The CyberWire Daily Briefing 05.03.13

Summary

By The CyberWire Staff

Hacktivists and cyber criminals threaten "OpUSA"—a denial-of-service attack on US financial and governmental targets—for May 7. If it follows the recent pattern of OpIsrael, expect a fizzle, but should some of the more capable hacking groups join, the attacks could be consequential. One interesting point wryly noted by Credit Union Times—the Pastebin posts announcing the threat appear to advise depositors to shift their money from big banks to credit unions. Whatever happens, enterprises would be prudent to dust off their mitigation plans.

Twitter has warned its users to expect more account hijacking, and Business Insider interviews someone who claims to have executed last week's AP hack.

Chinese (and, to a lesser extent, Russian) intrusion into QinetiQ North America's infrastructure continues to raise questions about the extent of the compromise—some observers describe the successful attack as, in effect, a backdoor into US Defense networks. Among the tools attackers used was the remote access Trojan (RAT) "lprinp.dll."

Widespread use of open-source components raises supply chain issues (the irreversible globalization of the supply chain is also a matter for concern) but developers say they lack time and resources to address them.

The Electronic Frontier Foundation rates companies on their effectiveness (and resolution) in protecting customers from government snooping: Twitter, Sonic, Dropbox, Google, LinkedIn, and SpiderOak get good marks.

Jane Holl Lute departs the US Department of Homeland Security, and in her valediction warns against handling cyber security like an intelligence program: reliability and integrity of personal identity are central.

Notes.

Today's issue includes events affecting Australia, Austria, Bahrain, Bangladesh, Brunei, Bulgaria, Canada, China, Czech Republic, Estonia, Ethiopia, Germany, Hungary, India, Indonesia, Japan, People's Democratic Republic of Korea, Latvia, Lithuania, Macedonia, Malaysia, Mexico, Mongolia, Netherlands, Nigeria, Pakistan, Panama, Qatar, Romania, Russia, Saudi Arabia, Serbia, Singapore, South Africa, Switzerland, Syria, Turkey, Turkmenistan, United Arab Emirates, United Kingdom, United States and Vietnam.

Selected Reading

Cyber Trends

Exploit Devs At Risk: The Nuclear Scientists Of The Next Decade? (Dark Reading) Will a nations exploit developers become the potential targets of state-sponsored assassinations in the future, much like the nuclear scientists of the past century? When news stories broke last month regarding the legitimacy of using lethal force against civilian hackers, I questioned what the future might hold for exploit devs and other members of the cybersupply chain who are facilitating state-funded, offensive cybercapabilities -- particularly when it comes to more belligerent regimes, such as Iran and North Korea. Are we inevitably set on a path where these individuals may be at the same level of risk that, say, Iranian nuclear researchers have been during the past few years

Most Common IT Security Attack? Not SQL Injection (eSecurity Planet) A new study from Whitehat finds SQL injection doesn't even make the top 10 of website security attacks. Jeremiah Grossman, founder and CTO of Whitehat Security, has seen a lot of different types of security attacks in his time. He knows the most common types of attacks aren't necessarily the ones that have

New report demonstrates that compliance can harm security (InfoSecurity) The Website Security Statistics Report demonstrates that security requires accountability, that 'best practices' is a difficult concept, and that 'what's needed is more secure software, not more security software'

Mobile tech inspires cyber crime (IT Web) The ever-evolving nature of mobile devices opens doors for would-be criminals, making BYOD policy the new business rule. The doors of opportunity are increasingly opening up to cyber criminals as mobile devices become more functional and ubiquitous – with the 400% increase in malware experienced from 2011 to 2012 being a distinct product of modern mobile technology

Column: The Dangers of Deep Packet Inspection (Maximum PC) Over the years, there's been talk on and off about a technology called Deep Packet Inspection, but apart from sounding like the title of sysadmin-themed porn, why should you care? Technically, DPI is what happens when an ISP looks past the headers

Serious website vulnerabilities continue to decrease (Help Net Security) A new WhiteHat Security report has correlated vulnerability data from tens of thousands of websites from more than 650 organizations, with software development lifecycle (SDLC) activity data obtained

The insecurity of the component lifecycle (Help Net Security) Open source component use continues to skyrocket with applications now more than 80 percent component-based, while at the same time organizations continue to struggle with establishing policy to secure

How Realistic is the phrase "Cyber-War" and What is Ransomware? (ITProPortal) James Lyne, Director of Technology Strategy at Sophos talks us through how serious the "cyber war" around information

Saudi Arabia is a top target for cyber attacks (The National) Saudi Arabia is the most targeted country for cyber attacks in the Middle East, according to a new report. The kingdom ranks second globally, while the UAE is the fifth most targeted in the Middle East according to Symantec's Internet Security Threat Report 2013

Legislation, Policy and Regulation

Dutch police may get right to hack in cyber crime fight (BBC) The Dutch government has announced plans to give police far greater powers to fight cybercrime. Under a new bill, investigators would be able to hack into computers, install spyware, read emails and destroy files

Lute: 'We Cannot Run Cyber Like an Intelligence Program' (Nextgov) Today, the Department of Homeland Security loses one of its top voices as Deputy Secretary Jane Holl Lute departs the agency after four years. In addition to her experience in homeland security, Lute has a long history of public service in national

Defence White Paper plans for cyber warfare (Australian Techworld) The Defence White Paper said that the potential impact of malicious cyber activity has grown with Defence's increasing reliance on networked

Products, Services, and Solutions

The Trouble With Identity's Late Arrival On Instagram (TechCrunch) BeTheDancer is Alex Greenburg's name and handle on Instagram. He's a good friend and a brilliant photographer, but because Instagram doesn't require real names, I had a lot trouble using the app's new tagging feature to point him out in my photos. Right now, Instagram's 100 million users are discovering that while pseudoanonymity can be fun, it's not very functional

Fast digital forensics sniff out accomplices (New Scientist) Software that rapidly analyses digital devices and builds a list of a suspect's known associates could be a powerful tool for solving crimes. When a suspect is apprehended, their computers, phones and other devices become important sources of evidence. But mining all that data – a typical case can involve several terabytes of information – takes time, and usually requires specially trained officers. Backlogs can delay investigations for weeks

Norman Helps Experts Decide If They Should Build or Buy a Malware Analysis Platform (Softpedia) Many IT security professionals are often required to analyze pieces of malware and determine the full extent of the damage they can cause to their organization's networks, systems and data. The big question is: should they build their own analysis platform or buy a commercial solution

Review: Codeproof for iOS (Help Net Security) Codeproof Technologie is a SaaS (Software-as-a-Service) provider from Redmond that offers a mobile device management (MDM) solution for Android and iOS devices. This review focuses on the company's

BAE Systems Detica Unveils Detica CyberReveal (Dark Reading) BAE Systems Detica announced the launch of its defense-grade cyber security product, CyberReveal, to the commercial marketplace, for companies to use

Secunia VIM v4.0 (SC Magazine) Secunia VIM is a real-time vulnerability intelligence and management tool, providing organisations with the necessary information required to analyse vulnerabilities in their IT infrastructure, as well as track them from a centralised dashboard interface

A 40Gbps deep packet inspection (electronicsfeed.com) Napatech and Procera Networks, Inc. will debut a new 40 Gbps Deep Packet Inspection (DPI) platform. "As network speeds, and the sheer number of applications

How startup Enigma could change the big data game (FierceBigData) A new kind of big data startup launched this week that lives up to its name: Enigma. It is enigmatic to say the least, as it will be a vast data source open to everyone, most of whom don't have a clue what to do with it. But for those who do, it could be a game changer

Facebook puts account security in the hands of your friends (CNet) The next time you're locked of your Facebook account, one of your besties can loan you the key. Facebook today released a security feature called "Trusted Contacts" as an optional way for people to recover their passwords with the help of their closest friends. Thursday marks the global rollout of the redesigned feature, previously named Trusted Friends, which the company first started testing back in 2011

Mandiant Announces General Availability of Mandiant for Security Operations™ (Fort Mills Times) Mandiant®, the leader in security incident response management, today announced the general availability of Mandiant for Security Operations, enabling security teams to detect, analyze and resolve security incidents in a fraction of the time

Technologies, Techniques, and Standards

Giving FIDO A Longer Leash To Eliminate Web Passwords (Dark Reading) New alliance gaining momentum in push to develop open architecture for authentication interoperability

CIOs Must Manage the Risk of the Status Quo (CIO) One of a CIO's greatest risks is not moving fast enough, says columnist Adam Hartung. To avoid out-of-date thinking, ask futuristic questions like "What if in five years smartphones and tablets totally replace laptops?

Marketplace

Samsung, BlackBerry Devices Cleared For Use On U.S. Defense Networks (Reuters) The Pentagon on Thursday cleared BlackBerry and Samsung mobile devices for use on Defense Department networks, a step toward opening up the military to a wide variety of technology equipment makers while still ensuring communications security

Raytheon brings intelligence unit to Dulles (Washington Business Journal) The moves are part of a Raytheon consolidation to streamline operations that was announced in March. The company said then that its Intelligence and Information Systems unit would be combined its Dulles-based Raytheon Technical Services unit to create

Toronto mobile firm reveals how it got CIA contract (ITWorld Canada) Interested in landing a lucrative business contract with the likes of the United States Central Intelligence Agency, the National Security Agency or the Federal Bureau of Investigation? Despite their cloak-and-dagger reputation, dealing with these

Which companies help protect your data from the government? (Help Net Security) The Electronic Frontier Foundation has released its annual report on online service providers' practices when it comes to protecting users' privacy and data from government access, and it should not

Funding pressure spurs innovation, say federal IT officials (FierceGovernmentIT) Several federal information technology executives say tighter budgets are actually an impetus for innovative problem solving

Budget tops list of concerns in annual CIO survey (FierceGovernmentIT) Budget is the top concern among federal chief information officers in an annual survey from TechAmerica and Grant Thorton, published May 2. Based on interviews with 41 federal CIOs, report authors say federal information technology leaders are concerned about budget constraints caused by the continuing resolution and sequestration, and inadequate budget authorities that impact how much control they have over IT programs

Obama taps fundraiser Pritzker for Commerce post (Fox News) President Obama on Thursday chose two old friends with business executive experience for top posts on his economic team, naming longtime fundraiser Penny Pritzker to the Commerce Department and adviser Michael Froman as U.S. Trade Representative

KKR holds talks with Petraeus over role (Financial Times) David Petraeus, the former CIA director, is in talks with KKR that may lead to a role for him at the private equity firm whose co-founder, Henry Kravis, has a longstanding relationship with the former US military commander

New Dell deal proposal seems likely (FierceFinance) How low will Dell's stock go? For the moment, the stock is hovering just below the $13.65 offer from Michael Dell and Silvery Lake, the only formal deal proposal on the table. But it's fair to say that the stock price could go a lot lower depending on how shareholders vote this summer. If shareholders ultimately nix the deal, the stock could plummet dramatically

Brian Krzanich Elected Intel CEO, Renee James Named President (GovConWire) Brian Krzanich, a 31-year veteran of Intel (NASDAQ: INTC) and current chief operating officer, has been elected to succeed the retiring Paul Otellini as CEO on May 16. Krzanich was a unanimous choice byBudget Year the board of directors and becomes the sixth chief executive in the company's history, Intel said Thursday

Research and Development

Older and Wiser…Up to a Point (IEEE Spectrum) "Tech is a young person's game." "You can't teach old dogs new tricks." "A child could solve this problem--someone send for a child." Prejudice against older programmers is wrong, but new research suggests it's also inaccurate. A dandy natural experiment to test the technical chops of the old against the young has been conducted—or discovered—by two computer scientists at North Carolina State University, in Raleigh. Professor Emerson Murphy-Hill and Ph.D. student Patrick Morrison went to Stack Overflow, a Web site where programmers answer questions and get rated by the audience. It turned out that ratings rose with contributors' age, at least into the 40s (beyond that the data were sparse). The range of topics handled also rose with range (though, strangely, after dipping in the period from 15 to 30). Finally, the old were at least as well versed as the young in the newer technologies

Intel's high-performance, low-power secret: the Haswell SoC (Ars Technica) See you later, Sandy Bridge. Say hello to tablet-like power characteristics. In the semiconductor world, integration is omnipresent, driven by Moore's Law. Integration reduces power and cost while increasing performance. The latest realization of this trend is the System-on-a-Chip (SoC) approach pervasive among PCs, tablets, and smartphones. And the latest SoC is Haswell. Haswell is the first new family of SoCs from Intel to target the 22nm FinFET process, which uses a non-planar transistor that wraps around the gate on three sides. While Ivy Bridge was the first family of 22nm products, it was not fully optimized for the 22nm process. The CPU was a shrink of the 32nm Sandy Bridge rather than a new design

Security Patches, Mitigations, and Software Updates

Apple ships jolly uninteresting iOS 6.1.4 update (Naked Security) Apple just released iOS 6.1.4 for the iPhone 5. Apparently, it improves speakerphone calls, but it doesn't fix the lock-screen bug in iOS 6.1.3

Cyber Attacks, Threats, and Vulnerabilities

Threat of the Week: May 7, Ready or Not (Credit Union Times) You remember Project Blitzkrieg, don't you? Probably you don't, actually, and that is because the late 2012 cyber-attack – said to be the brainchild of Russian criminals who intended to cripple and loot the top 30 U.S. banks – amounted to a whole lot of bluffing. If it happened at all, nobody much noticed

DHS: 'OpUSA' May Be More Bark Than Bite (Krebs on Security) The U.S. Department of Homeland Security is warning that a group of mostly Middle East- and North Africa-based criminal hackers are preparing to launch a cyber attack campaign next week known as "OpUSA" against websites of high-profile US government agencies, financial institutions, and commercial entities. But security experts remain undecided on whether this latest round of promised attacks will amount to anything more than a public nuisance

Meet The 18-Year-Old Syrian Who Says He Helped Hack The AP And Punk The Stock Market (Business Insider) Hackers calling themselves the Syrian Electronic Army (SEA) are causing serious trouble around the world. The pro-Assad group may have scored its biggest hit last week, after the Associated Press Twitter account was hacked and tweeted a false story about a bomb at the White House that briefly caused stocks to plunge. The SEA have claimed responsibility for the hack

Twitter To News Outlets: More Takeovers Ahead (InformationWeek) Twitter memo warns of ongoing account takeover attempts, urges media businesses to prepare. Should Twitter be doing more

Hackers Turned Defense Contractor QinetiQ Into Intelligence Playground (eWeek) The widespread attacks on sensitive corporate and government organizations had top U.S. cyber officials ranking the threat above terrorism, in terms the threat posed to U.S. interests. In March, the Director of National Intelligence and the head of the

When a defense contractor gets hacked repeatedly, you know cybersecurity is a problem (Gigaom) A defense contractor faced repeated hacks from Chinese spies who gained access to terabytes of confidential data, Bloomberg reports. More security tools could help, and the government could do more to protect itself

Chinese hackers drain U.S. military secrets from defense contractor (VentureBeat) Chinese cyberspies stole a good majority of U.K.-based defense contractor QinetiQ's wealth of U.S. military research, according to Bloomberg. The theft happened over a three-year period in which QinetiQ seemed to make all the wrong moves…Furthermore, when future attacks were uncovered –such as one reported by NASA — the company continued to treat them as isolated events instead of as an organized attempt to steal what eventually would be secret military data on drones, robotics, and more…We have reached out to QinetiQ for comment on the report and will update this story upon hearing back

Defense contractor pwned for years by Chinese hackers (Ars Technica) Data from HBGary hack showed hackers pillaged QinetiQ since at least 2007. QinetiQ, a UK-based defense contractor, has its fingers all over some of the US Defense Department's most sensitive systems. The company's subsidiaries provide robots, diagnostic systems, intelligence systems for satellites, drones, and even "cyber-security" to the US Department of Defense. The parent company, which was created as a privatized spinoff of the British Defense Evaluation and Research Agency—what was the UK's equivalent of the US Defense Advanced Research Projects Agency—is often cited as the inspiration for James Bond's "Q." But for at least three years, QinetiQ was apparently unintentionally supplying its expertise to another customer: China…The hackers were able to exploit unpatched security flaws and other vulnerabilities across QNA to infiltrate multiple divisions of the company—including Cyveillance, the company's cybersecurity unit

Pentagon Warns North Korea Could Become a Hacker Haven (Wired Danger Room) North Korea is barely connected to the global internet. But it's trying to step up its hacker game by breaking into hostile networks, according to the Pentagon

FinFisher spy kit's C&C servers are popping up around the world (Help Net Security) Some two months ago, Reporters Without Borders have identified UK-based Gamma International as one of the "enemies of the Internet" due to their FinFisher spyware tool kit being used by a number of

Fake AV scammers impersonate Microsoft (Help Net Security) Cyber scammers continue to impersonate Microsoft and try to trick users into believing that their computer is serious need of an AV solution. Webroot researchers have spotted an active campaign

How porn links and Ben Bernanke snuck into Bitcoin's code (CNN Money) Here's a little-known quirk of cyber currency Bitcoin: There are coded messages hidden in the ledger that track bitcoin transactions. Most are innocuous, but this week, the discovery of a malicious transmission filled with porn links set the Bitcoin community abuzz

Network gaming company uses its "cheat-prevention" client to build a Bitcoin botnet (Naked Security) One problem with network games: how do you trust the other people in the contest? You could build a network that requires your customers to installed a special "cheat-blocker" client…and then use the client to mine Bitcoins

A primer on Bitcoin risks and threats (Help Net Security) Bitcoin is a digital currency whose creation and transfer is based on an open source cryptographic protocol. There are many benefits to using it (no transaction fees, anonymous payments, etc.), but

Google Glass hackers can see what you see, hear what you hear (Fox News) Thanks to a glaringly obvious security flaw in the futuristic Google Glass wearable computer, a hacker could within minutes take control of the device -- seeing what you look at, hearing what you hear, experiencing life through your senses

Phishing scams get more crafty (World Radio Switzerland) Cyber criminals are becoming more crafty according to the government's Reporting and Analysis Center for Information Assurance (MELANI). Criminals are adapting their phishing methods to keep up with banks' security measures. MELANI is warning people

Breached dam data poses no threat to public, Army says (CSO) Someone with fraudulent credentials was given government-level access to national dam database for months

Academia

OU Student's Film Examines Internet Privacy, Security (WOUB) When Jeremy Zerechak was called to relieve the first rotation of Operation Iraqi Freedom in 2004, he took a leave of absence from his film studies at Penn State University, packed his duffle bag with video equipment, and arrived for training at the United States Army base of Fort Dix, N.J., with the intention of "capturing as much content as possible"…It was at a Los Angeles festival screening when Zerechak heard the call of his second film. He met a patron who had worked as an intrusion protection specialist for the Federal Reserve. After picking the man's brain over the course of the festival, Zerechak returned to Pittsburgh "almost convinced" he had found a new project: detailing the intricacies of privacy and security in the age of information technology. In his preliminary research, he uncovered an expansive story that was largely untold in the mainstream media. And when the media did touch on it, Zerechak said, it was subject to gross inaccuracies and hyperbole

The hollow promise of a big-data education revolution (FierceBigData) One of the more hollow promises of big data is the one promising to revolutionize education, if by "revolutionize" those making the claim mean "swiftly improve." I wholeheartedly think big data will revolutionize many things. I just don't think education is one of them. I am not an education expert and this is not an education column. But claims like this are what make people scoff at big data

Ewing's Voice: Cyberattacks Hinder Relationships (My High School Journalism) The attacks from this building were tracked to the military headquarters of China, according to an in-depth study released by the American computer security firm Mandiant. The building is home to the headquarters of the People's Liberation Army's, also

Litigation, Investigation, and Enforcement

Secretive Spy Court Approved Nearly 2,000 Surveillance Requests in 2012 (Wired Threat Level) A secretive federal court last year approved all of the 1,856 requests to search or electronically surveil people within the United States "for foreign intelligence purposes," the Justice Department reported this week

Florida Supreme Court Deepens Lower Court Split on Searching a Cell Phone Incident to Arrest (Volokh Conspiracy) I recently mentioned my new short essay, Foreword: Accounting for Technological Change, 36 Harv. J. L. & Pub. Pol'y 403 (2013), about how the Supreme Court should resolve the lower court division on the Fourth Amendment rule for searching a cell phone incident to arrest. In light of that, I thought I would flag this morning's decision by the Florida Supreme Court deepening the lower court division. In the new case, Smallwood v. State, the court ruled that the police can routinely seize a cell phone incident to arrest, but they generally need a warrant to search it absent a demonstrated risk that evidence on the phone could be destroyed after it had been seized

Top Bitcoin exchange hit with $75 million suit over failed partnership (Ars Technica) CoinLab sued after Mt. Gox allegedly failed to hand off its American operations

Design and Innovation

Guys Like This Could Kill Google Glass Before It Ever Gets Off the Ground (Wired Business) The Segway. The Bluetooth headset. The pocket protector. What do these three technologies have in common? They all pretty much work as promised. They all seem like good ideas on paper. And they're all too dorky to live

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

(ISC)² CyberSecureGov (Crystal City, Virginia, USA, May 7 - 8, 2013) Join (ISC)² for an exciting two days as they explore the prevailing factors working against US Government IT Security practitioners and managers, how existing technical and personnel resources are faring during this time of transition, what new resources are emerging -- from both industry and government -- that hold promise in helping to fulfill the mission of securing government systems and citizens, and more.

Interop Las Vegas (Las Vegas, Nevada, USA, May 6 - 10, 2013) Attend Interop Las Vegas, May 6-10, and attend the most thorough training on Apple deployment at the NEW Mac & iOS IT Conference. Join us in Las Vegas for access to 125+ workshops and conference classes, 350+ exhibiting companies and the latest technology.

ITWeb Security Summit 2013 (Sandton, South Africa, May 7 - 9, 2013) A conference devoted to cyber security, with a particular emphasis on countering the latest attack vectors. The gathering creates an opportunity for senior security professionals and business decision-makers to learn about new strategies and tactics, and hear insight and comment from leading international and local subject-matter experts, featuring expert insights, interactive workshops, an expo, valuable networking, sought-after SANS training, and practical solutions.

The Computer Forensics Show (New York City, New York, USA, May 8 - 9, 2013) For IT and business executives responsible for creating, implementing, and managing a proactive and comprehensive IT strategy for information security, risk management, compliance, and business continuity management. An understanding of risk and the application of risk assessment methodology is essential to being able to create a secure computing environment. (Co-located with ASIS New York City Security Conference and Expo.)

ASIS 23rd New York City Security Conference and Expo (New York City, New York, USA, May 8 - 9, 2013) Join more than 2,500 professionals in the Big Apple for the largest annual conference in the Northeast for security management and law enforcement professionals. This exciting event will focus on key challenges facing practitioners and organizations in the public and private sectors.(Co-located with the Computer Forensics Show.)

Software Engineering Institute Invitational Hiring Event (Arlington, Virginia, USA, May 8 - 9, 2013) Attention software engineers and cyber security professionals: Carnegie Mellon's Software Engineering Institute needs your top notch skills to meet today's challenges. SEI staff will be interviewing on May 8 & 9 at their offices in Arlington to fill immediate local positions. All candidates must be eligible to obtain a Security Clearance. Interviews are by appointment only. At the SEI, you will have opportunities to make an impact on internet security and work with some of the most talented people in the field.

Baltimore Tech-Security Conference (Baltimore, Maryland, USA, May 9, 2013) The Baltimore Tech-Security Conference features 25-30 vendor exhibits and several industry experts discussing current tech-security issues such as email security, VoIP, LAN security, wireless security, USB drives security & more. There will be lots of give a ways and prizes such as iPods, $25, $50 and $100 gift cards, as well as cash prizes and lots more! This unique conference format will provide educational speaker sessions as well as tremendous networking opportunities. You'll come away with advice and knowledge you can start applying to your environment immediately.

CyberSecurity UAE Summit 2013 (Dubai, UAE, May 13 - 14, 2013) Review developments, strategies and best practice in global cyber security. Assess the nature of the latest threats being faced and the impact of these upon your organisation. Discuss the most promising cyber security technologies in the marketplace. Assess the trends to watch in global cyber security. International Case Studies: Discover the best practice in protecting your organisation from cyber-attack.

GovSec (Washington, DC, USA, May 13 - 15, 2013) GovSec is the nation's premier event for Government, Homeland Security, and Law Enforcement professionals looking for proven strategies and cost effective technology so they can achieve their mission of protecting our communities, critical infrastructures, and key assets. The conference includes sessions devoted to cyber security.

cybergamut Technical Tuesday: Identifying TLS/SSL Encrypted Network Exploitation Activity Using Traffic Externals (Columbia, Maryland, USA, May 14, 2013) Jeff Kuhn of CACI describes recently completed CACI research using adaptive data analytics to distinguish encrypted exploitation activity from legitimate network traffic based on traffic externals in a real world environment.

Thriving in the Post-Sequestration GovCon Era (McLean, Virginia, USA, May 14, 2013) The Potomac Officers Club is hosting a summit for GovCon executives and government leaders to collaborate and share ideas on how to navigate a new era involving sequestration. At least five speakers, each experts in the intersection between the public and private sector, will discuss what is to come after the automatic budget cuts known as sequestration dissipate. Confirmed speakers include: Frank Kendall (Defense Undersecretary for Acquisition, Technology and logistics), Robert Hale (Defense Department Comptroller), Jim McAleese (founder of McAleese & Associates), Pierre Chao (managing partner and co-founder of Renaissance Strategic Advisors), and Stephen Fuller (George Mason University professor and director at the Center for Regional Analysis).

Second Maryland Cybersecurity Center Symposium (MC2) (College Park, Maryland, USA, May 14 - 15, 2013) Drawing on regional experts of national and international acclaim, MC2's second Annual Cybersecurity Symposium will showcase the latest research, trends, and topics in cybersecurity, including: keynote addresses by Dr. Fred Schneider, Randy Sabett, Dr. Kathleen Fisher and Dr. Steve Bellovin; tutorials by MC2 faculty and corporate partners; and Tech Talks by MC2 faculty. The MC2 Symposium program will broaden your knowledge, skillset, and awareness of cybersecurity problems and directions, and the event is sure to present unique opportunities to connect with colleagues across academia, industry, and the state and federal government.

FOSE (Washington, DC, May 14 - 16, 2013) FOSE is the premier event for government technology professionals interested in innovative, effective tools and solutions allowing you and your agency or organization to advance your mission. From IT managers and buyers to CIOs and other technology management professionals, FOSE has the right products, people and solutions for you in one very accessible location.

7th Annual INSA IC Industry Day (Springfield, Virginia, USA, May 15, 2013) This annual event is held at the TS/SCI level in cooperation with ODNI as a comprehensive forum for IC leaders to relate their budget priorities to industry. The theme of this year's IC industry day is Intelligence Program Priorities in a Budget Constrained Environment and will feature keynote addresses from DNI James Clapper, Dr. Roger Mason, ODNI, and Letitia Long, Director, NGA. Registration opens Wednesday, March 27.

Hack Miami (Miami, Florida, USA, May 17 - 19, 2013) The HackMiami 2013 Hackers Conference seeks to bring together the brightest minds within the information security industry and the digital underground. This conference will showcase cutting edge tools, techniques, and methodologies that are at the forefront of the global threatscape.

CEIC 2013 (Orlando, Florida, USA, May 19 - 22, 2013) The largest digital-investigations conference of its kind and the only one to offer hands-on lab sessions for practical skills development. CEIC offers relevant and practical information from expert speakers. It will be of interest to anyone interested in cyber forensics and e-discovery. Former Director of Central Intelligence Michael Hayden will deliver the keynote.

IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers and practitioners in the field. Papers offer novel research contributions in any aspect of computer security or electronic privacy. Papers may represent advances in the theory, design, implementation, analysis, or empirical evaluation of secure systems, either for general use or for specific application domains. (Co-located with the IWCC and Web 2.0 Security and Privacy.)

U.S. Department of State Mobile Computing Forum (Washington, DC, USA, May 23, 2013) The U.S. Department of State's Bureau of Information Resource Management will host an educational forum and IT Expo, themed "Mobile Computing," reflecting their mission to empower diplomacy, consular services and development, by providing access to information and technology solutions anytime and anywhere. The U.S. Department of State has over 69,000 users worldwide at 285 posts with approximately 40,000 remote access users! Small businesses and prime contractors with products and services in Mobile Computing are invited to share information about their companies.

International Workshop on Cyber Crime (IWCC) (San Francisco, California, USA, May 24, 2013) The aim of this workshop is to bring together the research accomplishments provided by the researchers from academia and the industry. The other goal is to show the latest research results in the field of digital forensics and to present the development of tools and techniques which assist the investigation process of potentially illegal cyber activity. We encourage prospective authors to submit related distinguished research papers on the subject of both: theoretical approaches and practical case reviews. (Co-located with the IEEE Symposium on Security and Privacy.)

Web 2.0 Security and Privacy (San Francisco, California, USA, May 24, 2013) The goal of this one-day workshop is to bring together researchers and practitioners from academia and industry to focus on understanding Web 2.0 security and privacy issues, and to establish new collaborations in these areas. (Co-located with the IEEE Symposium on Security and Privacy.)

Maryland/DC Celebration of International Trade (Linthicum, Maryland, USA, May 21, 2013) Join Maryland exporters and international business experts as they celebrate International Trade Week. Hosted by the Maryland/DC District Export Council this event is a content rich celebration of international trade. Participate in expert discussions lead by manufacturers, legal, financial, transportation and industry experts as well as government leaders in eight vertical tracks for a total of 24 highly interactive 90 minute sessions.

IEEE-Cyber 2013 (Nanjing, China, May 26 - 29, 2013) This conference will cover cyber physical systems, cyber control and automation, cyber robotics, and the Internet of things.

Cyber Security @ CeBIT (Sydney, New South Wales, Australia, May 28 - 30, 2013) The Cyber Security Conference will serve as a platform where all those involved in securing and governing ICT within an organisation can discuss the newest challenges and strategies. The event is a must-attend for CIOs, CSOs, CISOs, Chief Risk Officers, Heads of Governance and Compliance and IT Directors. It is predicted that security service spending in Asia-Pacific will reach $7 billion in 2015, so ensure that you are investing in the best technologies for your business by joining us at the Cyber Security Conference on 28 May 2013 and hearing from leading financial institutions, retailers, airlines, telecoms companies and government.

Private Sector Crossovers: Protecting People, Property and Information (, January 1, 1970) With its annual cyber conference on May 29, the Howard County Chamber of Commerce and its GovConnects initiative will offer expert speakers on cyber security and efforts to protect government agencies and private industry. There will be opportunities for informal networking and formal, targeted match-ups for businesses interested in making connections with government contractors and agencies.

Cyber Security for the Chemical Industry (Franfurt, Hessen, Germany, May 29 - 30, 2013) It is becoming increasingly more important than ever to be aware of the latest cyber threats, and equipped to protect your company from them. In addition to physical security, these industries are faced with the ever-increasing risk of cyber attacks to their DCS and SCADA infrastructure networks as well as their R&D networks. These attacks can have a costly affect not only on profits, but also corporate reputation.

DGI Cyber Security Conference & Expo (Washington, DC, 2013, May 30, 2013) Data security threats continue to increase in number and sophistication. The growing use of collaborative technologies - from mobile devices and social media to virtualization and cloud computing - will continue to be one of the most significant factors impacting the security landscape. For these reasons, the federal government has increased efforts to minimize and prevent cyber security attacks, and will continue to place significant focus on securing the nation's cyber infrastructure.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.