The CyberWire Daily Briefing 08.21.14

Summary

By The CyberWire Staff

Anonymous calls for a "day of rage" over Ferguson, Missouri, today.

Assad-sponsored (or at least supporting) malware worries observers in MENA and South Asia: it may be difficult for its operators to contain (if its operators care).

Reports surface that confidential files relating to the disappearance of MH370 were exfiltrated early in the investigation from Malaysian government systems to servers in China.

Kaspersky reports discovering a cyber-espionage campaign (they're calling it "Machete") that's focused on "high profile victims, including government, military, law enforcement agencies and embassies" for the past four years. Most of the targets are in Latin America, but the campaign has also been active in Russia, and (at significantly lower levels) North America and Europe.

Motives of the Community Health Systems hackers (still apparently Chinese) remain the subject of speculation, but the hack's enabling conditions are clearer, and overdetermined: loose patching, poor crypto, ineffectual network monitoring, inadequate data segmentation, and, oh, Heartbleed.

UPS discloses it's recently been the victim of Backoff retail point-of-sale malware. UPS says it contained the breach rapidly.

Gameover's rise from the botnet dead is being managed cautiously, the better to escape another swift takedown.

Bitcoin is being widely used as phishbait in targeted attacks on organizations.

Journalists seek to make our flesh creep with credible takes of 911 and traffic light vulnerabilities.

Stoners relax as the "Facebook Drug Task Force" is revealed to be a hoax.

Interesting comparisons are made between the cyber and maritime domains (but caveat lector — such compelling analogies can mislead).

Notes.

Today's issue includes events affecting Austria, Canada, China, Colombia, Cuba, Ecuador, European Union, India, Ireland, Israel, Malaysia, Peru, Russia, Spain, Syria, United Kingdom, United States and Venezuela

Selected Reading

Cyber Trends

Some Principles of Cyber Strategy (ISN) Although cyberspace has existed for decades, the strategic principles of cyber-warfare have not yet been devised. In beginning to do so, John J. Klein believes that similarities between the cyber and maritime domains suggest that the thought of Sir Julian Corbett should be used as inspiration

Cyber Crime Opens New Portals Offers New Solutions (Guardian Liberty Voice) Another medical group falls to a cyber crime; this one apparently funded by a group in China or possibly the Chinese government itself. This particular internet attack was more brazen and included the theft of more than 4.7 million personal data records and Social Security numbers belonging to patients with Community Health Systems Inc., located in Franklin, Tennessee. The cyber group recognized as APT18, is generally acknowledged as the instigator of the invasion. Cyber crime opens new portals of opportunity. New alternatives on the horizon offer solutions

WVU professor: Cyber crimes 'an immense challenge' (Independent Herald) The announcement last week that a Russian crime organization had stolen the credentials of 1.2 billion Internet users has shaken the technology world

Smart city control networks being architected more securely than SCADA (CSO) Advocates of heavily instrumented 'smart city' infrastructure are acutely aware of the legacy left by insecure SCADA control systems and are instrumenting modern industrial-control networks with a higher degree of security, according to smart-cities architect Silver Spring Networks

A Second Act For The Internet Of Things (TechCrunch) There has been a lot of talk in the venture capital industry about automating the home and leveraging Internet-enabled devices for various functions

Healthcare mobility is balancing act between security and usability (FierceMobileIT) Protecting some of the most personally sensitive information for the most security-conscious government agencies is no small task, and a panel of government healthcare experts said their primary challenge is to balance security with the ease of use that mobility brings

Customers welcome C-suite advocate, CipherCloud chief trust officer reports (CSO) Working as a chief trust officer has given Bob West a new perspective on the conversations security companies are having with customers ? and his experience so far has convinced him that a growing number of companies are going to find value in appointing board-level executives to act as data-security liaisons between customers and the executive

MDM vendors come up short on security (FierceMobileIT) While BYOD has increased the productivity of today's workers, it has also introduced a range of security threats, such as malware, direct attacks, data loss or theft and social engineering

In drone wars, dogfights won't be in the air but in the spectrum (Defense Systems) Like other senior officers in kindred offices in the Defense Department, Col. Jim Ekvall, who heads up the Army?s Electronic Warfare Division, is concerned with how to answer the looming threat of enemy UAVs to U.S. and allied unmanned fleets

What it feels like to be the last generation to remember life before the internet (Quartz) Technology has a lot to answer for: killing old businesses, destroying the middle class, Buzzfeed. Technology in the form of the internet is especially villainous, having been accused of everything from making us dumber (paywall) to aiding dictatorships. But Michael Harris, riffing on the observations of Melvin Kranzberg, argues that "technology is neither good nor evil. The most we can say about it is this: It has come"

Legislation, Policy and Regulation

Spy agency mishandled information about Canadians: watchdog (CTV News) Canada's electronic spy agency intercepted — and kept — several private communications of Canadians last year in violation of internal policies on personal information

'Big data' lobbyist: Congress doesn't want online privacy law (The Hill) A lobbyist for one of the top companies that trades in consumer data is confident that Congress won?t set rules for how online marketers use information about consumers

FCC Republican wants to let states block municipal broadband (Ars Technica) Democrats warned not to take action a future Republican-led FCC would dislike

Products, Services, and Solutions

Microsoft mulled on rebranding Internet Explorer to bury bad reputation (Tech Times) Internet Explorer, which has a user share of 58 percent, may be the most popular internet browser in the world. The percentage is almost triple the twenty percent share held by Google's Chrome which places the browser second in the rank

Twitter Pollutes The Timeline (Tech Crunch) If your Twitter stream is looking a little more crap (random) than usual there's a concrete reason for that: Twitter has made a behind-the-scenes change which means it's algorithmically adulterating the mix of content you see. Not that they're putting it like that, of course

Sentinel Elite: Adding $250,000 Worth of Breach Protection (WhiteHat Security) A week ago WhiteHat launched Sentinel Elite where we made a bold statement, perhaps one of the boldest statements any security vendor can make. We're offering a financially backed security guarantee: if a website covered by Sentinel Elite gets hacked, specifically using a vulnerability we didn't identify and should have, the customer will be refunded in full

Using the iStorage datAshur Personal secure USB flash drive (Help Net Security) The iStorage datAshur Personal is a PIN-activated USB flash drive designed for everyday use, both private and corporate. The drive comes in three sizes: 8GB, 16GB and 32GB. I tested the 8GB version

Panda Free Antivirus 2015 (PC Magazine) Having two distinct lines can be tough for an antivirus vendor. Your products can wind competing with one another. Panda Security is no longer in that position

Multi-device protection from eScan and AV test certification for eScan Internet Security Suite (ITWeb) eScan Universal Security Suite ensures a safe computing experience for Windows and Linux PCs, Macs, Android mobiles and tablets with just a single licence key

Technologies, Techniques, and Standards

Big Data Overwhelms Security Teams (eSecurity Planet) Experts say increased automation and better analytics will help security teams overwhelmed by Big Data

TOR Browser Hardening Features Under Scrutiny (Threatpost) Tor is a target like never before. The NSA has made no bones about its disdain for the anonymity network, and someone, allegedly researchers from Carnegie Mellon University, were recently on the network trying to de-anonymize users of its hidden services

4 Tips: Protect Government Data From Mobile Malware (InformationWeek) Mobile malware continues to proliferate, particularly on Android devices. These four steps help counter the threat

AlienVault Releases Intrusion Detection Systems (IDS) Best Practices (Hacker News) Network security practitioners rely heavily on intrusion detection systems (IDS) to identify malicious activity on their networks by examining network traffic in real time

How Twitter's new "BotMaker" filter flushes spam out of timelines (Ars Technica) Sifting spam from ham at scale and in real time is a hard problem to solve

Putting Data in Perspective With Web Intelligence (Recorded Future) Government and private sector threat intelligence analysts are awash in data: both proprietary and open source. The evaluation of both — all-source analysis — provides analysts the perspective they need to communicate risk and better task (often expensive) resources at their disposal. Leveraging web intelligence (WEBINT) can effectively apply open sources to this process

Mobile device security: Tackling the risks (Help Net Security) Mobile devices with their large data capacities, always on capabilities, and global communications access, can represent both a business applications? dream and a business risk nightmare

GCHQ helps with cyber attack game (Press Association via Yahoo! News) A new game created by a British intelligence agency depicting a cyber attack on the UK is being used to raise awareness and test the public's ability to deal with online security

Marketplace

Making the World a Better Place While Helping an Acquisition Succeed (The Wall Street Transcript) Several years ago, Cryptography Research was in talks with Rambus about a potential acquisition. The opportunity was exciting, and would bring a chance to grow and transform the company I had started in 1995. For both entrepreneurs and acquirers, however, acquisitions are scary — even for Cisco, which knows more about acquiring than almost any other company, about a third of acquisitions fail

Lockheed Martin Growing Its Cyber, Big Data Business (National Defense) Rapid innovations in information technology and changes in the geopolitical environment — including events such as the conflict in the Gaza Strip and the rise of the Islamic State of Iraq and the Levant — all point to the military's need for large amounts of quickly digestible data

Northrop Grumman Wins US Navy CANES Shipboard Network Full Deployment Contract (MarketWatch) The U.S. Navy has selected Northrop Grumman Corporation NOC, +0.91% as one of five contractors for the Consolidated Afloat Networks and Enterprise Services (CANES) full deployment production contract to upgrade cybersecurity, command and control, communications and intelligence (C4I) systems across the fleet. The indefinite delivery, indefinite quantity multiple award contract has a potential value of $2.5 billion over eight years

500,000 Chinese ATM machines ripe for Israeli security (Times of Israel) Fresh off a mission protecting fans at the World Cup, RISCO will now protect cash machines in China

Hexis Cyber Solutions Announces Reseller Agreement With Accuvant (GlobeNewswire via Nasdaq) Hexis Cyber Solutions (Hexis), a wholly-owned subsidiary of The KEYW Holding Corporation (Nasdaq:KEYW), and a provider of advanced cybersecurity solutions for commercial companies and government agencies, today announced a reseller agreement with Accuvant, a leading provider of information security solutions serving enterprise-class organizations across North America

CSC Vet Sam Visner Joins ICF as Cybersecurity Business SVP, GM (GovConWIre) Sam Visner, a 35-year cybersecurity and intelligence veteran and a former Computer Sciences Corp. (NYSE: CSC) executive, has joined ICF International as senior vice president and general manager of the Fairfax, Virginia-based company?s cybersecurity business

Research and Development

Researchers build security framework for Android (CSO) U.S. and German researchers develop hooks for attaching enterprise-class security modules to Android

How to Break Cryptography With Your Bare Hands (MIT Technology Review) The latest way to snoop on a computer is by measuring subtle changes in electrical potential as data is decrypted

The Next Battleground In The War Against Quantum Hacking (MIT Technology Review) Ever since the first hack of a commercial quantum cryptography device, security specialists have been fighting back. Here's an update on the battle

Cyber Attacks, Threats, and Vulnerabilities

#OpFerguson: Anonymous Calls For 'National Day Of Rage' against Mike Brown Shooting (HackRead) The online hacktivist collective Anonymous has announced a "National Day of Rage" to protest against the response of Ferguson police after the shooting of 17 yr Mike Brown. The protest can be massive as it will take place on Thursday (21/08/2014) in 37 cities across the United States

Syrian malware is lurking, is dangerous (Deccan Chronicle) The geopolitical conflicts of the Middle East have deepened in the last few years, particularly in Syria. The cyberspace conflict there is intensifying as sides try to tip the struggle in their favor by exploiting cyber intelligence and making use of obfuscation. Kaspersky Lab?s latest threat research has unveiled a whole range of malware related to Syria, using a variety of techniques including sophisticated social engineering tricks. Even though new malicious samples appear every day, users should have an understanding of these techniques and tools currently being used to target users in the Middle East and especially Syrian citizens

Malaysian investigators 'hacked' for confidential MH370 records (SC Magazine) Around 30 computers at Malaysian law enforcement agencies looking into the disappearance of the MH370 airplane have reportedly been hacked, with perpetrators making off with confidential data on the aircraft

Chinese hackers targeted the MH 370 investigation and appear to have stolen classified documents (Quartz) Chinese hackers targeted the computers of high-ranking officials from the Malaysian government and Malaysia Airlines and stole classified information during the early stages of the investigation into missing flight MH 370

Machete cyber espionage campaign targeting Latin America (Help Net Security) Kaspersky Lab discovered a new cyber-espionage campaign code-named Machete. This campaign has been targeting high profile victims, including government, military, law enforcement agencies and embassies for at least four years

Heartbleed Not Only Reason For Health Systems Breach (Dark Reading) Community Health Systems' bad patching practices are nothing compared to its poor encryption, network monitoring, fraud detection, and data segmentation, experts say

Why Would Chinese Hackers Steal Millions of Medical Records? (Bloomberg) A group of sophisticated Chinese hackers known for its high-stakes corporate espionage has a history of stealing medical-device blueprints, prescription-drug formulas and other valuable intellectual property from large health-care companies

Debugging The Myths Of Heartbleed (Dark Reading) Does Heartbleed really wreak havoc without a trace? The media and many technical sites seemed convinced of this, but some of us were skeptical

Severity of Attacks against Organizations Escalated (Trend Micro: Simply Security) Another massive healthcare breach has occurred this week, and it supports research and intelligence we are seeing as described in our Q2 Threat Roundup

UPS hit by cyber attack (Financial Times) United Parcel Service is among a new wave of retailers that have been targeted by cyber criminals, with data from more than 100,000 transactions exposed at franchises across the US

'Reveton' ransomware adds powerful password stealer (ComputerWorld) Avast thinks its controllers are trying to diversify after profits have fallen

Latest Gameover botnet lays low, looking to resist takedown (Ars Technica) The botnet that the government shut down is back, with some changes

Spam industry reinvented as messages containing malicious links surge (CSO) Malicious links now in one in six spam emails

Cybercriminals Embark on Bitcoin Phishing Expedition (SecurityWeek) Attackers are playing on the hype around the crypto-currency Bitcoin to cast a wider phishing net looking for victims. It's not just bank credentials cyber-criminals are looking for

Workers at U.S. nuclear regulator fooled by phishers (CSO) Nuclear Regulatory Commission employees were tricked into disclosing passwords and downloading malware

Microsoft detects fall in fake antivirus traffic (Beta News) Rogue security programs that try to trick the user into paying to remove a false virus detection have been around for a while, the earliest dating back to 2007. The software is clever, using different names and brands to cover its tracks, and clearly their perpetrators make money

Analysis reveals many malicious Chrome extensions (Help Net Security) An analysis of 48,332 browser extensions from the Chrome web store has revealed 130 outright malicious and 4,712 suspicious extensions, some of which have been downloaded by millions of users

Exploit kits put Silverlight security issues in focus (TechTarget) Silverlight security issues will demand more attention as attackers increasingly target the plug-in, leaving users vulnerable to various exploits

Incapsula mitigates multi-vector DDoS attack lasting longer than a month (SC Magazine) From the middle of June to nearing the end of July, security company Incapsula helped a targeted video game company withstand a nonstop distributed denial-of-service (DDoS) attack utilizing numerous vectors

How Hackers Could Mess With 911 Systems and Put You at Risk (Wired) The female caller was frantic. Why, she asked 911 dispatchers, hadn't paramedics arrived to her home? She'd already called once to say her husband was writhing on the floor in pain

Hacking Traffic Lights Is Apparently Really Easy (Time) Security researchers in Michigan reveal vulnerabilities in crucial roadway infrastructure

'Facebook Drug Task Force' hoax cranks up the paranoia (Naked Security) Marijuana users around the world heaved a sigh of relief and went back to ordering pizza delivery after it was revealed that the "Facebook Drug Task Force" (FDTF) and its new militarized corporate police force were a hoax

Academia

From CERDEC's Outreach Program STEMs a New Generation of Scientists (SIGNAL) College students of today are studying for jobs that have yet to be conceived — an insight into the rapidity at which fields of science, technology, engineering and mathematics are transforming

Six cyber security master's degrees certified by GCHQ (Acumin) Cabinet Office Minister Francis Maude has announced six new master's degree courses in information security, with certification to be awarded by GCHQ

More Women Entering Cybersecurity Fields Aided By Industry Scholarship Program (Homeland Security Today) Sherri Pearlman, a former Marine Corporal pursuing her master's degree at National University — a National Center of Academic Excellence in Information Assurance Education by the National Security Agency (NSA) and Department of Homeland Security (DHS) — is among 11 recipients of the Women Studying Information Security (SWSIS) scholarship program which aims to increase the number of women pursuing careers in information security-related fields

Vice President Biden Congratulates Winners of National Collegiate Cyber Defense Competition (White House) Vice President Joe Biden speaks to the 2014 National Collegiate Cyber Defense Competition Champions from the University of Central Florida, in the Indian Treaty Room in the Eisenhower Executive Office Building, in Washington, D.C., August 19, 2014

Litigation, Investigation, and Enforcement

Antivirus Works Too Well, Gripe Cybercops (Wall Street Journal) For years, police have been in a cat-and-mouse game with an unexpected foe that can frustrate investigations — antivirus software

European Facebook Class Action Suit Attracts 60K Users As It Passes First Court Hurdle (TechCrunch) Some developments around the class action suit filed against Facebook in Europe earlier this month over alleged privacy violations

Group files complaint, charging that US companies are violating EU citizens' privacy (FierceGovernmentIT) The Federal Trade Commission is reviewing a complaint filed by a consumer privacy group, which is alleging that 30 U.S. companies, including Adobe, AOL and Salesforce.com, are collecting personal data on European Union citizens without their consent or knowledge, violating an international framework

Google et al slammed by justice chief over 'right to be forgotten' (Naked Security) Europe's Commissioner for Justice, Martine Reicherts, has slammed Google and other opponents of the 'right to be forgotten' ruling, claiming that they are attempting to undermine the reform

Counterfeit U.S. Cash Floods Crime Forums (Krebs on Security) One can find almost anything for sale online, particularly in some of the darker corners of the Web and on the myriad cybercrime forums. These sites sell everything from stolen credit cards and identities to hot merchandise, but until very recently one illicit good I had never seen for sale on the forums was counterfeit U.S. currency

Stolen data allegedly used by Irish credit unions to find debtors (CSO) Classic social engineering tactics were used to deceive civil servants

Cyber Crime: Law Enforcement Fights Back (ITBusinessEdge) While cyber crime continued to dominate headlines and wreak havoc on organizations of all sizes across nearly every industry in the first half of 2014, it's refreshing to note law enforcement also stepped it up. A surge of activity against individuals and criminal organizations occurred, resulting in scores of arrests, indictments and convictions

Kicking the stool out from under the cybercrime economy (CSO) CSO Online spoke with Shape Security's Wade Williamson at this year's Black Hat USA conference about the economy of cybercrime and how it can be weakened

'Anonymous' Hackers Plead Guilty to Minor Charge in US for Cyber-Attacks (NDTV) Four members of the hacking group Anonymous pleaded guilty to a misdemeanor charge on Tuesday after a judge had earlier questioned whether prosecutors had treated the defendants too harshly for their crimes

Digital data links Inland Empire men to suspected terrorist activity (San Bernadino Sun) The playlist on Upland terrorism suspect Miguel Santana?s I-pod wasn?t like that of most college-aged men. No rock, hip hop or dub step. Instead, what FBI Special Agent Michael Nader said he found on Santana?s I-pod following his arrest was more than a dozen audio files of lectures by Islamic extremists

Mother tracks down Facebook predator who lured son away from home (Naked Security) When parents nag their kids about not talking to strangers - not on the street, not on the playground, and definitely not online - this is the kind of guy they're worried about

These six lawsuits shaped the internet (The Verge) If these cases had ended differently, we would live in a very different world

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

Workshop on Cryptographic Hardware and Embedded Systems 2014 (CHES 2014) (Busan, Korea, September 23 - 26, 2014) The annual CHES workshop highlights new results in the design and analysis of cryptographic hardware and software implementations. CHES provides a valuable connection between the research and cryptographic engineering communities and attracts participants from industry, academia, and government organizations

Nullcon 2015 (Goa, India, February 4 - 7, 2015) Nullcon discusses and showcase the future of information security, next-generation of offensive and defensive security technology as well as unknown threats

upcoming Events

Resilience Week (Denver, Colorado, USA, August 19 - 21, 2014) Symposia dedicated to promising research in resilient systems that will protect critical cyber-physical infrastructures from unexpected and malicious threats—securing our way of life.

AFCEA Technology & Cyber Day (Tinker AFB, Oklahoma, USA, August 21, 2014) The Armed Forces Communications & Electronics Association (AFCEA) — Oklahoma City Chapter will once again host the 10th Annual Information Technology & Cyber Security Day at Tinker AFB. This is the only event of its kind held at Tinker AFB each year. This annual event allows exhibitors the opportunity to network with key information technology, cyber security, communications, engineering, contracting personnel and decision makers at Tinker AFB. Over 250 attendees participated in the 2013 event and we expect the same level of attendance in 2014.

c0c0n: International Information Security and Hacking Conference (, January 1, 1970) c0c0n, previously known as Cyber Safe, is an annual event conducted as part of the International Information Security Day. The Information Security Research Association along with Matriux Security Community is organizing a 2 day International Security and Hacking Conference titled c0c0n 2014, as part of Information Security Day 2014. c0c0n 2013 was supported by the Kerala Police and we expect the same this year too. Various technical, non-technical, legal and community events are organized as part of the program. c0c0n 2014 is scheduled on 22, 23 Aug 2014.

Build IT Break IT Fix IT: Build IT (Online, August 28, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th

The Hackers Conference (New Delhi, India, August 30, 2014) The Hackers Conference is an unique event, where the best of minds in the hacking world, leaders in the information security industry and the cyber community along with policymakers and government representatives on cyber security meet face-to-face to join their efforts to cooperate in addressing the most topical issues of the Internet Security space. This is the third edition of the Conference. Following the huge success of the conference last year the current edition of the conference brings back to you all the knowledge, all the fun in a better, grander way.

SEACRYPT 2013 (Vienna, Austria, September 2 - 4, 2014) The purpose of SECRYPT 2014, the International Conference on Security and Cryptography, is to bring together researchers, mathematicians, engineers and practitioners interested on security aspects related to information and communication. Theoretical and practical advances in the fields of cryptography and coding are a key factor in the growth of data communications, data networks and distributed computing. In addition to the mathematical theory and practice of cryptography and coding, SECRYPT also focuses on other aspects of information systems and network security, including applications in the scope of the knowledge society in general and information systems development in particular, especially in the context of e-business, internet and global enterprises. Papers are due April 15, 2014.

Build IT Break IT Fix IT: Break IT (Online, September 4, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th

Security B-Sides Cape Breton (Sydney, Nova Scotia, Canada, September 5, 2014) Security B-Sides Cape Breton is an open platform that gives security experts, enthusiasts, and industry professionals the opportunity to share ideas, insights, and develop longstanding relationships with others in the community. It is a rare opportunity to directly connect and create trusted relationships with key members of the community.

BalCCon2k14: Balkan Computer Congress (Novi Sad, Serbia, September 5 - 7, 2014) The Balkan Computer Congress is an international hacker conference organized by LUGoNS — Linux Users Group of Novi Sad and Wau Holland Foundation from Hamburg and Berlin. It is the second conference taking place in the Balkans, where some 20 years ago people were at war with each other. Now the BalCCon brings together hackers, hacktivists and computer enthusiasts from this area and they are joined by fellow hackers from all over the world. This event emphasizes the role of hacking as a mean of peaceful cooperation and international understanding. The program consist of numerous presentations, workshops and lectures about information, privacy, technology, programming, free software and socio-political issues. One part of the congress will be dedicated to hacking, project and hacks

Ground Zero Summit, Sri Lanka (Colombo, Sri Lanka, September 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats. Sri Lanka is now transitioning from being a developing economy to Global economy with blooming telecommunications, insurance, banking, tourism and information technology services. Sri Lanka will be exposed to cyber threats similar to India thus, a synergy between Indian and Sri Lankan Cyber Security Communities will be beneficial for both countries in combating the threats to their information security

Detroit SecureWorld (Detroit, Michigan, USA, September 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Cyber Attack Against Payment Processes Exercise 1 (Online, September 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes

AFCEA TechNet Augusta 2014: Achieving Force 2025 Through Signals and Cyber (Augusta, Georgia, USA, September 9 - 11, 2014) The overall theme of TechNet Augusta 2014 is "Achieving Force 2025 Through Signals and Cyber." The overall focus is on Army ground forces, including Joint component interface, other Department of Defense Organizations, Inter-Agency, Industry, and Academia. Presentations, panels, and track sessions will highlight empowerment of Soldiers on the battlefield through training, different methodologies for connecting through enhanced technology, and command and control functions to enable the U.S. Armed Forces to dominate the battlefield. Government, industry, and academia speakers will address a broad range of topics and focus on the importance of the network, security issues, and training to enable operational forces to modernize and be ready to meet emerging challenges in 2025 and beyond.

Build IT Break IT Fix IT: Fix IT (Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule

NOPcon Security Conference (Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers, consultants and developers

5th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander, U.S. Cyber Command and Director, National Security Agency/Chief, Central Security Service. This leading summit also will feature Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, The White House; David DeWalt, Chairman and Chief Executive Officer, FireEye; Dr. Phyllis Schneck, Deputy Under Secretary for Cybersecurity, NPPD, Department of Homeland Security, along with over twenty-five other distinguished speakers. Along with increasing awareness on the most pressing cybersecurity topics, one of the primary goals of this summit is to enhance networking. Thus, three new features have been added to this year's summit: 1. Cybersecurity Interactive Roundtable Sessions: These tables will enable attendees to exchange experiences and information regarding all of the dire cybersecurity topics. 2. One-on-One Meetings: These intimate encounters with the cybersecurity experts will allow your questions to be answered in a personalized manner. 3. Multiple Tracks: Several, concurrent tracks will be offered at this summit in order for a more thorough education about cybersecurity in the healthcare, finance and energy sectors, about continuous monitoring and insider threats

SINET Global Summit (London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures, national security and economic interests. The Global Summit's objective is to build and maintain international communities of interest and trust that foster vital information sharing, broad awareness and the application of our nation's most innovative technologies to enable a safer and more secure homeland for the United States, United Kingdom and our trusted allies. The US Department of Homeland Security Science & Technology Directorate supports this event along with Her Majesty's Government (HMG) as the UK representative.

Cyber Attack Against Payment Processes Exercise 2 (Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes

Global Identity Summit (Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive, yet broad comprehensive look at the identity management capabilities, challenges and solutions in the topic areas of: Biometrics, Radio-Frequency Identification, Mobile, Cyber, Smart Card Technologies, and Big Data.

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.

Defense Intelligence Agency (DIA)/National Intelligence University (NIU) Open House (Washington, DC, USA, September 17, 2014) On September 17, 2014, the National Intelligence University (NIU) will hold a Tech Expo as part of its annual "NIU OUTREACH DAY" in the Tighe Lobby of DIA Headquarters on Joint Base Bolling-Anacostia. This Tech Expo will be open to all personnel within the DIA Headquarters as well as the 600+ students and faculty of NIU. Several of the 'schools' within DIA are expected to participate with their own exhibitions, including: School of Intelligence Studies, School of Science and Technology Intelligence, Center for Strategic Intelligence Research and Center for International Engagement and the John T. Hughes Library.

Cloud Security Alliance Congress 2014 (, January 1, 1970) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley that will offer attendees eighty sessions to choose from covering all aspects of privacy and cloud security. Nowhere else will cloud, IT and privacy professionals be able to meet and learn from each other, and gain visibility to practical, implementable solutions delivered by leading industry experts. Together the conferences will broaden the educational and networking opportunities available to both IAPP and CSA members. Proposals for speakers are due February 21, 2014.

CSA Congress 2014 & IAPP Privacy Academy 2014 (San Jose, California, USA, September 17 - 19, 2014) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley. This conference will offer attendees more than eighty sessions to choose from covering all aspects of privacy and cloud security.

Ft. Meade Technology Expo (Fort Meade, Maryland, USA, September 18, 2014) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel that may otherwise be unattainable. The target audience will be comprised of personnel from the ARMY, the newly headquartered DISA (Defense Information Systems Agency), DMA (Defense Media Activity), DINFOS (Defense Information School), and Ft. Meade's various military personnel. All of the above groups and military units around the base will receive promotions for this event.

The 2014 Cyber Security Summit (New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense

NYIT Cyber Security Conference (New York, New York, USA, September 18, 2014) Presented by NYIT's School of Engineering and Computing Sciences, this conference will address a broad range of pressing topics including privacy; innovations in enterprise security; systems security and the Internet of things; mobile security; the protection of critical infrastructure, organizations, and individuals against cyberattacks; and cybersecurity research and education frontiers. Keynote speeches by Robert Bigman, CEO 2BSecure LLC, Former Chief Information Security Officer, Central Intelligence Agency and Phyllis Schneck, Ph.D., Deputy Under Secretary for Cybersecurity, U.S. Department of Homeland Security

Dutch Open Hackathon (Amsterdam, the Netherlands, September 20 - 21, 2014) Join leading Dutch companies, during a 30-hour hackathon, as they open up APIs and technologies. Work together and develop new applications and drive global innovation

St. Louis SecureWorld (, January 1, 1970) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Rock Stars of Cybersecurity (Austin, Texas, USA, September 24, 2014) The unprecedented Target breach and NSA spying scandal have put cybersecurity in the global spotlight. With cyberattacks on the rise, it is now even more important to learn how to identify weaknesses and protect company infrastructure from incursions. At the Rock Stars of Cybersecurity conference, well-respected cybersecurity authorities from leading companies will deliver case studies and actionable advice that you can immediately put to use.

VB2014 (, January 1, 1970) Over its 24-year history, the VB conference has become a major highlight of the IT security calendar, with many of its regular attendees citing it as the security event of the year. The conference provides a focus for the industry, representing an opportunity for experts in the field to share their research interests, discuss methods and technologies and set new standards, as well as meet with - and learn from - those who put their technologies into practice in the real world.

DerbyCon 4.0 (Louisville, Kentucky, USA, September 24 - 28, 2014) Welcome to DerbyCon 4.0 — "Family Rootz". This is the place where security professionals from all over the world come to hang out. DerbyCon 4.0 will be held September 24-28th, 2014. DerbyCon 2013 pulled in over 2,000 people with an amazing speaker lineup and a family-like feel. We've listened to your feedback and plan on making this conference even better this year

BruCON 2014 (Ghent, Belgium, September 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Organized in Belgium, BruCON offers a high quality line up of speakers, security challenges and interesting workshops. BruCON is a conference by and for the security and hacker community.

ROOTCON 8 (, January 1, 1970) ROOTCON is the first hacking convention in the Philippines. A hacker conference and not a seminar, training or a workshop. It will feature the following tracks: advanced HTTP header security analysis, browser extension malware extend cybercrime capabilities, new techniques: email-based threat and attacks, shellcode exploit analysis: tips and tricks, the Necurs rootkit, social engineering: hacking the mind, an hacking your way to ROOTCON.

INTEROP (New York, New York, USA, September 29 - October 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect Summit, Collaboration, Infrastructure, Mobility, Risk Management & Security, and Software-Defined Networking (SDN)

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.