marketplace
Maj. Gen. Leslie J. Carroll Says Army's Challenge Is To Be 'Cyber-Savvy' (Fayetteville Observer) The Army must meet the challenges of fewer dollars and soldiers by being well-led and trained, regionally focused and "cyber-savvy," a top leader of Forces Command said Wednesday at Fort Bragg
Pentagon Prepares To Ask Congress For Break From 'Sequester' (Reuters) The Pentagon is preparing to ask Congress soon for more authority to shift funds to cope with automatic spending cuts, confronting lawmakers with another exception to the "sequester" just days after they gave a break to the flying public and the airline industry
Veterans Program Offers IT Certifications (InformationWeek ) HP, Microsoft, NetApp and Oracle are offering training and certification for their respective technologies, while SANS Institute and Global Information Assurance Certification are doing the same in the area of IT security. Service members who
DoD to grant Apple's iOS 6 & Samsung Galaxy devices security approval (9 to 5 Mac) Last month in London, Samsung hosted the first meeting of a new government-advisory board, made up of Samsung executives and technology-security experts from Western government agencies, including the U.S. National Security Agency
How a tiny Canadian company won security contracts with covert 3-letter agencies (VentureBeat) Fixmo's products, the company's sales literature highlights prominently, "have been developed as part of a cooperative research and development agreement with the U.S. National Security Agency." That commercialization has culminated in the sale of
Cyber-Responders Seek New Ways to Respond to Cyberattacks (GovTech) Last year the South Carolina Department of Revenue found that a hacker had used a "spear-phishing" attack to install at least 33 unique pieces of malicious software and utilities on the department's servers to steal financial data…The business models of large anti-virus vendors such as Symantec and McAfee incorporate everyone who has a computer, because perimeter defense is an important aspect of protection and is mandated by many federal regulations, including the Health Insurance Portability and Accountability Act (HIPAA). "But that approach is not geared toward someone who is a specific target of an attack," Ling said. "When that happens, you need specialized help. The vendors who are going after thousands of customers may not be the company you ask to help eradicate a particular piece of malware and do incident response. That is where these newer niche players are coming in"
Profits Slide 70% at Spirent Communications (Motley Fool) The shares of Spirent (LSE: SPT ) declined 1% to 129 pence during early London trade this morning after the FTSE 250 mid-cap revealed first-quarter profits had plunged 70% to $7.6 million. Spirent, which provides performance-testing services for the telecoms industry, confirmed revenues had slumped 18% to $97 million. The company blamed the decline on "challenging trading conditions" and a smaller order book at the start of the year…The company maintained it would increase investment by as much as $14 million during 2013, to exploit opportunities in new technologies such as 4G and cyber security
Products, Services, and Solutions
CBA plans to build privacy technologies into its products (CSO) Customer demand for secure mobile banking has led the Commonwealth Bank of Australia (CBA) to start investigating the development of privacy technologies to be built into its products and services
Airbnb's new Verified ID system makes guests to prove they are real people (CSO) Airbnb's new Verified ID system requires proof of identity to use their system. It's tough out there in recession land. You know who has lots of disposable money? Complete strangers from out of town who you meet on the Internet. Matching guests and hosts has been the successful premise of the online short-term rental marketplace, Airbnb
MAVERICK Technologies, Logos Technologies and Global Velocity Partner to Safeguard U.S. SCADA Systems From Hackers (Wall Street Journal) MAVERICK Technologies, the largest independent systems integrator in North America, announced today a Joint Development Agreement (JDA) with Logos Technologies and Global Velocity to develop a solution set to protect U.S. national infrastructure from potential cyber-attacks
AWS cloud computing pros get certification program (Help Net Security) With the accelerating adoption of cloud computing and the AWS Cloud around the world, organizations are increasingly seeking mechanisms to identify candidates and consultants with demonstrated knowledge
Combat phishing attacks from all email domains (Help Net Security) Return Path announced that its Anti-Phishing Solutions have expanded to enable brand owners to combat attacks from all email domains, including those beyond their control. This represents a product
Hackers challenged to crack unhackable secure messaging app (Help Net Security) Swiss-based U.K. firm Redact has launched a new app which, they claim, offers a completely secure way of exchanging encrypted messages from iPhone to iPhone and even the possibility of deleting a sent
1010data updates big data analytics platform (Help Net Security) 1010data released a new version of its cloud-based Big Data analytics platform, which improves the ability of business analysts to quickly glean insights from the largest volumes of data with its ad-hoc
New mobile security practice from Trustwave (Help Net Security) Trustwave unveiled a new mobile security practice designed to help businesses embrace mobility and BYOD programs while maintaining compliance, managing security risks and protecting corporate networks
Belkasoft Evidence Center 5.3: New Tool to Share Collected Evidence (Forensic Focus) Belkasoft announces a major update to its flagship forensic product, Belkasoft Evidence Center 2013. Version 5.3 introduces Evidence Reader, an all-new free tool allowing Belkasoft users to pass along evidence collected with the main product
Magnet Forensics Adds More to Free Tool - Encrypted Disk Detector v2 (Forensic Focus) A little while back Chad Tilbury, a SANS trainer and talented forensicator, was kind enough to write a blog post about our free tool EDD (Encrypted Disk Detector) and ask his readers to fill out a survey to indicate which additional encryption support they wanted added to EDD
Protecting Your Privacy on the Go With Bitdefender's Android App (Technorati) Bitdefender's clueful sorts out this problem by creating an application which keeps a watch on other applications on the mobile device. Previously, clueful was available only for iPhone, but Bitdefender took a step further to bring the same app for
10 Top Password Managers (InformationWeek) Tired of being stuck in password hell? Consider these password managers that balance security with convenience
Technologies, Techniques, and Standards
Learning From Auditor War Stories (Dark Reading) Sometimes the best lessons come from cautionary tales lived by those before us who didn't get things right the first time around. And in the IT compliance world, no one is more prepared to offer up those stories than the auditors and assessors tasked to check up on IT practices
Top 10 tips: Why you should use the cloud and how to do it securely (ITProPortal) Everyone has an opinion on the 'cloud' and its effect on business – some believe it is dark and scary and fraught with unnecessary risk, while others would argue it's silver lined and the path to greater business performance and cost savings. The truth is that the cloud undeniably has the potential to open up a whole new dimension of opportunities to businesses – but only if data security is properly addressed
How do you protect yourself in the event of a data breach? (Help Net Security) Identity Guard warns consumers to be aware of the increased risk of identity theft and provides tips on how they can help protect themselves from becoming a victim. In a recent study released this
Should You "Freeze" Your Credit Reports? (Huffington Post) Although the odds of having your identity stolen remain quite low, anyone who's ever had their bank or credit card account compromised knows what a pain it can be to unravel the mess. Sometimes enterprising hackers just need your Social Security number, address and date of birth to start running up charges on your existing accounts -- or worse, to open new ones in your name
UK Royal Military Police Cut Digital Forensics Costs With Distributed Processing (Forensic Focus) The UK's Royal Military Police (RMP) Service Police Crime Bureau (SPCB) has cut its case backlog by 42% and reduced costs per initial case by nearly one-third to £3,200 using distributed processing technology
NIST releases 4th version of security control catalog SP 800-53 (FierceGovernmentIT) The National Institute of Standards and Technology released April 30 a revised version of its security control catalog for federal systems, SP 800-53. The revision, the fourth version of the security controls catalog, also includes for the first time an appendix of privacy controls. Changes to the security controls include a new emphasis on secure software development in an effort to shift security away from the focus of the past few years, during which it's targeted matters such as configuration management or continuous monitoring
Design and Innovation
Apple's attempt to ditch skeuomorphism resulting in tight iOS 7 deadlines (Ars Technica) Famed Apple product designer Jony Ive has his hands deep into iOS 7 following the departure of former iOS software head Scott Forstall, leading to potential delays as he revamps the look and feel of the software. That's according to a new report at Bloomberg, which cites sources claiming that Ive is working to rid iOS of the skeuomorphism that came from Forstall's influence in order to impose a "flatter design that's more unified and less cluttered"
Academia
Cyber Warfare: Special Report Thursday at 10 pm (WHNT) "Well the whole point is where is the cyber attack coming from? Sometimes to actually know who launched the cyber attack is not immediately known," said Sara Graves, a UAH Cyber Security Expert. "It's not like an attack from another nation. And then if
UTSA College of Business receives $1 million for digital forensics research (UTSA Today) UTSA is a designated Center of Academic Excellence in Information Assurance Education and a designated Center of Academic Excellence for Information Assurance Research by the National Security Agency and the Department of Homeland Security
Big Data Analytics Masters Degrees: 20 Top Programs (InformationWeek) These one-year and two-year graduate programs are just what's needed to close the big-data talent gap. Read on to find a school that fits your ambitions and background
Legislation, Policy, and Regulation
Uh-oh: AT&T and Comcast are ecstatic about the FCC's new chairman (Ars Technica) AT&T calls new chairman an "inspired pick," seeks end to "outdated" regulations
Australia mulls data breach notification law, but details are secret (CSO) A draft bill has been privately circulated among some stakeholders
US seeks to pressure Google, Facebook et al. into installing wiretapping backdoors (Naked Security) A new proposal would require tech firms to design surveillance-enabling trapdoors from the ground up or modify existing services, facilities and equipment. The FBI says it's necessary to quickly catch terrorists and child abusers, but others say it's a recipe for opening servers up to hacking
Groups criticize FBI plan to require Internet backdoors for wiretaps (CSO) U.S. task force reportedly working on plan to severely penalize companies that fail to comply quickly with wiretap orders. Privacy groups are denouncing a federal government move to force Internet companies like Facebook and Google to build backdoors that would let the FBI and other agencies snoop in on real time online communications
Obama Sides with Anti-CISPA Petitioners (BankInfoSecurity) Here's how Daniel and Park address the administration's three key principles it seeks in any information sharing legislation: (1) privacy and civil liberties protections, (2) ensuring a civilian department (read: Department of Homeland Security)
Do You Want the Government Buying Your Data From Corporations? (Atlantic) Our government collects a lot of information about us. Tax records, legal records, license records, records of government services received-- it's all in databases that are increasingly linked and correlated. Still, there's a lot of personal information the government can't collect. Either they're prohibited by law from asking without probable cause and a judicial order, or they simply have no cost-effective way to collect it. But the government has figured out how to get around the laws, and collect personal data that has been historically denied to them: ask corporate America for it
Expert: Don't be too hands-off with medical apps (Politico) An advocate for health IT regulation worried Tuesday that the Obama administration had been too lenient with medical app developers, some of whom push programs that haven't been evaluated for safety or medical efficacy
Litigation, Investigation, and Law Enforcement
36 governments (including Canada's) are now using sophisticated software to spy on their citizens (Quartz) A new report from Citizen Lab, a Canadian research center, shows surveillance software sold by FinFisher, a "governmental IT intrusion" company owned by the UK-registered Gamma International, is now active in 36 countries. That's up from the 25 countries reported two months ago
For Their Eyes Only: The Commercialization of Digital Spying (Citizen Lab) Citizen Lab is pleased to announce the release of "For Their Eyes Only: The Commercialization of Digital Spying." The report features new findings, as well as consolidating a year of our research on the commercial market for offensive computer network intrusion capabilities developed by Western companies. Our new findings include: We have identified FinFisher Command & Control servers in 11 new Countries. Hungary, Turkey, Romania, Panama, Lithuania, Macedonia, South Africa, Pakistan, Nigeria, Bulgaria, Austria. Taken together with our previous research, we can now assert that FinFisher Command & Control servers are currently active, or have been present, in 36 countries
Things You Shouldn't Text When You're Accused of Bombing Boston: 'LOL' (Wired Danger Room) Boston Marathon bombing suspect Dzhokhar Tsarnaev's text messages prompted his friends to, allegedly, attempt to destroy evidence in the case on his behalf
Piracy or baiting? The thorny legal question of Game Dev Tycoon's honeypot (Ars Technica) Is it piracy just because the user thinks it is? What if the developer encourages it
Whether or not you're a Chinese spy, you shouldn't download porn onto a NASA laptop (Quartz) Bo Jiang, a Chinese research scientist who worked at a NASA facility and was suspected of stealing secrets, is expected to plead guilty today–not for espionage, but for downloading porn on his work computer. Mr Bo, 31, was fired in January for taking a NASA laptop on holiday to China and shortly afterwards named a threat to national security
IGs probe government's handling of Boston intel info (Washington Times) The inspectors general of the intelligence community, the CIA, the Justice Department and the Department of Homeland Security have begun a "coordinated and independent review" of the government's handling of intelligence information leading up to the
USPS has data-related issues, say auditors (FierceGovernmentIT) The Postal Service has data-related issues, the USPS office of inspector general says in a review of reports it's issued from fiscal 2009 through fiscal 2012
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
U.S. Department of State Mobile Computing Forum (Washington, DC, USA, May 23, 2013) The U.S. Department of State's Bureau of Information Resource Management will host an educational forum and IT Expo, themed "Mobile Computing," reflecting their mission to empower diplomacy, consular services and development, by providing access to information and technology solutions anytime and anywhere. The U.S. Department of State has over 69,000 users worldwide at 285 posts with approximately 40,000 remote access users! Small businesses and prime contractors with products and services in Mobile Computing are invited to share information about their companies.
2013 ICAM Information Day and Expo (Washington, DC, USA, Jun 18, 2013) This day provides a forum for the Identity, Credential and Access Management (ICAM) community to get first-hand information on current identity management and related technologies.
NASA National Capital Region Industry Days (Washington, DC, USA, Jun 25 - 27, 2013) This dedicated Information Technology Expo - sponsored by the Office of the Chief Information Officer - will serve as a focal point for NASA personnel to learn about the latest products and advances in the marketplace.
2013 World Comp (Las Vegas, Nevada, USA, Jul 22 - 23, 2013) 2200 leading researchers, academics, and executives from government, academia and industry will come together at this annual event which facilitates communication among researchers in different fields of computer science, computer engineering, and applied computing.
INSA Leadership Dinner with NGA Director Letitia Long (McLean, Virginia, USA, May 2, 2013) NGA At the Crossroads - Visualizing the Future. Join INSA and NGA Director Letitia Long as she shares her vision for transforming NGA and GeoInt in innovative ways that more effectively put the power of data and visual knowledge in the hands of users.
Interop Las Vegas (Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes, 350+ exhibiting companies and the latest technology.
ITWeb Security Summit 2013 (Sandton, South Africa, May 7 - 9, 2013) A conference devoted to cyber security, with a particular emphasis on countering the latest attack vectors. The gathering creates an opportunity for senior security professionals and business decision-makers to learn about new strategies and tactics, and hear insight and comment from leading international and local subject-matter experts, featuring expert insights, interactive workshops, an expo, valuable networking, sought-after SANS training, and practical solutions.
The Computer Forensics Show (New York City, New York, USA, May 8 - 9, 2013) For IT and business executives responsible for creating, implementing, and managing a proactive and comprehensive IT strategy for information security, risk management, compliance, and business continuity management. An understanding of risk and the application of risk assessment methodology is essential to being able to create a secure computing environment. (Co-located with ASIS New York City Security Conference and Expo.)
ASIS 23rd New York City Security Conference and Expo (New York City, New York, USA, May 8 - 9, 2013) Join more than 2,500 professionals in the Big Apple for the largest annual conference in the Northeast for security management and law enforcement professionals. This exciting event will focus on key challenges facing practitioners and organizations in the public and private sectors.(Co-located with the Computer Forensics Show.)
Software Engineering Institute Invitational Hiring Event (Arlington, Virginia, USA, May 8 - 9, 2013) Attention software engineers and cyber security professionals: Carnegie Mellon's Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing on May 8 & 9 at their offices in Arlington to fill immediate local positions. All candidates must be eligible to obtain a Security Clearance. Interviews are by appointment only. At the SEI, you will have opportunities to make an impact on internet security and work with some of the most talented people in the field.
Baltimore Tech-Security Conference (Baltimore, Maryland, USA, May 9, 2013) The Baltimore Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately.
CyberSecurity UAE Summit 2013 (Dubai, UAE, May 13 - 14, 2013) Review developments, strategies and best practice in global cyber security. Assess the nature of the latest threats being faced and the impact of these upon your organisation. Discuss the most promising cyber security technologies in the marketplace. Assess the trends to watch in global cyber security. International Case Studies: Discover the best practice in protecting your organisation from cyber-attack.
GovSec (Washington, DC, USA, May 13 - 15, 2013) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of protecting our communities, critical infrastructures, and key assets. The conference includes sessions devoted to cyber security.
cybergamut Technical Tuesday: Identifying TLS/SSL Encrypted Network Exploitation Activity Using Traffic Externals (Columbia, Maryland, USA, May 14, 2013) Jeff Kuhn of CACI describes recently completed CACI research using adaptive data analytics to distinguish encrypted exploitation activity from legitimate network traffic based on traffic externals in a real world environment.
Thriving in the Post-Sequestration GovCon Era (McLean, Virginia, USA, May 14, 2013) The Potomac Officers Club is hosting a summit for GovCon executives and government leaders to collaborate and share ideas on how to navigate a new era involving sequestration. At least five speakers, each experts in the intersection between the public and private sector, will discuss what is to come after the automatic budget cuts known as sequestration dissipate. Confirmed speakers include: Frank Kendall (Defense Undersecretary for Acquisition, Technology and logistics), Robert Hale (Defense Department Comptroller), Jim McAleese (founder of McAleese & Associates), Pierre Chao (managing partner and co-founder of Renaissance Strategic Advisors), and Stephen Fuller (George Mason University professor and director at the Center for Regional Analysis).
Second Maryland Cybersecurity Center Symposium (MC2) (College Park, Maryland, USA, May 14 - 15, 2013) Drawing on regional experts of national and international acclaim, MC2's second Annual Cybersecurity Symposium will showcase the latest research, trends, and topics in cybersecurity, including: keynote addresses by Dr. Fred Schneider, Randy Sabett, Dr. Kathleen Fisher and Dr. Steve Bellovin; tutorials by MC2 faculty and corporate partners; and Tech Talks by MC2 faculty. The MC2 Symposium program will broaden your knowledge, skillset, and awareness of cybersecurity problems and directions, and the event is sure to present unique opportunities to connect with colleagues across academia, industry, and the state and federal government.
FOSE (Washington, DC, May 14 - 16, 2013) FOSE is the premier event for government technology professionals interested in innovative, effective tools and solutions allowing you and your agency or organization to advance your mission. From IT managers and buyers to CIOs and other technology management professionals, FOSE has the right products, people and solutions for you in one very accessible location.
7th Annual INSA IC Industry Day (Springfield, Virginia, USA, May 15, 2013) This annual event is held at the TS/SCI level in cooperation with ODNI as a comprehensive forum for IC leaders to relate their budget priorities to industry. The theme of this year's IC industry day is Intelligence Program Priorities in a Budget Constrained Environment and will feature keynote addresses from DNI James Clapper, Dr. Roger Mason, ODNI, and Letitia Long, Director, NGA. Registration opens Wednesday, March 27.
Hack Miami (Miami, Florida, USA, May 17 - 19, 2013) The HackMiami 2013 Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference will showcase cutting edge tools, techniques, and methodologies that are at the forefront of the global threatscape.
CEIC 2013 (Orlando, Florida, USA, May 19 - 22, 2013) The largest digital-investigations conference of its kind and the only one to offer hands-on lab sessions for practical skills development. CEIC offers relevant and practical information from expert speakers. It will be of interest to anyone interested in cyber forensics and e-discovery. Former Director of Central Intelligence Michael Hayden will deliver the keynote.
IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)
International Workshop on Cyber Crime (IWCC) (San Francisco, California, USA, May 24, 2013) The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of digital forensics and to present the development of tools and techniques which assist the investigation process of potentially illegal cyber activity. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. (Co-located with the IEEE Symposium on Security and Privacy.)
Web 2.0 Security and Privacy (San Francisco, California, USA, May 24, 2013) The goal of this one-day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and to establish new collaborations in these areas. (Co-located with the IEEE Symposium on Security and Privacy.)
Maryland/DC Celebration of International Trade (Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international trade. Participate in expert discussions lead by manufacturers, legal, financial, transportation and industry experts as well as government leaders in eight vertical tracks for a total of 24 highly interactive 90 minute sessions.
IEEE-Cyber 2013 (Nanjing, China, May 26 - 29, 2013) This conference will cover cyber physical systems, cyber control and automation, cyber robotics, and the Internet of things.
Cyber Security @ CeBIT (Sydney, New South Wales, Australia, May 28 - 30, 2013) The Cyber Security Conference will serve as a platform where all those involved in securing and governing ICT within an organisation can discuss the newest challenges and strategies. The event is a must-attend for CIOs, CSOs, CISOs, Chief Risk Officers, Heads of Governance and Compliance and IT Directors. It is predicted that security service spending in Asia-Pacific will reach $7 billion in 2015, so ensure that you are investing in the best technologies for your business by joining us at the Cyber Security Conference on 28 May 2013 and hearing from leading financial institutions, retailers, airlines, telecoms companies and government.
Private Sector Crossovers: Protecting People, Property and Information (, Jan 1, 1970) With its annual cyber conference on May 29, the Howard County Chamber of Commerce and its GovConnects initiative will offer expert speakers on cyber security and efforts to protect government agencies and private industry. There will be opportunities for informal networking and formal, targeted match-ups for businesses interested in making connections with government contractors and agencies.
Cyber Security for the Chemical Industry (Franfurt, Hessen, Germany, May 29 - 30, 2013) It is becoming increasingly more important than ever to be aware of the latest cyber threats, and equipped to protect your company from them. In addition to physical security, these industries are faced with the ever-increasing risk of cyber attacks to their DCS and SCADA infrastructure networks as well as their R&D networks. These attacks can have a costly affect not only on profits, but also corporate reputation.
DGI Cyber Security Conference & Expo (Washington, DC, 2013, May 30, 2013) Data security threats continue to increase in number and sophistication. The growing use of collaborative technologies - from mobile devices and social media to virtualization and cloud computing - will continue to be one of the most significant factors impacting the security landscape. For these reasons, the federal government has increased efforts to minimize and prevent cyber security attacks, and will continue to place significant focus on securing the nation's cyber infrastructure.