The CyberWire Daily Briefing 09.08.14

Summary

By The CyberWire Staff

IS (a.k.a. ISIS or ISIL — we begin using its most common name) continues to concentrate on information operations, which the US State Department begins to take on with its own IO campaign. State and IS seem to use much of the same content, expecting a different effect on (perhaps) different audiences.

Pro-Palestinian hacktivists count coup against Israel's Ministry of Education and McDonald's Indonesian sub-domain. Pakistan's discontents continue to fuel low-level cyber-rioting.

"Sources close to the investigation" say that Home Depot was infected by a variant of the BlackPOS malware that was responsible for last year's Target breach. Inspection of the code, and of Rescator's online carding black market, indicates conventional criminality, but oddly tinged with nostalgia for Soviet power and Libya's deposed Gaddafi regime as the criminals involved don a hacktivist fig leaf.

GREF's reappearance through a new OS X backdoor prompts retrospectives of the group's espionage campaign against the US defense industrial base.

New Zealand's Spark was the unwilling vehicle of a denial-of-service effort directed toward Eastern European targets last week.

Carnegie Mellon's SEI reports a list of Android apps vulnerable to man-in-the-middle attacks.

A self-described "genious" (sic) reveals a malicious Flappy Birds knock-off.

VPN passwords (and Google and Facebook authentication codes) have been found in an Android malware C2 server.

Commodification of malware in an efficient black market facilitates Chinese gangs' cybercrime.

The Healthcare.gov hack continues to occupy researchers' (and politicians') attention.

One critical patch is expected from Microsoft tomorrow.

NATO and Russia harden their respective cyber stances.

Notes.

Today's issue includes events affecting Bangladesh, Brazil, China, European Union, Indonesia, Iraq, Israel, NATO, New Zealand, Pakistan, Palestinian Territories, Philippines, Russia, Syria, Ukraine, United States

Selected Reading

Cyber Trends

Bank database 'presents target for hackers and hostile powers' (Telegraph) Twenty-year veteran of GCHQ fears global information-sharing is vulnerable to attack

August 2014 Cyber Attacks Statistics (Hackmageddon) It's time to aggregate the stats of the August Cyber Attacks Timelines

Profit leads motives for malware engineers (Help Net Security) With mobile malware doubling year after year, NQ Mobile released new data and background information outlining the current threat landscape and projecting trends for the immediate future. Revealing details on infection rates and strains found around the world, the information demonstrates how such threats put sensitive data and bank accounts at risk

Social media remains an easily exploitable attack surface (CSO) People have a craving for information, and it isn't hard to satisfy it maliciously

The Security Implications of Wearables, Part 1 (TrendLabs Security Intelligence Blog) The Internet of Everything has given rise to new gadget categories in every electronics retailer shop. Smart wearables are rapidly becoming more commonplace than you think. While not everyone has Google Glass, you can bet that a lot of people have fitness trackers and even smart watches

The Security Implications of Wearables, Part 2 (TrendLabs Security Intelligence Blog) In the previous post, we talked about the definition and categories of wearables. We will now focus our attention at possible attacks for such devices

Cyber Crime Means Business — Potentially Yours (Forbes) Christopher Skroupa: In previous discussions, you've mentioned the "shark fin effect," relating it to how executives perceive cyber threats. Tell us what you mean by this and why it is cause for concern. MacDonnell Ulsch: Over the years, the media has played a key role in shaping the perception of what constitutes a data breach

Phishing Emails Fool Most Employees. But is This Their Problem or Email's? (Techworld via CIO) More than a decade after phishing attacks became the standard way of getting around corporate defences, all but a tiny minority of employees still fall for this kind of email, a McAfee test of UK-based workers has found

On the internet, disaster is always one step ahead of you (The Verge) Why we aren't done writing about celebrity nudes

SANS Releases Results of the 2nd Annual Critical Security Controls Survey: From Adoption to Implementation (SANS Institute) A new SANS survey reports 90% of organizations taking the survey have adopted some or all of the Critical Security Controls (CSCs), and that financial and government industries are leading adopters of these controls

Legislation, Policy and Regulation

Cyber attacks may provoke a military response — NATO (RTE) NATO leaders have agreed that a large-scale cyber attack on a member country could be considered an attack on the entire US-led alliance, potentially triggering a military response

NATO agrees cyber attack could trigger military response (Euractiv) NATO leaders agreed on Friday that a large-scale cyber attack on a member country could be considered an attack on the entire US-led alliance, potentially triggering a military response

Russia Wants 'Hot Peace,' Not War (Council on Foreign Relations) The NATO summit has highlighted concerns over military deterrence against Russia in eastern Europe, but Western powers should be preparing for non-military disruptive actions from Russia, says expert Mark Galeotti. Such actions include support of political movements hostile to the European Union, the penetration of strategic industries, and potentially cyber-attacks via proxies, he says

Russia Hardens Military Thinking as NATO Fizzes Over Ukraine (Moscow Times) As West's Cold-War-era military alliance cranks its belligerence levels up to 11, NATO's historic enemy, Russia, is rejigging its own military thinking in response

Hack attacks spur calls for cyber insurance (The Hill) Lawmakers have been unable to pass legislation to deal with the stream of hacks at major stores and websites, but the government may be able to do some good by helping out the insurance market

NSA Reform Will Likely Have to Wait Until After the Election (National Journal) Legislation to reform the government's surveillance programs looks destined for a lame-duck session of Congress — and might not get touched at all until next year

Want to Reform the NSA? Give Edward Snowden Immunity (Atlantic) Any effort that tries to rebuild the well-behaved aspects of the system but ignores the critical role of whistleblowers is sure to fail

Privacy groups pressure Senate on NSA (The Hill) Dozens of civil liberties groups are putting pressure on the Senate to move forward with a bill to rein in the National Security Agency

Legal memos released on Bush-era justification for warrantless wiretapping (Washington Post) The Justice Department released two decade-old memos Friday night, offering the fullest public airing to date of the Bush administration's legal justification for the warrantless wiretapping of Americans' phone calls and e-mails — a program that began in secret after the 2001 terrorist attacks

Products, Services, and Solutions

A Closer Look at the Google Domains Register (Lenny Zeltser on Information Security) Google's new domain registration service, Google Domains, is shaping up to be a capable, yet easy-to-use service, which will put pressure on traditional registrars to offer additional features, clean-up their user interface or drop prices

Zimperium Launches Apple iOS-Based Security Platform (eWeek) The release follows the launch of zIPS on Android earlier this year, which brought host and network on-device defense to Google's mobile platform

Bitdefender Total Security 2015 review: One of the best PC and laptop internet security suites for 2014/2015 (PC Advisor) Bitdefender is regarded as one of the best technical Windows internet security suites, and Total Security 2015 lives up to that rep. Read our Bitdefender Total Security 2015 review

AVAST Mobile Security Surpasses 100-Million Download Mark Faster Than Any Cyber Security App in Google Play History (BusinessWire) AVAST has protected its users' sensitive data for more than 2 years and adds nearly 200,000 downloads per day

Mac Security Products Put to the Test (SecurityWeek) Two well known independent antivirus testing labs have published the results of tests performed on security products designed for devices running Mac OS X operating systems

IPC opens DDoS attack scrubbing center with Nexusguard (Telecompaper) Philippine DDoS mitigation services provider IP Converge Data Services (IPC), in partnership with internet security provider Nexusguard, has launched a locally hosted Distributed Denial of Service (DDoS) attack scrubbing center

PLDT unit beefs up defense vs cyber attacks (Philippine Star) IPC (IP Converge Data Services Inc.), a unit of dominant carrier Philippine Long Distance Telephone Co. (PLDT), is ready to put up another scrubbing center in the country to protect companies from malicious Internet attacks

Off-the-grid texting device GoTenna attracts antisurveillance crowd (C/NET) A gadget for text messaging without cell service sees a spike in interest from the pro-privacy crypto and Bitcoin communities — even though that wasn't its creators' intention

When We Say Information Sharing, We Mean It: Symantec and McAfee Join Palo Alto Networks and Fortinet in Founding the Cyber Threat Alliance (Palo Alto Networks) I believe that Threat Indicator Information Sharing — between peers, vendors, customers and, yes, competitors — is the single most important thing that the security community can do to defeat the advanced adversary

There's Something Rotten In The State Of Social Media (TechCrunch) We need no ghost to tell us something smells increasingly rotten in the state of social media

Technologies, Techniques, and Standards

Prevention, Detection and Response: A New Approach to Tackle APTs (Infosecurity Magazine) What was once a wake-up call for organizations is now an almost daily occurrence. Businesses are under cyber-attack and, according to experts, the cost of these incidents is on the rise. The Ponemon Institute recently claimed that the average cost of a reported breach has grown by 15 per cent, reaching an average of $3.5 million

Taking a Naked Selfie? Your Phone Should Step In to Protect You (New York Times) What should smartphone makers do about nude selfies? Should they encourage us all to point our phones away from our unclothed bodies — or should they instead decide that naked selfies are inevitable, and add features to their products that reduce the chance that these photos could get hacked?

Is it thumbs up to Barclays bank's finger-vein-reading authentication? (Naked Security) Barclays bank has announced plans to introduce biometric authentication based on vein patterns in fingers for its UK business customers

LinSSID — Graphical wireless scanning for Linux (similar to Inssider) (Kitploit) LinSSID is graphically and functionally similar to Inssider (Microsoft™ Windows®). It is written in C++ using Linux wireless tools, Qt5, and Qwt 6.1

iOS 8 Untethered Jailbreak: Reddit User Releases Reverse Engineered Pangu Jailbreak (International Business Times) The jailbreak community is in for a pleasant surprise as a discerning Reddit user, w0rldello, has created an untethered jailbreak for iOS 8 beta by reverse engineering the existing Pangu jailbreak for iOS 7.1.x

Mobile forensics in a connected world (Help Net Security) In this interview, Andrew Hoog, CEO of viaForensics, talks about the forensic examination of mobile devices, the challenges involved with testifying at trials, and offers advice to those interested in working in the mobile security forensics field

BitCoin and Privacy, Conducting Anonymous Business Transactions (Hacksurfer) Bitcoin, the popular crypto-currency, has three basic levels of service that you can choose from

Meet Zelda, the unlikely 'Dear Abby' of NSA (Boston Globe) The anonymous employee wrote to complain that a high-ranking official "is frequently MIA," or missing in action

Marketplace

The Zacks Analyst Blog Highlights: Home Depot, Target, CACI International, Carbonite and NCI (SYS-CON Media) Zacks.com announces the list of stocks featured in the Analyst Blog. Every day the Zacks Equity Research analysts discuss the latest news and events impacting stocks and the financial markets

IBM Can Help Apple's Trust Issues but Blackberry Could Steal Share (Datamation) Apple can't be trusted. With the release of nude pictures of celebrities this is likely the same conclusion many of you are reaching today. In the end this is probably where IBM can provide the greatest value in their new partnership with Apple because IBM understands that, with an Enterprise, trust is likely the most important value a vendor can provide

Check Point's Customer Wins Impressive, Risks Persist (Zacks) Check Point is a well-known provider of information technology (IT) security solutions globally. Sophisticated cyber threats significantly affect financials, brands and reputation of enterprises. Consequently, cyber security is becoming a mission-critical, high-profile requirement. Check Point's wide experience in the security space and consistent delivery of such solutions will help it maintain and grow its market share

JPMorgan-to-Apple Data Scares Spur Israeli Stock's Surge (BloombergBusinessWeek) With each successive data breach scare that's hit corporate America in recent weeks, from JPMorgan Chase & Co. to Apple Inc. and then Home Depot Inc., the shares of an Israeli cyber-security giant have bounced higher

Meet The Former Israeli Cyber Soldiers Hoping To Stop Hackers Causing Car Crashes (Forbes) For better or worse, military and government folk are more interested than most in hacking cars

Meet the shadowy tech brokers that deliver your data to the NSA (ZDNet) These so-called "trusted third-parties" may be the most important tech companies you've never heard of. ZDNet reveals how these companies work as middlemen or "brokers" of customer data between ISPs and phone companies, and the U.S. government

Would Pay Scales Close the Cybersecurity Workforce Gap? (DefenseOne) Federal agencies have long struggled to fill positions in the ever-growing ranks of the cybersecurity workforce

Call for Applications Now Open for AlphaTech's 2015 Class of Mid-Atlantic's Emerging Cybersecurity, Big Data and Analytics Company CEOs (BusinessWire) AlphaTech Group, Inc., a selective, CEO-level initiative serving Mid-Atlantic emerging growth companies in the cybersecurity, big data and analytics industries, today announced the open application period for its 2015 cohort of entrepreneurs and executives has begun. Participation is reserved for founders and C-Level executives

Research and Development

Google branches out from D-Wave in quantum computing initiative (Ars Technica) Working with academic to make more traditional superconducting qubits

Security Patches, Mitigations, and Software Updates

WordPress 4.0 "Benny" released (Acunetix) The long awaited WordPress version 4.0, codenamed "Benny" in honour of jazz clarinettist and band leader Benny Goodman has been released

LinkedIn beefs up account security with session management, detailed alerts (IDG via CSO) LinkedIn now allows users to see and terminate their authenticated sessions from multiple devices

Microsoft plans four patches, one critical, for Patch Tuesday (SC Magazine) The sole critical patch this month will address remote code execution issues in Internet Explorer

Adobe slates critical Reader security update for Tuesday (Computerworld) Will patch both Reader and Acrobat, but will not fix Flash this month, a first for 2014

Apple Plans to Extend 2FA to iCloud (Threatpost) In the wake of the iCloud photo theft scandal, Apple's CEO said the company plans to extend its two-factor authentication system to logins to the iCloud service from mobile device. The change will come when iOS 8.0 comes out later this month

Facebook's privacy dinosaur will check your settings for you (Hot for Security) Facebook has announced that it has started rolling out a new feature which will help you "review and control who you're sharing with" on the world's biggest social network

Mozilla 1024-Bit Cert Deprecation Leaves 107,000 Sites Untrusted (Threatpost) When Firefox 32 shipped this week, Mozilla also officially ended its support of 1024-bit certificate authority certificates in its trusted store

Cyber Attacks, Threats, and Vulnerabilities

60,000 Pro-IS Twitter Accounts Set Up Since May (Sky News) After James Foley's murder, Twitter announced a crackdown but it seems as soon as an account is closed down, another replaces it

U.S. attempts to combat Islamic State propaganda (Washington Post) The stunning rise of the Islamic State militant group as both a battlefield force and an Internet juggernaut over the summer has given new urgency to a State Department effort to counter online militant propaganda with a U.S. messaging campaign

Islamic State using leaked Snowden info to evade U.S. intelligence (Washington Times) Disclosures from classified documents help terrorist group's militants avoid detection

Israeli Ministry of Education sub-domain hacked by Pro-Palestinian hackers (HackRead) The sub-domain of Israeli ministry of education has been hacked and defaced by pro-Palestinian hacking group AnonGhost. Hackers left a deface page along with a image bashing the Zionists

McDonalds Indonesia domain hacked by Bangladeshi hackers (HackRead) A hacker going with the handle of Ablaze Ever from Bangladesh Grey Hat Hackers has hacked and defaced the sub-domain of largest fast food chain McDonalds, Indonesia

Hacktivist defaces Pakistani Ministry of Interior website against election rigging (HackRead) Hacktivists are palying their role against massive rigging in 2013 national elections, as a result Anonymous Pakistan has hacked and defaced the official website of Ministry of Interior, Government of Pakistan

Home Depot Hit By Same Malware as Target (Krebs on Security) The apparent credit and debit card breach uncovered last week at Home Depot was aided in part by a new variant of the same malicious software program that stole card account data from cash registers at Target last December, according to sources close to the investigation

The Amazon.com of Stolen Credit Cards Makes It All So Easy (Bloomberg BusinessWeek) On Sept. 1, the website Rescator[dot]cc alerted customers to a big new batch of product about to hit its digital shelves. "Load your accounts and prepare for an avalanche of cash!" a post on its News page read

Cyberespionage group starts using new Mac OS X backdoor program (PCWorld) A group of hackers known for past cyberespionage attacks against the U.S. Defense Industrial Base, as well as companies from the electronics and engineering sectors, has recently started using a backdoor program to target Mac OS X systems

RAW DATA: Spark releases Q+A on outages, cyber-attack (National Business Review) Cyber criminals based overseas appear to have been attacking web addresses in Eastern Europe, and were bouncing the traffic off Spark customer connections, in what is known as a distributed denial of service (DDoS) attack

Spark rethinking defences after attack (Radio New Zealand News) Telecommunications company Spark says it is rethinking its defences after an online attack from overseas started crippling its internet users

Hackers plotted fake Flappy Bird app to steal girls' photos from Android phones (Hot for Security) Next time you install an app on your phone, you'd best think twice if it asks permission to access your photos

Researchers compile list of Android apps that allow MitM attacks (Help Net Security) Around 350 Android apps that can be downloaded from Google Play and Amazon stores fail to properly validate SSL certificates for HTTPS connections, and thus open users to Man-in-the-Middle attacks if they use them on insecure and open networks, a researcher with the CERT Coordination Center at the Software Engineering Institute at Carnegie Mellon University warned

Google, Facebook ID codes found in Android malware stash (CSO) Text messages containing VPN passwords and authentication codes for Google and Facebook are found on a command-and-control server for Android malware

Chinese Cybercrime Soars as Tools are Traded Online (Infosecurity Magazine) The underground market for cybercrime products and services in China is booming, with both the number of participants and IM messages sent between those participants doubling last year, according to new research from Trend Micro

HealthCare.gov breached, injected with malware (Naked Security) Federal health officials have discovered that the woebegone US insurance exchange site HealthCare.gov was breached in July when an intruder uploaded malware with the apparent motive of using the system to launch cyberattacks against other sites

Healthcare.gov Security Breach: Lawmakers Say 'I Told You So' (eWeek) A test server was compromised but no user data lost, government officials say. And security experts wonder why a default password was used at Healthcare.gov

HealthCare.gov Breach: The Ripple Effect (InformationWeek) Hackers breached a HealthCare.gov test server, reportedly affecting no records, but the repercussions could spread across many medical organizations

The rapid growth of the Darknet black markets (Security Affairs) The Digital Citizen's Alliance as provided an updating to the study which analyzes online black markets, focusing on the sales of illegal drugs

Cryptographic Locker (Webroot Threat Blog) It seems as though every few weeks we see a new encrypting ransomware variant. It's not surprising either since the business model of ransoming files for money is tried and true. Whether it's important work documents, treasured wedding pictures, or complete discographies of your favorite artists, everyone has valuable data they don't want taken

Ransomware going strong, despite takedown of Gameover Zeus (Ars Technica) The botnet takedown nearly quashed Cryptolocker, yet other ransomware continues

Odd Persistent Password Bruteforcing (Internet Storm Center) This isn't something new, but I think it is often overlooked: "slow and low" password brute forcing

ESET offers tips to phish out fakes on back of YouTube scam (Techday) Security company ESET is warning internet users to be even more vigilant for phishing scams, which it says are becoming increasingly complex and difficult to distinguish from genuine emails

Shakira death hoax email spreads malware attack (Graham Cluley) It's a trick as old as the hills, but that doesn't mean that 21st century internet users aren't going to fall for it

Westport Police Warn Locals about Phishing Emails (Spamfighter) Westport-news.com reported on 28th August, 2014 stating that Westport Police are warning residents of Westport to be cautious of a scam email purporting to be from the Westport Town, Connecticut, New York City, US designed to steal credit-card data

Just five gangs in Nigeria are behind most Craigslist buyer scams (IDG via CSO) Five Nigerian criminal gangs are behind most scams targeting sellers on Craigslist, and they've taken new measures to make their swindles appear legitimate, according to a new study

Pittsfield Schools Face Cyber Attack As Classes Start (WAMC) With the school year just getting started, the Pittsfield Public School district has already experienced a cyber attack

Comcast Wi-Fi serving self-promotional ads via JavaScript injection (Ars Technica) The practice raises security, net neutrality issues as FCC mulls Internet reforms

Bulletin (SB14-251) Vulnerability Summary for the Week of September 1, 2014 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week

Academia

Hackathon gears up for first round (Washington Square News) Registration for Capture the Flag, the NYU Polytechnic School of Engineering's annual hackathon, opened on Aug. 25 in preparation for the preliminary, online-only round of the competition. It will be held from Sept. 19 to Sept. 21

Local hacking event tries to prevent data theft (Dayton Daily News) Dayton summit brings students, businesses, security firms together

Litigation, Investigation, and Enforcement

The Feds Found The Silk Road's Ross Ulbricht Thanks To A Leaky CAPTCHA (TechCrunch) You may have heard that the infamous Dread Pirate Robets AKA Ross Ulbricht's Silk Road was taken down thanks to a problem in his anonymous Tor server. Now, however, Brian Krebs has shown us just how the Feds found Ulbricht's server and, additionally, the pirate himself

Dread Pirate Sunk By Leaky CAPTCHA (Krebs on Security) Ever since October 2013, when the FBI took down the online black market and drug bazaar known as the Silk Road, privacy activists and security experts have traded conspiracy theories about how the U.S. government managed to discover the geographic location of the Silk Road Web servers

Switzerland 'unlikely to extradite Snowden', if he appears for NSA testimony (Russia Today) Switzerland will most likely guarantee safety to National Security Agency whistleblower Edward Snowden, if he comes to testify against the NSA's spying activities, Swiss media said

The two towers (Economist) Junk science is putting innocent people in jail

Design and Innovation

8 of the Best Online Security Dashboards (TechieHOW) With new information security threats being discovered daily, having one resource that can display security related information in one convenient view can be a valuable resource. From showing information on latest threats, tools versions, news or real time attacks, that's what the following online dashboards deliver

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Ground Zero Summit, Sri Lanka (Colombo, Sri Lanka, September 9 - 10, 2014) Ground Zero Summit 2014, Colombo will be a unique gathering of Cyber Security Researchers, Hackers, CERTs, Corporates and Government officials to discuss latest hacks, exploits, research and cyber threats. Sri Lanka is now transitioning from being a developing economy to Global economy with blooming telecommunications, insurance, banking, tourism and information technology services. Sri Lanka will be exposed to cyber threats similar to India thus, a synergy between Indian and Sri Lankan Cyber Security Communities will be beneficial for both countries in combating the threats to their information security

Detroit SecureWorld (Detroit, Michigan, USA, September 9 - 10, 2014) Two days of cyber security education and networking. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Cyber Attack Against Payment Processes Exercise 1 (Online, September 9 - 10, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes

AFCEA TechNet Augusta 2014: Achieving Force 2025 Through Signals and Cyber (Augusta, Georgia, USA, September 9 - 11, 2014) The overall theme of TechNet Augusta 2014 is "Achieving Force 2025 Through Signals and Cyber." The overall focus is on Army ground forces, including Joint component interface, other Department of Defense Organizations, Inter-Agency, Industry, and Academia. Presentations, panels, and track sessions will highlight empowerment of Soldiers on the battlefield through training, different methodologies for connecting through enhanced technology, and command and control functions to enable the U.S. Armed Forces to dominate the battlefield. Government, industry, and academia speakers will address a broad range of topics and focus on the importance of the network, security issues, and training to enable operational forces to modernize and be ready to meet emerging challenges in 2025 and beyond.

Build IT Break IT Fix IT: Fix IT (Online, September 12, 2014) The Build it Break it Fix it security contest is a new security-oriented programming contest held by the Maryland Cybersecurity Center, Cyberpoint, and Trail of Bits. The Build it Break it Fix it security contest aims to teach students to write more secure programs. The contest evaluates participants' abilities to develop secure and efficient programs. The contest is broken up into three rounds that take place over consecutive weekends. During the Build It round, builders write software that implements the system prescribed by the contest. In the Break It round, breakers find as many flaws as possible in the Build It implementations submitted by other teams. During the Fix It round, builders attempt to fix any problems in their Build It submissions that were identified by other breaker teams. Each round will respectively start on August 28th, September 4th, and September 12th

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather at the top floor auditorium of the Blue Fin building, just behind the Tate Modern museum in Central London to discuss present and future threats to global critical infrastructure and how best to mitigate them. It will be closed to the press and held under the Chatham House Rule

NOPcon Security Conference (Istanbul, Turkey, September 16, 2014) NOPcon is a non-profit hacker conference. It is the only geek-friendly conference without sales pitches in Turkey. The conference aims to learn and exchange ideas and experiences between security researchers, consultants and developers

5th Annual Billington Cybersecurity Summit (Washington, DC, USA, September 16, 2014) The 5th Annual Billington Cybersecurity Summit, a leading conference produced by Billington CyberSecurity, will feature an all-star cast of cybersecurity speakers including Admiral Michael Rogers, Commander, U.S. Cyber Command and Director, National Security Agency/Chief, Central Security Service. This leading summit also will feature Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, The White House; David DeWalt, Chairman and Chief Executive Officer, FireEye; Dr. Phyllis Schneck, Deputy Under Secretary for Cybersecurity, NPPD, Department of Homeland Security, along with over twenty-five other distinguished speakers. Along with increasing awareness on the most pressing cybersecurity topics, one of the primary goals of this summit is to enhance networking. Thus, three new features have been added to this year's summit: 1. Cybersecurity Interactive Roundtable Sessions: These tables will enable attendees to exchange experiences and information regarding all of the dire cybersecurity topics. 2. One-on-One Meetings: These intimate encounters with the cybersecurity experts will allow your questions to be answered in a personalized manner. 3. Multiple Tracks: Several, concurrent tracks will be offered at this summit in order for a more thorough education about cybersecurity in the healthcare, finance and energy sectors, about continuous monitoring and insider threats

SINET Global Summit (London, England, UK, September 16 - 17, 2014) "Advancing Global Collaboration and Innovation." Global Summit focuses on building international public-private partnerships that will improve the protection of our respective homeland's critical infrastructures, national security and economic interests. The Global Summit's objective is to build and maintain international communities of interest and trust that foster vital information sharing, broad awareness and the application of our nation's most innovative technologies to enable a safer and more secure homeland for the United States, United Kingdom and our trusted allies. The US Department of Homeland Security Science & Technology Directorate supports this event along with Her Majesty's Government (HMG) as the UK representative.

Cyber Attack Against Payment Processes Exercise 2 (Online, September 16 - 17, 2014) FS-ISAC, the Financial Services Information Sharing and Analysis Center will conduct its fifth annual simulated cyber security exercise related to payment processes used by banks, community institutions, credit unions and associated financial services organizations. Over a two day period this fall, hundreds of security, risk and IT professionals will experience a highly realistic set of scenarios in a safe environment in order to practice and improve their response to cyber incidents. The teams are encouraged to involve multiple parts of their organizations, from IT and security to payments experts to communications teams to line of business leaders and executive teams. The simulation is known as CAPP or Cyber Attack Against Payment Processes

Global Identity Summit (Tampa, Florida, USA, September 16 - 18, 2014) The Global Identity Summit is focused on identity management solutions for corporate, defense and homeland security communities. This conference and associated exhibition bring together a distinctive, yet broad comprehensive look at the identity management capabilities, challenges and solutions in the topic areas of: Biometrics, Radio-Frequency Identification, Mobile, Cyber, Smart Card Technologies, and Big Data.

Fraud Summit Toronto (Toronto, Ontario, Canada, September 17, 2014) From account takeover to payment card fraud and the emerging mobile threatscape, the ISMG Fraud Summit series is where thought-leaders meet to exchange insights on today's top schemes and the technology solutions designed to stop them.

Defense Intelligence Agency (DIA)/National Intelligence University (NIU) Open House (Washington, DC, USA, September 17, 2014) On September 17, 2014, the National Intelligence University (NIU) will hold a Tech Expo as part of its annual "NIU OUTREACH DAY" in the Tighe Lobby of DIA Headquarters on Joint Base Bolling-Anacostia. This Tech Expo will be open to all personnel within the DIA Headquarters as well as the 600+ students and faculty of NIU. Several of the 'schools' within DIA are expected to participate with their own exhibitions, including: School of Intelligence Studies, School of Science and Technology Intelligence, Center for Strategic Intelligence Research and Center for International Engagement and the John T. Hughes Library.

Cloud Security Alliance Congress 2014 (, January 1, 1970) This year, the CSA and the International Association of Privacy Professionals (IAPP) are combining their Congress US and Privacy Academy events into a conference in the heart of Silicon Valley that will offer attendees eighty sessions to choose from covering all aspects of privacy and cloud security. Nowhere else will cloud, IT and privacy professionals be able to meet and learn from each other, and gain visibility to practical, implementable solutions delivered by leading industry experts. Together the conferences will broaden the educational and networking opportunities available to both IAPP and CSA members. Proposals for speakers are due February 21, 2014.

ICS-ISAC Fall Conference (Atlanta, Georgia, USA, September 17 - 20, 2014) Cybersecurity issues — such as the DHS release of Operation Aurora information; legislation like CISA (S. 2588), CIRDA (H.R. 2952) & H.R. 3696; and the NIST Cybersecurity Framework — can leave one wondering "What, where, how and with whom should I share?" and "Where can I find solutions?" At the ICS-ISAC Fall Conference you will develop knowledge you can take to further enhance your organization's cybersecurity posture through answers to these and many other questions

Ft. Meade Technology Expo (Fort Meade, Maryland, USA, September 18, 2014) The Ft. Meade Technology Expo is a one-day event held at the Officers' Club (Club Meade) on base. Industry vendors will have the unique opportunity to showcase their products and services to personnel that may otherwise be unattainable. The target audience will be comprised of personnel from the ARMY, the newly headquartered DISA (Defense Information Systems Agency), DMA (Defense Media Activity), DINFOS (Defense Information School), and Ft. Meade's various military personnel. All of the above groups and military units around the base will receive promotions for this event.

The 2014 Cyber Security Summit (New York, New York, USA, September 18, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their second annual event in New York City. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense

NYIT Cyber Security Conference (New York, New York, USA, September 18, 2014) Presented by NYIT's School of Engineering and Computing Sciences, this conference will address a broad range of pressing topics including privacy; innovations in enterprise security; systems security and the Internet of things; mobile security; the protection of critical infrastructure, organizations, and individuals against cyberattacks; and cybersecurity research and education frontiers. Keynote speeches by Robert Bigman, CEO 2BSecure LLC, Former Chief Information Security Officer, Central Intelligence Agency and Phyllis Schneck, Ph.D., Deputy Under Secretary for Cybersecurity, U.S. Department of Homeland Security

Dutch Open Hackathon (Amsterdam, the Netherlands, September 20 - 21, 2014) Join leading Dutch companies, during a 30-hour hackathon, as they open up APIs and technologies. Work together and develop new applications and drive global innovation

St. Louis SecureWorld (, January 1, 1970) Offering two days of cyber security education. Earn 12-16 CPE credits, network with industry peers, and take advantage of more than sixty educational events. Over the past decade SecureWorld has emerged as one of North America's most vital cyber-security conference, providing globally relevant education, training and networking for cyber-security professionals on a regional level. SecureWorld provides more content and facilitates more professional connections than any other event in the cyber-security industry. Established in 2002, SecureWorld offers many different continuing professional education sessions over two days in 14 cities throughout the United States.

Workshop on Cryptographic Hardware and Embedded Systems 2014 (CHES 2014) (Busan, Korea, September 23 - 26, 2014) The annual CHES workshop highlights new results in the design and analysis of cryptographic hardware and software implementations. CHES provides a valuable connection between the research and cryptographic engineering communities and attracts participants from industry, academia, and government organizations

Rock Stars of Cybersecurity (Austin, Texas, USA, September 24, 2014) The unprecedented Target breach and NSA spying scandal have put cybersecurity in the global spotlight. With cyberattacks on the rise, it is now even more important to learn how to identify weaknesses and protect company infrastructure from incursions. At the Rock Stars of Cybersecurity conference, well-respected cybersecurity authorities from leading companies will deliver case studies and actionable advice that you can immediately put to use.

VB2014 (, January 1, 1970) Over its 24-year history, the VB conference has become a major highlight of the IT security calendar, with many of its regular attendees citing it as the security event of the year. The conference provides a focus for the industry, representing an opportunity for experts in the field to share their research interests, discuss methods and technologies and set new standards, as well as meet with - and learn from - those who put their technologies into practice in the real world.

DerbyCon 4.0 (Louisville, Kentucky, USA, September 24 - 28, 2014) Welcome to DerbyCon 4.0 — "Family Rootz". This is the place where security professionals from all over the world come to hang out. DerbyCon 4.0 will be held September 24-28th, 2014. DerbyCon 2013 pulled in over 2,000 people with an amazing speaker lineup and a family-like feel. We've listened to your feedback and plan on making this conference even better this year

BruCON 2014 (Ghent, Belgium, September 25 - 26, 2014) BruCON is an annual security and hacker conference providing two days of an interesting atmosphere for open discussions of critical infosec issues, privacy, information technology and its cultural/technical implications on society. Organized in Belgium, BruCON offers a high quality line up of speakers, security challenges and interesting workshops. BruCON is a conference by and for the security and hacker community.

ROOTCON 8 (, January 1, 1970) ROOTCON is the first hacking convention in the Philippines. A hacker conference and not a seminar, training or a workshop. It will feature the following tracks: advanced HTTP header security analysis, browser extension malware extend cybercrime capabilities, new techniques: email-based threat and attacks, shellcode exploit analysis: tips and tricks, the Necurs rootkit, social engineering: hacking the mind, an hacking your way to ROOTCON.

INTEROP (New York, New York, USA, September 29 - October 3, 2014) Interop returns to New York with practical and visionary conference sessions designed to help you accelerate your career. This year's conference tracks include: Applications, Business of IT, Cloud Connect Summit, Collaboration, Infrastructure, Mobility, Risk Management & Security, and Software-Defined Networking (SDN)

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.