The CyberWire Daily Briefing 03.18.14

Summary

By The CyberWire Staff

Anti-regime hacktivists of Rucyborg leak financial details of the oligarchical Russian Industrial Investment Fund in a self-described protest against Russian President Putin's "insane" policies. More details emerge on hacks of NATO sites claimed by CyberBerkut. As the Russo-Ukrainian conflict moves closer to kinetic warfare, it's worth noting that most of the hacktivism (unless you believe CyberBerkut really is an independent group of pro-Russian Ukrainian patriots) seems to have been directed against the Russian government.

The Indonesian hackers of the "Black Angels" (who seem to be independent cyber vandals) deface the Regional Integrated Multi-Hazard Early Warning System for Africa and Asia (RIMES).

BGPmon reports that Google's public DNS service was briefly hijacked over the weekend.

Citroen falls to an Adobe ColdFusion backdoor exploit.

Rescator, the black market dealer in stolen payment card data, is hacked by a cyber vigilante who defaces Rescator's site and derides its customers as "miscreants and subhumans." (The episode may provide a useful way of thinking about the distinction, if any, between vigilantism and active defense.)

Windows XP, in its final weeks of life, will exact a cost from its users during its afterlife. ATMs and government agencies are prominent among XP holdouts. Banks are planning to pay for ATM security; agency strategies are less clear.

In the US, DARPA seeks to expand its stable of cyber performers. Technology Review runs an overview of startups nurtured by NSA.

Also in the US, Church Committee veterans petition the Government for a Church-like Congressional inquiry into Intelligence Community surveillance.

Notes.

Today's issue includes events affecting Afghanistan, Armenia, Austria, Bahrain, Bangladesh, Bhutan, Brazil, Cambodia, China, Comoros, Estonia, France, Germany, India, Indonesia, Iran, Israel, Japan, Kenya, Democratic People's Republic of Korea, Laos, Maldives, Madagascar, Mauritius, Mongolia, Mozambique, Myanmar, NATO, Nepal, Pakistan, Papua New Guinea, Philippines, Russia, Saudi Arabia, Seychelles, Sri Lanka, Somalia, Tanzania, Thailand, Timor-Leste, Turkmenistan, Ukraine, United Kingdom, United States, Uzbekistan, Venezuela, Vietnam and Yemen.

Selected Reading

Cyber Trends

Three Things to Take Away from CanSecWest, Pwn2Own (Threatpost) Now that CanSecWest and the Pwn2Own hacking contest has wrapped up for another year, we're left to still ponder the security of web browsers, whether BIOS attacks are the next frontier, and how exploit brokers will shape the business end of vulnerability research

What My Droid's Metadata Says About Me (BankInfoSecurity) Jonathan Mayer, like many privacy advocates, challenges the National Security Agency's contention that the NSA's program to collect metadata from telephone calls does not violate individuals' privacy rights

Facebook and the NSA should team up to put data to good use (Washington Post) Mark Zuckerberg is angry that the National Security Agency is violating Facebook users' privacy, which is a bit like the Silicon Valley equivalent of "Get your government hands off my Medicare." He thinks users should be upset about this, too

Legislation, Policy and Regulation

Venezuela just invented the world's creepiest supermarket loyalty card (Quartz) Venezuelan president Nicolás Maduro has a new idea for how to fight his country's shortages of basic goods: keep electronic records of what everyone is buying

Former members, staff say need for new Church committee (McClatchyDC) Nearly 40 years ago, Congress formed a special committee to investigate the U.S. intelligence community in connection with a series of domestic spying scandals

US intelligence oversight group from 1975 says things are way worse now (Ars Technica) Church Committee members and staff say modern NSA snooping "dwarfs" what they examined

Nukes and 'Snowden-Proof' Intelligence (Wall Street Journal) Edward Snowden's theft of NSA secrets has made open-source materials all the more important

IBM calls for surveillance reforms, says they've given the NSA nothing (CSO Salted Hash) In a public letter, IBM's general counsel and senior VP of legal and regulatory affairs, Robert Weber, says that his company hasn't given the NSA any data under the PRISM program, while calling for surveillance reform

UK gov wants to censor legal but "unsavoury" YouTube content (Naked Security) The UK government wants the power to pull "unsavoury" content — with an eye trained on terrorist material in particular — regardless of whether it's illegal or not

U.S. and U.K. Marked 'Enemies of the Internet' (US News & World Report) Press freedom group denounces spy agency surveillance in report

RAND Study: TRIA Expiration Could "Affect U.S. National Resilience" (Willis Wire) The Terrorism Risk Insurance Act (TRIA), which provides a federal backstop for insured terrorism losses, will expire later in 2014. There's been plenty of discussion about the disruption to insurance markets that could be created by failure to renew this

NIST seeks increased funding for securing cyber-physical systems (FierceGovIT) A new generation of smart systems that network previously stand-alone devices — such as your thermostat — also bring the potential for dramatic new cyber attacks, says the National Institute for Standards and Technology

NIST requests $8M increase for NSTIC (FierceGovIT) An Obama administration effort to replace online passwords with an "identity ecosystem" led by the National Institute of Standards and Technology would receive $24.5 million under the White House budget proposal for the coming fiscal year

Products, Services, and Solutions

Top Apps for Boosting Mobile Security (eSecurity Planet) Carriers of both iOS and Android mobile devices can improve their mobile security with apps that offer help with password management, encryption and other security best practices

Automated upgrades from XP: How does PCMover work? (ZDNet) Migrating an old Windows XP system to Win 7 or 8 is a pain, especially if you have many of the systems. I interviewed Dan Spear, author of PCMover, to talk about how it automates that process

Firefox is still the least secure web browser, falls to four zero-day exploits at Pwn2Own (Extreme Tech) At Pwn2Own 2014, an annual computer hackfest in Vancouver, Mozilla's Firefox has proven yet again that it's the least secure major web browser. While all four major web browsers — Chrome, Internet Explorer, Firefox, and Safari — were successfully exploited, for a grand total of $850,000 in prize money awarded to successful security researchers, Firefox was by far the least secure browser

Experts warn against judging Firefox on poor Pwn2Own performance (CSO Salted Hash) Researchers at annual hackfest discover four previously unknown vulnerabilities, but experts say that may not necessarily make it the least secure browser

Panda Security Launches Panda Cloud Fusion: Integrated Security, Management and Support Product, Completely Hosted in the Cloud (Ping! Zine) Panda Security, The Cloud Security Company, today announced the launch of Panda Cloud Fusion as a single, integrated product. Completely hosted in the cloud, Panda Cloud Fusion provides in a single platform security, management and remote support for all devices on the IT network

Israeli System Fuses Surveillance, Memory for Persistent Intelligence (Defense News) From Israel's Golan Heights border with war-torn Syria to Brazil's Bahia carnival capital on the Atlantic coast, a new system that mates forensic memory and target detection with numerous sensor-fused video streams is demonstrating persistent, broad-area surveillance for military and policing missions

Whatsapp's Jan Koum says privacy won't suffer with Facebook acquisition (Naked Security) Jan Koum, co-founder and CEO of Whatsapp, has responded to concerns that have surfaced since the company was acquired by Facebook

mSpy now selling phones pre-loaded with spyware (Naked Security) It's one of a family of spying apps that lets someone remotely snoop on you through your phone or tablet. That includes text messages, call logs, emails, location tracking, recording of conversations by remotely turning somebody's phone into a bugging device, calendar information, GPS coordinates tracked on a convenient map, that kind of thing

NetIQ Unveils NetIQ MobileAccess (Dark Reading) Virtual appliance enables secure access from iOS or Android mobile devices

Adblock Plus Expands Anti-Tracking Privacy Tool (Dark Reading) EasyPrivacy filter blocks tracking resources, such as cookies, scripts, and tracking pixels

Technologies, Techniques, and Standards

Japan holds first broad cybersecurity drill, frets over Olympics risks (Reuters via the Chicago Tribune) Japan faced a full-on cyber attack across government departments on Tuesday in a drill aimed at bolstering national security as the country gears up to host the 2020 Olympics

8 Ways to Improve Wired Network Security (NetworkWorld) We sometimes focus more on the wireless side of the network when it comes to security because Wi-Fi has no physical fences. After all, a war-driver can detect your SSID and launch an attack while sitting out in the parking lot

Malaysia Air Flight 370 Would Not Have Disappeared if We'd Had This System (IEEE Spectrum) A real-time flight-data recording method could have given investigators a far better idea of what has happened to Malaysian Airlines Flight 370, says Krishma Kavi, a professor of computer science and engineering at the University of North Texas, in Denton

Marketplace

Ministry of Defence gives BAE Systems £30m to fund social media 'mind control' research (ComputerWorld) Part of the government's cyber warfare programme. The Ministry of Defence is funding a multi-million pound project to study ways in how the UK population can be controlled by social media and the wider internet

DARPA Cyber Ops Needs a Bigger Rolodex (Nextgov) The Pentagon is scouting for cyber ninjas in the private sector who would be available for future help dominating the cyber domain, according to documents. The trick will be finding potential "performers" that hold security clearances for classified endeavors, Defense Advanced Research Projects Agency officials said

Spinoffs from Spyland (MIT Technology Review) How America's eavesdropping agency commercializes technology. It takes more than a little tradecraft to spin off a startup from the National Security Agency

Crawley firm Thales to teach young people about codebreaking and cryptography (Crawley News) One of the biggest aerospace and defence contractors in the world will be aiming to fuel a passion for science and engineering among young people later this month

GCHQ, BT and Lockheed go talent spotting as UK faces cyber skills shortage (TechWorld) GCHQ and firms such as Lockheed Martin and BT attempted to identify Britain's most talented "cyber defenders" last week in order to ensure the UK's citizens and businesses are protected against future cyber attacks

Cyber Security Challenge winner wants to "do some good in the world" (ITPro) Will Shackleton beat 41 other competitors to win the two-day cyber attack challenge

SAS opens analytics R&D centre in Glasgow, trained on combatting fraud (ComputerWeekly) SAS has opened a research and development (R&D) centre in Glasgow, focused on combatting fraud and financial crimes

Ralph Shrader Says Booz Allen Will Continue to Evolve as it Pursues Growth (Executive Mosaic) Booz Allen Hamilton leader Ralph Shrader has held the chief executive role at the Tysons Corner, Va-based government services provider since 1999, and has overseen several important changes at the firm, including the separation of its government and commercial businesses and its transition into a public company

Lenovo To Keep Buying Companies Until It Owns Everything, Everyone (TechCrunch) Lenovo isn't putting away its checkbook yet. The CEO of the Chinese PC giant said on Tuesday that the company will continue to acquire companies for overall growth. This comes as the company is closing two major deals. Lenovo recently purchased Motorola Mobility from Google for $2.91 billion. The company also picked up IBM's server business for $2.3 billion, which seems only natural

Russian Search Giant Yandex Acquires Low-Power Mobile Geolocation Startup KitLocate (TechCrunch) Russia's search giant Yandex, which is increasingly rolling into new areas as a way to continue expanding its business, has made a small acquisition — to the tune of "several million euros" — focused on mobile location services. It's picking up Israel's KitLocate, a maker of low-power mobile geolocation technology

Jody Tedesco, Andrew Gallegos Appointed to Leadership Roles at Chenega's New IT Arm (Executive Mosaic) Chenega Corp., the Alaska native corporation that is the parent company of technology services contractor NJVC, has established a new business unit that will contain both NJVC and a newly-formed subsidiary pursuing a certification with the Small Business Administration

Thomas Feldhausen to Head Parsons' Int'l Security, Defense Strategy in SVP Role; Mary Ann Hopkins Comments (GovConWire) Thomas Feldhausen, formerly a director in Lockheed Martin's (NYSE: LMT) international business arm, has joined Parsons Corp. as senior vice president and director of international strategy for the company's government services unit

CRGT Announces Key Promotions to Facilitate Market Expansion (PRWeb) Executive promotions will provide increased focus on select services and technologies

Lookout Appoints New CEO Jim Dolce (Dark Reading) Founder John Hering will become executive chairman and have a day-to-day role at Lookout

FireHost Names New CEO (Dark Reading) In a significant move resulting from mounting years of fast growth and widening market demand for its secure cloud offerings, FireHost, the secure cloud company, announced today the appointment of technology veteran Jim Lewandowski as its new chief executive officer (CEO). This move occurs in concert with founder and former CEO Chris Drake's decision to take the reins as the company's chief technology officer

Research and Development

Researchers' Google Glass Spyware Sees What You See (Forbes) If you fret over hackers or intelligence agencies reading your email, wait until they eavesdrop on your eyesight

Facebook is developing creepy technology that can recognise faces almost as well as humans (Graham Cluley) Facebook's facial recognition technology has always struck me as one of the creepiest parts of the social network, and now it looks like it may become even more powerful

Security Patches, Mitigations, and Software Updates

Google patches $310K worth of Chrome, Chrome OS bugs (ComputerWorld) First browser maker to fix flaws revealed in Pwn2Own hacking contest

Windows XP can put SOX, HIPAA, credit card security-compliance at risk (CSO Salted Hash) When Microsoft stops supporting Windows XP next month businesses that have to comply with payment card industry (PCI) data security standards as well as health care and financial standards may find themselves out of compliance unless they call in some creative fixes, experts say

Banks to pay Microsoft millions to keep cash machines running Windows XP (ITPro) Banks around the world are set to stump up millions of pounds to Microsoft in a bid to keep their cash machines running after support for the venerable operating system runs out in April

Windows XP Holdouts: 6 Top Excuses (InformationWeek) Microsoft cuts support for Windows XP in less than a month, but millions still use the OS. Are these rationales worth the risk

Cyber Attacks, Threats, and Vulnerabilities

Hacktivists Leak Data from Personal PC of Russian Industrial Investment Fund President (Softpedia) Hacktivists of the Russian Cyber Command (Rucyborg) group have announced another data leak. This time, they've targeted the Russian Industrial Investment Fund, a semi-governmental investment company established by a decree of the president of Russia

DDoS Attacks Hit NATO, Ukrainian Media Outlets (Dark Reading) As pro-Russia hackers continue DDoS campaigns, Anonymous-branded propaganda reports "imminent US invasion of the Ukraine"

Official Website of Multi-Hazard Early Warning System for Africa and Asia Hacked (HackRead) The official website of Regional Integrated Multi-Hazard Early Warning System for Africa and Asia (RIMES) has been hacked and defaced by Indonesian hacking group "Black Angels". The hackers going with the handle of Hmei7 and Dbuzz along with others are behind the attack in which the high profile website of RIMES has been left with a deface

Google's Public DNS Hijacked for 22 Minutes (Softpedia) On Sunday, BGPmon, a network monitoring and routing security company that monitors the Internet for Border Gateway Protocol (BGP) attacks, revealed that Google's public DNS service had been hijacked

Citroen becomes the latest victim of Adobe ColdFusion hackers (The Guardian) One of the carmaker's German websites hacked to include a backdoor last year, following similar cases elsewhere

Underground Payment Card Store Rescator Hacked and Defaced (Softpedia) Rescator, a popular underground website that sells payment card data, has been hacked and defaced. Rescator has been selling the card data stolen from US retailers Target and Sally Beauty

Exploiting vulnerabilities in media players to spread advanced malware (Help Net Security) Trusteer's research has shown that vulnerable media players are constantly targeted by malicious actors. Since in most environments media players exist on users' desktops for their own personal use, IT and security administrators ignore these applications and the content files they use. After all, you want to keep your employees productive and happy, and allow them to listen to their harmless music while they work. However, because these applications are not controlled, and users are not in a rush to patch these applications, most installations are vulnerable to exploits

Digital devices used every day that could result in a security breach (Help Net Security) Data breaches cost U.S. enterprises an average of $5.4 million per incident in 2012, according to the Ponemon Institute and Cintas Corporation

Windows XP Cyber Attacks? Government Agencies 'Unusually Vulnerable' (NewsMax) Windows XP computers used in government agencies will be "unusually vulnerable" to cyber attacks from hackers starting next month

How Growth Hacking Drives Twitter Followers via Twitterjacking (Search Engine Journal) Brands are growth hacking their Twitter followers via popular and highly engaging tweets that come from other brands or people i.e. "Twitterjacking". A great example of Twitterjacking was during the #GRAMMYS, where other brands latched on to one tweet and harnessed it to take advantage of massive interaction. Twitterjacking, and Hashtag Hijacking, can be a bad thing and sometimes even controversial

Facebook fake poses as Prince Harry to con Austrian tradesman (Naked Security) A Facebook user posing as Prince Harry has conned an Austrian floor fitter out of thousands of euros after 'offering' the tradesman a one million pound contract to renovate the parquet floors at Buckingham Palace

Litigation, Investigation, and Enforcement

Would the US even know if Vladimir Putin was keeping cash in the country? (Quartz) While new US economic sanctions freezing the sanctions Russian leaders didn't strike fear into the heart of financial markets, they did raise a question: Would the US even know if someone like, say, Russian President Vladimir Putin was keeping some money in its backyard

Advocacy groups argue against warrantless cellphone searches in Supreme Court cases (FierceGovIT) A handful of advocacy groups called for the Supreme Court to require warrants before law enforcement can search the contents of cellphones in briefs filed this month

Google sued for data-mining students' email (Naked Security) The suit charges the company with surreptitiously building profiles of students by scanning their email in order to target advertising at them

Convicted Hacker 'Weev' Gets Another Chance At Freedom (Huffington Post) Attorneys for convicted hacker Andrew "Weev" Auernheimer will appear in court this week in a last-ditch attempt to win his freedom and overturn a verdict that could have a chilling effect on the work of researchers who help keep the Internet safe

Man Arrested in Connection with Morrisons Data Breach (Softpedia) An employee of UK supermarket chain Morrisons has been arrested in connection with the investigation into the data breach suffered by the company last week. The suspect has not been named and his motives are still uncertain

Sextortionist who hacked Miss Teen USA's computer sentenced to 18 months (Ars Technica) "Was total luck that I got her infected because I suck at social engineering"

Mt.Gox's Login Returns, Lets Users Check Bitcoin Balances (TechCrunch) After weeks of showing only legal notices, Mt.Gox's homepage now has a login screen that lets users check their Bitcoin balances. But that's apparently all the beleaguered digital wallet service will allow for now. The site also displays a notice stating

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

upcoming Events

Hack in The Box Security Conference (HITBSecConf) Amsterdam (, January 1, 1970) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not an event you come to for 'security 101' talks or marketing hype. We cover stuff that hasn't made it into the news — yet. Potential security issues coming our way in the next 12 months.

27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference (, January 1, 1970) The 27th Annual Federal Information Systems Security Educators' Association (FISSEA) Conference will be held at the National Institute of Standards and Technology on March 18-20, 2014, exhibits will be on display March 19 only. This year's theme "Partners in Performance: Shaping the Future of Cybersecurity Awareness, Education, and Training" will focus on developing a better understanding of current information systems/cybersecurity projects, emerging trends, and initiatives. Through numerous high quality sessions, approximately 200 attendees will learn new ways to improve their IT security program and practical solutions to training problems while earning Continuing Professional Education (CPE) credits. The vendor fair gives attendees a tactical look at the products and services available to meet their professional goals.

Security Policy Reform Implications for Industry: Maintaining Momentum for Transformational Change (Chantilly, Virginia, USA, March 20, 2014) Join INSA's Security Policy Reform Council for Security Policy Reform Implications for Industry: Maintaining Momentum for Transformational Change at the SI Organization in Chantilly, VA. This unclassified, but sensitive Symposium will be off the record, and will bring together stakeholders from the executive and legislative branches as well as their counterparts in the private sector. Following unprecedented attention on the security clearance process in 2013, 2014 promises to be a year of consequence to a fundamental aspect of how the IC carries out its mission. This Symposium will provide attendees an opportunity to participate in the current debate and learn about future technologies that will influence security policies and procedures.

Suits and Spooks Singapore (, January 1, 1970) Our first international Suits and Spooks conference will be held in Singapore with a visit to Malaysia on March 20-21, 2014. The focus will be on how multi-national corporations can profitably operate in a globally hostile environment that consists of foreign intelligence collection, mercenary hacker crews, insider threats, and supply chain/vendor vulnerabilities. Our international list of speakers will discuss who the threat actors are, what they're after, and best practices to mitigate the risks.

MCT-Congress: Going Mobile with Clinical Trials (Edinburgh, Scotland, UK, March 20 - 21, 2014) It is almost inevitable that mHealth solutions will be adopted across healthcare systems worldwide over the next decade. What is less clear is the impact that mobile solutions are having and could have on the clinical research process.

Cyber Security for Energy & Utilities (, January 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the 3rd Edition of Cyber Security for Energy & Utilities conference taking place from 23 -26 March 2014 at The Westin Golf Resort in Abu Dhabi, UAE.

Fourth Annual China Defense and Security Conference (Washington, DC, USA, March 25, 2014) The Jamestown Foundation will hold its Fourth Annual China Defense and Security Conference on March 25 in Washington, D.C. In keeping with the Foundation's mission, the conference will focus on understanding China's rising military power and strategy by carefully examining Chinese-language sources. Speakers at the conference will provide an extensive overview of recent developments in military training and operations reform, and take on challenging questions in Chinese foreign policy, including considerations of the role of cyber-warfare in Chinese strategic thought.

Veritas 2014 (, January 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the sector will show you how the right approaches can lead to far-reaching results in business model innovation, risk mitigation and identifying new revenue streams. See how Veritas 2014 will help you develop your big data implementation strategy.

Black Hat Asia (, January 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.

SEC Cybersecurity Roundtable (Washington, DC, USA, March 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies, and how they are addressing those concerns.

Cyber Security Management for Oil and Gas (, January 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security breaches while ensuring your employees, social media and mobile devices operate effectively. Implementing best practices in order to achieve and maintain SCADA and other key systems security. How a "critical infrastructure" designation would impact different aspects of oil and gas cyber security management.

ISSA Colorado Springs — Cyber Focus Day (Colorado Springs, Colorado, USA, March 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).

Financial Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, March 27, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax Credit) and the latest details on the Maryland Small Business Financing Authority's newest program for small businesses looking for investment dollars.

CyberBiz Summit (Linthicum, Maryland, USA, March 28, 2014) Learn first-hand how to get your cyber business started, how to raise capital, and what to do to make it happen. Join us for four informative sessions, networking and breakfast at the BWI Westin on Friday, March 28th.

Corporate Counter-Terrorism: the Role of Private Companies in National Security (Washington, DC, USA, March 28, 2014) The 2014 American University Business Law Review Symposium will address the growing role of corporate America in governmental counter-terrorism programs, including the bulk metadata and PRISM surveillance initiatives. John Carlin, Assistant Attorney General for National Security, will deliver the keynote. Other speakers will include current and senior officials from the Justice Department, National Security Agency, Office of the Director of National Intelligence, FBI, DHS, Google, and Microsoft.

SyScan 2014 (Singapore, March 31 - April 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia.

Interop Conference (, January 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.

NSA Hawaii (, January 1, 1970) Be a part of the 2nd Annual Information Technology Expo set to take place at the new National Security Agency (NSA) Regional Operations Center in Wahiawa, HI. The event is being sponsored once again by the NSA Hawaii NSA/CSS Technology Directorate. The focus of this event will be Cyber Security, Big Data and Cloud Computing technologies but all interested companies are welcome to exhibit.

InfoSec World Conference & Expo 2014 (, January 1, 1970) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.

NIST IT Security Day (Gaithersburg, Maryland, USA, April 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security and networking at home and in the office. This event's objective is to educate users on IT security and related topics. The event will feature guest speakers on general and technical IT security topics and tutorials on internal services and products.

IT Security Entrepreneurs Forum (ITSEF) 2014 (, January 1, 1970) IT Security Entrepreneurs Forum (ITSEF) is SINET's flagship event, designed to bridge the gap between the Federal Government and private industry. ITSEF brings unique value to the Cybersecurity community by providing a venue where entrepreneurs can meet and interact directly with top government agency and industry officials in an open and collaborative environment. This SINET community of interest and trust facilitates broadened awareness of the government's challenges, needs, and its future direction regarding Cybersecurity, while shining a spotlight on the entrepreneurs and their innovative technologies that are helping to address and solve today and tomorrow's security challenges.

Women in Cybersecurity Conference (Nashville, Tennessee, USA, April 11 - 12, 2014) WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. Any individual or organization interested in recruitment/retention of women in this field and/or diversification of their cybersecurity workforce is especially encouraged to get involved.

Suits and Spooks San Francisco (, January 1, 1970) S3+: Surveillance, Security, Sovereignty and other Critical Issues. Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. CFP is now open. If you're interested in being a speaker at Suits and Spooks San Francisco, please send an email with your topic title, short abstract, and your bio by February 15th.

East Africa Banking and ICT Summit (Kampala, Uganda, April 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations, and unique networking opportunities.

National Collegiate Defense Cyber Competition (, January 1, 1970) Registration for the 2014 CCDC season is underway! Visit your region's website or contact your regional for registration and competition information.

InfoSecIndy (Indianapolis, Indiana, USA, April 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.

Infosecurity Europe 2014 (, January 1, 1970) Infosecurity Europe is Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every segment of the industry, it's the most important date in the calendar for Information Security professionals across Europe.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.