The CyberWire Daily Briefing for 3.24.2014
BAE expands upon its analysis of the "Snake" cyber-espionage campaign, most active in Ukraine and Lithuania.
The Syrian civil war continues in cyberspace, as the pro-Assad Syrian Electronic Army gets an opposition rival: the "European Cyber Army" claims it successfully took down Syria's Internet connectivity over the weekend. (The Syrian government acknowledges the outage, but dismisses it as a broken fiber-optic cable outside Damascus.) The SEA continues to pick at Microsoft, now under the (faintly implausible) mantle of civil libertarian advocacy: Microsoft, they want you to know, is selling you to the FBI. IntelCrawler publishes a study of the SEA's evolution.
Anonymous announces an April 14 cyber-action against the Republic of Korea. The hacktivist collective will be protesting censorship, repression, and unwise expenditure of public funds.
Allegations of US infiltration of Huawei products and networks prompt complaints from the Chinese government.
Terrogence reports Zorenium, "a low-profile, cross-platform, remote-controllable bot," has been ported to iOS and is now offered on the black market.
Amid reports of a freshly discovered bug and new exploits in the wild, analysts debate the seriousness of the threat to Android.
Researchers revisit air-gap-jumping malware badBIOS.
Windows XP is much in people's minds as a hacking target, but it's not the only bit of retired software at risk. Cyber criminals are hitting systems running old, unsupported versions of Linux.
Cybercrime leads more businesses to buy cyber insurance.
Symantec will get a new CEO.
Justice Scalia hints the US Supreme Court will soon take up a surveillance case.
Notes.
Today's issue includes events affecting Australia, China, Germany, Israel, Japan, Republic of Korea, Lithuania, Poland, Russia, Syria, Turkey, Ukraine, United Kingdom, and United States..
Cyber Attacks, Threats, and Vulnerabilities
BAE Systems Analyzes Snake Cyber-Espionage Campaign (HS Today) BAE Systems Applied Intelligence unveiled the extent of the venomous nature of the complex cyber-espionage "Snake" operation which has been in development since 2005
Intel Chairman Sees Snowden Supporting Russia's Crimea Seizure (NBC News) House Intelligence Committee Chairman Mike Rogers said Sunday former National Security Agency contractor and fugitive Edward Snowden is "actually supporting in an odd way this very activity of brazen brutality and expansionism of Russia. He needs to understand that. And I think Americans need to understand that"
European Cyber Army claims credit for Syrian web outage (Tech Times) A rebel hacker group locked in cyber battle with a pro-government web organization claimed it took down Syria's Internet connection as payback for another attack, but this is disputed by the government. The seven-hour web outage in Syria yesterday is just the latest in a series of cyber attacks associated with that country's on-going civil war
Hacked Emails Show How Much Microsoft Charges FBI for Selling Your Personal Data (HackRead) According to documents leaked by the Syrian Electronic Army, Microsoft have been charging the FBI with millions of Dollars a year for giving them legal access to customer information
Syrian Electronic Army — Hacktivision to Cyber Espionage? (IntelCrawler) IntelCrawler, a cyber-threat intelligence company based in Los Angeles, has been investigating the activities of the Syrian Electronic Army (SEA) since they first surfaced in 2011. In the beginning they seemed only interested in hacking to make political statements
Anonymous announces plan to launch cyber attack on Korean government (Arirang News) The local branch of international hacker group Anonymous says it'll launch a cyber attack on the South Korean government next month
U.S. NSA infiltrates servers of China telecom giant Huawei — report (Reuters) The U.S. National Security Agency has infiltrated servers in the headquarters of Chinese telecommunications and internet giant Huawei Technologies Co , obtaining sensitive information and monitoring the communications of top executives, the New York Times reported on Saturday
China Condemns 'NSA Spying' on Tech Giant Huawei (AFP) Beijing on Monday condemned Washington over reports that the US National Security Agency had for years had been secretly tapping the networks of Chinese telecoms and Internet giant Huawei
Huawei v the NSA — who is winning the farcical backdoor war? (TechWorld) Huawei allegedly put surveillance backdoors in its equipment to spy on the West. Now we know the NSA might have put its own back doors in these backdoors
ZOMBIE iPAD PERIL: Cyberbadness slinger ports tool to iOS (The Register) Skype worms, Bitcoin slurping and MORE — yours for just ₤2k
New Android Bug Causes "Bricked" Devices (TrendLabs Security Intelligence Blog) We recently read about an Android system crash vulnerability affecting Google's Bouncer™ infrastructure, one that, alarmingly, also affects mobile devices with Android OS versions 4.0 and above. We believe that this vulnerability may be used by cybercriminals to do some substantial damage on Android smartphones and tablets, which include "bricking" a device, or rendering it unusable in any way. In this context, the device is "bricked" as it is trapped in an endless reboot loop
New Android Remote Access Tool Highlights Growing Market For Mobile Spyware (Dark Reading) Researchers discuss the growing market for remote access tools used to target Google Android devices
Data suggests Android malware threat greatly overhyped (TechTarget) It's no secret that many in the security industry perceive Google Inc.'s Android mobile platform to be plagued by malware, but Android security team lead Adrian Ludwig has made it his mission to eradicate the disingenuous meme of the burgeoning Android malware apocalypse
Attackers Picking Off Websites Running 7-Year-Old Unsupported Versions of Linux (Threatpost) The risks presented by unsupported operating systems are being called out in a large-scale attack on hundreds of websites
badBIOS — Sometimes "Bad" is Really Bad (Trend Micro Simply Security) Most malware is designed to attack your computer at the application or operating system (OS) level. Viruses, worms and Trojans do their dirty work alongside your regular applications on top of the operating system while rootkits get installed as kernel modules inside your operating system. Much of this malware can be blocked before being installed or removed after installation, if you have good security software. In extreme cases, you can wipe your hard drive clean then re-install your OS and other apps, painful though this might be
badBIOS, Facts, speculations, and misunderstandings (Critical Watch) First there was Stuxnet, then there was FLAME, the latest weapons grade malware is badBIOS accidentally discovered by Dragos Ruiu 3 years ago
California DMV said to be source of recent data breach (CSO Salted Hash) Journalist Brian Krebs has the story. Sources within MasterCard shared an alert issued this week that reported a CNP (card-not-present) breach. Banks contacted for confirmation say the California DMV is the common link
Auburn University server hacked, data on nearly 14,000 at risk (SC Magazine) Over a four-week span, an unidentified hacker could have accessed a compromised Auburn University College of Business server that contained personal information — including Social Security numbers — on close to 14,000 current and former students, faculty and staff
Data Breach Exposes 6,000 High School Students' Personal Data (eSecurity Planet) The students' names, birthdates, genders, final grades, learning skills and work habit assessment scores were mistakenly made available online
How the Compromise of a User Account Lead to a Spam Incident (Internet Storm Center) Late last night we had an occurrence that raised a red alert on one of our servers indicating it might have been compromised. We received notification from the abuse department of our ISP, that our servers were transmitting spams
Anatomy of a Control Panel Malware Attack, Part 2 (TrendLabs Security Intelligence Blog) Last week, in the previous part of this post, we went over the behavior of Control Panel (CPL) malware before the actual infection. In this second part, we go over what happens after the malware has reached a system
Hackers are now targeting your router (USA Today) It's time for a router emergency call to 911. You knew about hackers stealing our credit cards from retailers, the NSA spying on anyone who picked up a cellphone or writes an email, and ad trackers watching our every move and purchase
Managed anti-forensics IMEI modification services fuel growth in the non-attributable TDoS market segment (Webroot Threat Blog) Everyday cybercriminals actively take advantage of basic OPSEC (Operational Security) tactics, aiming to risk-forward their fraudulent/malicious online activity to a third-party, while continuously seeking to launching their malicious/fraudulent campaigns in an anonymous fashion. Having successfully matured from, what was once a largely immature market segment to today's growing market segment, in terms of active implementation of OPSEC concepts, the blackhat market is prone to continue expanding, further providing malicious and fraudulent adversaries with the necessary capabilities to remain beneath the radar of law enforcement and the security industry
Security Patches, Mitigations, and Software Updates
New Android features explained: KitKat and security-enhanced Android (TechTarget) More consumer devices are coming with added enterprise features, and Google's Android OS is no exception
Cyber Trends
Companies Turn to Cyber Insurance as Hacker Threats Mount (Fox Business) Investors cringe when a company they own, such as Target (TGT) or Las Vegas Sands (LVS), suffers a cyber breach that results in the loss of customer or employee data
The Hidden Cost Of Cyber Crime (Forbes) How big of a problem is cyber crime? Bigger than you think. Symantec estimated that cyber attacks in 2013 cost the world $113 billion. And recent attacks against Target and Schnuck Markets are reminders this problem isn't going away
The Internet of Things is too valuable to let privacy concerns impact uptake (V3) The Internet of Things is a term that has been around for about 15 years, with its origins in barcodes and radio frequency identity (RFID) tags, and evolving via near-field communication (NFC) and QR codes. But it's the rise of smart devices and wearable technology — which has only started to take off in the past few years — that will see the Internet of Things come into its own
Cyber attack still a threat to Pocono power grid (Pocono Record) Despite years of homeland security time and attention, the ability to protect and respond to a targeted cyber attack on U.S. power grids remains a major concern of government officials and utility companies
Cybercrime a 'black swan' risk, says ASIC (Sydney Morning Herald) Cybercrime is a systemic risk and could be the next black swan event, the head of Australia's corporate regulator says, as senior business executives warned companies were not sufficiently prepared for such dangers
Big Data Analytics: the Future of IT Security? (CIO) Big data analytics tools will be crucial to enterprise security as criminals deploy faster and more sophisticated attacks in attempts to steal sensitive data, according to security firm RSA
Recording Everything: Digital Storage as an Enabler of Authoritarian Governments (Brookings) Within the next few years an important threshold will be crossed: For the first time ever, it will become technologically and financially feasible for authoritarian governments to record nearly everything that is said or done within their borders
Marketplace
Symantec Fires CEO In Surprise Move (InformationWeek) Analysts question security and storage giant's turnaround after the board fires its second CEO in two years
SecureAlert Agrees to Buy Monitoring Tech Maker GPS Global; Guy Dubois Comments (GovConWire) SecureAlert has moved to grow its electronic monitoring business by striking a deal to acquire GPS Global Tracking & Surveillance System Ltd. for an undisclosed sum
CounterTack Secures Funding From U.S. Army's OnPoint Technologies (Dark Reading) CounterTack recently completed its Series B round of funding. CounterTack, a pioneer in delivering real-time endpoint threat detection, context and visibility around targeted attacks, today announced it has secured funding from OnPoint Technologies, a venture capital initiative created by the U.S. Department of Defense to assist small companies that develop technologies important to the U.S. Army. The funding will support CounterTack's accelerated go-to-market strategy and global expansion in the endpoint threat detection and response market, and helps the U.S. Army explore and evaluate technology innovation in the private sector
Why Cyber Jobs Need a Career Path (Nextgov) There's a myth circulating in the race to recruit and train up cybersecurity professionals that even those without a technical background can become a cyber warrior
Rescuing data from ransom (Boston Herald) A cloud backup firm is flourishing thanks to a malicious software capable of wiping out all of a government agency's, business' or PC user's data in one fell swoop unless the victim pays a ransom
Microsoft tweaks privacy policies after email spying backlash (CSO) To track down a Windows 8 leaker Microsoft peeked inside a blogger's email account
Dr. Sarah Cooper from M2Mi Recognized in Connected World Magazine's Exclusive 2014 Women of M2M List (Digital Journal) Machine-To-Machine Intelligence (M2Mi) Corporation today announced that Dr. Sarah Cooper, Vice President of Business Development, has been recognized byConnected World Magazine in its 2014 Women of M2M list
Laurent Maury Named Thales Info Systems, Cyber VP (GovConWire) Laurent Maury, formerly vice president of Thales's customer service and support business line, has been appointed VP of the company's new critical information systems and cybersecurity segment
KEYW Announces Leadership Change (Wall Street Journal) The KEYW Holding Corporation (Nasdaq:KEYW) announced today that John Krobath is stepping down as Chief Financial Officer effective April 25, 2014 to pursue other professional opportunities. The company expects to announce a successor before that date to ensure an orderly transition
2 Cybersecurity Stocks Poised to Grow (Zacks) 2014 is expected to be an eventful year for Cybersecurity software providers as enterprises aim to tighten their security loopholes amid growing cyber attacks
Public offering on IT security company (ProSecurityZone) Pricing details have been released for the IPO of security company, A10 Networks
Products, Services, and Solutions
InsiderThreatDefense.Com (ITD) Releases Insider Threat Program Training Course For U.S. Government Agencies / Businesses (Business Wire) Insider Threat Defense (ITD) announced that it has developed and is offering a specialized Instructor Led Insider Threat Program (ITP) Training Course. The ITP Training Course was developed in response to the many recent data breaches affecting the U.S. Government (WikiLeaks, NSA Breach) and businesses. The course provides organizations with a proven and comprehensive enterprise framework for mitigating Insider Threats
Wickr Wants to Spread its Spy-Level Encryption to Your Favorite Games and Apps (CIO) The encrypted messaging app is selling its security tools to other companies to make money—and to make your information safer
IBM launches new software and consulting services (Help Net Security) IBM introduced new software and services to help organizations use Big Data and Analytics to address the $3.5 trillion lost each year to fraud and financial crimes. Through sophisticated business expertise and analytics, organizations can take a holistic approach to address the financial losses caused by fraud while protecting the value of their brands
IBM launches new, Trusteer-like cybersecurity products (Times of Israel) The recent $1 billion purchase is already paying off as the tech giant introduces new products for banks, insurance companies
Step By Step: How to Remotely Hide Sensitive Contacts on a Misplaced Smartphone (Kaspersky Lab Daily) Imagine you are the manager of a famous pop star. You have a meeting in a café, and some time later you realize that you have forgotten your phone there. It's a disaster! If fans get a hold of the number, they will attack your protégé with endless calls and messages. With Kaspersky Internet Security for Android you can create lists of most important contacts and remotely hide them, thus preventing confidential information from being intercepted
Lightweight Portable Security (LPS) 1.5.0 Is a Secure Distro Built by the US Air Force (Softpedia) Lightweight Portable Security (LPS) 1.5.0, a thin Linux operating system that creates a secure end node from trusted media on almost any Intel-based computer (PC or Mac), is now available for download
BAE Systems Launches Revolutionary New Tool for Secure Information Sharing (Wall Street Journal) BAE Systems today announced the launch of SIBA™, a tool that redefines and simplifies secure data collaboration and dissemination for both government and commercial customers. SIBA provides an innovative solution to secure information sharing for the nation's Intelligence Community, as well as banks, law firms, and users of electronic medical records. The SIBA solution works seamlessly with Microsoft Office® and SharePoint®, without modifying those applications. The tool was unveiled today before joint customers at the Microsoft Technology Center in Reston, Virginia
Windows 7 anti-malware products compared (ZDNet) Fourteen consumer products got a top score for false positives and four had no false positives in the tests: Bitdefender, Avira, Panda Security, and PC
Secret's CEO Discusses Cyberbullying Policy (TechCrunch) When it comes to cyberbullying in his anonyous sharing app, Secret co-founder claimed "We don't see very much of that, if any" when we spoke on stage at SXSW. Secret's users might disagree. Thankfully, through these highlights from our fireside chat, you can see Byttow acknowledge the darker side of anonymity. He reveals Secret is considering an 17+ age limit and other barriers to bullying
Fly Or Die: Whisper (TechCrunch) Anonymity is all the rage these days, and so we bring our attention to Whisper
Network security specialist expands in USA (ProSecurityZone) Gateprotect expands into the American market for IT network security products with the appointment of a distributor in the region
Security analytics system for advanced threat detection (ProSecurityZone) Arbor Networks releases Pravail Security Analytics for the detection of advanced threats and incident response management
Technologies, Techniques, and Standards
MAECProject / schemas (GitHub) The following hierarchy and associated pages capture the current MAEC Malware Capabilities, as of the v4.1 release. Our hope is that these pages will serve as a useful reference to our implementation and we plan on augmenting them with additional examples, references, and relationships in the near future. We also welcome any feedback on these pages and MAEC's Malware Capabilities in general
Time for a charge card overhaul (SC Magazine) A CIO for whom I once worked used to try to convince me that the battle for private data is already lost. His view was that our personal data is already out there in the world and it will just be a matter of time before we all get breached. He was, in a sense, correct. Up to 70 million individuals recently had personally identifiable information stolen in the recent Target data breach
How Can IT Respond to Cloud File Sharing Threat? (eSecurity Planet) Don't hate Dropbox. New approaches are evolving to help security teams deal with threats posed by cloud file sharing in the enterprise
Academia
Poland's military strikes new deal to bolster cybersecurity, starting with cryptography (ZDNet) A new deal between Poland's ministry of defence and three universities is aimed at swelling the ranks of its cyberwar forces
Cyber Warrior Teams Vie for Big Win in CyberPatriot Bout (SIGNAL Magazine) Middle and high school student teams from 14 states will gather next week for CyberPatriot, a culminating competition in which they will be tested defend computers against cyberattacks
Legislation, Policy, and Regulation
After DNS change fails, Turkish government steps up Twitter censorship (Ars Technica) Turkish ISPs now block Twitter's IP address range
Turkey blocks access to Twitter (ComputerWeekly) Authorities in Turkey are blocking access to Twitter after accusing the microblogging service of failing to respond to court rulings ordering the removal of links
Twitter ban shows Erdogan's fear of 140-character assassination (The National) A few days after the 11th anniversary of coming to power, Turkish prime minister Recep Tayyip Erdogan's ban on Twitter is being seen as showing his sense of vulnerability, isolation and loss of his previously unparalleled political touch
Security cooperation with US still crucial for Germany (Turkish Press) Germany's Interior Minister Thomas de Maiziere has underlined the continued importance of security cooperation with the U.S. despite the National Security Agency (NSA) spying scandal that has caused uproar in Germany
Feinstein 'Open to Changes' in NSA Bulk Records Program (Bloomberg) Dianne Feinstein, chairman of the U.S. Senate's intelligence committee, said she is "open to changes" that would end the National Security Agency's collection of bulk phone records
Will the 'War on Terror' End Up Like the 'War on Crime'? (Brennan Center for Justice, New York University) Rand Paul's Wednesday speech at Berkeley decrying the NSA ("What you do on a cell phone is none of their damn business") serves as the latest reminder of the volatile politics surrounding civil liberties and national security
Obama reassures tech executives: NSA spying is meeting's focus (AP via Columbia Daily Tribune) A week before a self-imposed deadline for a review of National Security Agency programs, President Barack Obama sought Friday to assure leading Internet and tech executives that his administration is committed to protecting people's privacy
DoD, GSA chart path for cyber contracting standards (Federal Times) Security experts often make the case for building cybersecurity into federal systems and solutions up front. Those results have been mixed, at best
New cybersecurity requirements in federal acquisition system will take years, says GSA official (FierceGovernmentIT ) The federal government plans to start in about a year the long process of directly modifying acquisition regulations in order to implement recommendations from a joint Defense Department and General Services Administration cybersecurity task force, a federal official said
DoD accelerates cybersecurity upgrade in Europe (Federal News Radio) The Defense Department is moving ahead with a major upgrade to the cybersecurity posture of its installations in Europe, moving from a base-centric approach to one that encompasses the entire region, including U.S. European Command and U.S Africa Command
SEC poised to solicit public comment on cybersecurity issues (Inside Cybersecurity) The Securities and Exchange Commission's March 26 cybersecurity roundtable will kick off a five-week public comment period, the SEC said in a statement this week
Sharpening the Focus on Critical Infrastructure, Cybersecurity and Interdependencies (Emergency Management) Bob Kolasky serves as director of strategy and policy for the U.S. Department of Homeland Security's (DHS) Office of Infrastructure Protection. He leads initiatives and policy activities to help integrate cyber and physical risk management efforts with critical infrastructure owners and operators, and to improve infrastructure resilience in the face of terrorism, climate change and other risks
UK security licence application changes (ProSecurityZone) Applicants for licences with the Security Industry Authority in the UK can no longer submit applications on paper
Litigation, Investigation, and Law Enforcement
Judge chides DOJ in NSA dispute (Politico) The judge who presides over the Foreign Intelligence Surveillance Court is chiding the Justice Department for failing to reveal to the court that litigants in at least two lawsuits over National Security Agency surveillance believed that outstanding orders from another court required the spy agency to keep telephone-call data indefinitely
Scalia Comes To Brooklyn, Drops Huge Hint About NSA Surveillance And The Supreme Court (Business Insider) Justice Antonin Scalia hinted that the Supreme Court will rule on National Security Agency domestic surveillance, while talking in a packed Brooklyn auditorium on Friday night
Will Target Face FTC Probe? (InformationWeek) Retailer's security practices remain under scrutiny as regulators ponder FTC investigation. Meanwhile, Sony options rights to Hollywood cyber-thriller based on breach story
Keeping track of mobile users? Device tracking laws are still in flux (TechTarget) Device tracking and location services can be incredibly useful for employers and employees, but some workers aren't on board with being traced. Plus, laws surrounding device tracking and how that information can be used have yet to firm up
SC Congress London: Met Police admits cybercrime mistakes (SC Magazine) Mark Jackson, detective superintendent of the recently-established Met Police Cyber Crime Unit, has admitted that London's police are only just finding out how to tackle cyber-crime
ICO decides against probe of Santander email spam scammers (The Register) Not enough 'evidence … while readers insist unique-to-bank addresses used
Government, industry trying to protect 2020 Games from cyber-attacks (Asahi Shimbun) The government is heeding lessons learned from the London Games in the hopes of keeping the 2020 Tokyo Olympics safe from cyber-attacks and other potential information-related emergencies
For a complete running list of events, please visit the Event Tracker.
Upcoming Events
Cyber Security for Energy & Utilities (, Jan 1, 1970) Following the rapid evolution of the cyber and digital world, IT Security Directors, Information Security Directors, Chief Security Officers, Chief Information Officers and many more will gather at the 3rd Edition of Cyber Security for Energy & Utilities conference taking place from 23 -26 March 2014 at The Westin Golf Resort in Abu Dhabi, UAE.
Fourth Annual China Defense and Security Conference (Washington, DC, USA, Mar 25, 2014) The Jamestown Foundation will hold its Fourth Annual China Defense and Security Conference on March 25 in Washington, D.C. In keeping with the Foundation's mission, the conference will focus on understanding China's rising military power and strategy by carefully examining Chinese-language sources. Speakers at the conference will provide an extensive overview of recent developments in military training and operations reform, and take on challenging questions in Chinese foreign policy, including considerations of the role of cyber-warfare in Chinese strategic thought.
Veritas 2014 (, Jan 1, 1970) At Veritas 2014, hear directly from the big data experts in top tier retail finance who are now implementing strategy and starting to yield real commercial value. Experts dedicated to Big Data in the sector will show you how the right approaches can lead to far-reaching results in business model innovation, risk mitigation and identifying new revenue streams. See how Veritas 2014 will help you develop your big data implementation strategy.
Black Hat Asia (, Jan 1, 1970) Black Hat is returning to Asia for the first time since 2008, and we have quite an event in store. Here the brightest professionals and researchers in the industry will come together for a total of four days--two days of deeply technical hands-on Trainings, followed by two days of the latest research and vulnerability disclosures at our Briefings.
SEC Cybersecurity Roundtable (Washington, DC, USA, Mar 26, 2014) The Securities and Exchange Commission today announced that it will host a roundtable next month to discuss cybersecurity and the issues and challenges it raises for market participants and public companies, and how they are addressing those concerns.
Cyber Security Management for Oil and Gas (, Jan 1, 1970) Attend to gain cutting-edge information from oil and gas cyber security experts on: Using the very latest in intelligence techniques to find and neutralize the newest threats in time. Preventing security breaches while ensuring your employees, social media and mobile devices operate effectively. Implementing best practices in order to achieve and maintain SCADA and other key systems security. How a "critical infrastructure" designation would impact different aspects of oil and gas cyber security management.
Financial Incentives for Cybersecurity Businesses (Elkridge, Maryland, USA, Mar 27, 2014) Learn the details and take the opportunity to ask questions of leading experts on how to apply for tax credits (Cyber Tax Credits, Research Tax Credits, Security Clearance Tax Credits, Secured Space Tax Credit) and the latest details on the Maryland Small Business Financing Authority's newest program for small businesses looking for investment dollars.
ISSA Colorado Springs — Cyber Focus Day (Colorado Springs, Colorado, USA, Mar 27, 2014) Join us for the Information Systems Security Association (ISSA) — Colorado Springs Chapter — Cyber Focus Day set to take on Thursday, March 27, 2014 at Colorado Technical University (CTU).
Corporate Counter-Terrorism: the Role of Private Companies in National Security (Washington, DC, USA, Mar 28, 2014) The 2014 American University Business Law Review Symposium will address the growing role of corporate America in governmental counter-terrorism programs, including the bulk metadata and PRISM surveillance initiatives. John Carlin, Assistant Attorney General for National Security, will deliver the keynote. Other speakers will include current and senior officials from the Justice Department, National Security Agency, Office of the Director of National Intelligence, FBI, DHS, Google, and Microsoft.
CyberBiz Summit (Linthicum, Maryland, USA, Mar 28, 2014) Learn first-hand how to get your cyber business started, how to raise capital, and what to do to make it happen. Join us for four informative sessions, networking and breakfast at the BWI Westin on Friday, March 28th.
Cyber Saturdays (Laurel, Maryland, USA, Mar 29, 2014) Are you a community college student with an interest in network security or information assurance? Would you like to test your skills in a fast-paced game environment? If so, one if Capitol College's upcoming Cyber Saturdays could be a great way to spend part of your weekend.
Interop Conference (, Jan 1, 1970) Interop Conference sessions help you find actionable solutions to your current IT headaches and plan for future developments.
SyScan 2014 (Singapore, Mar 31 - Apr 4, 2014) SyScan is a deep knowledge technical security conference. It is the aspiration of SyScan to congregate in Asia the best security experts in their various fields, to share their research, discovery and experience with all security enthusiasts in Asia.
NSA Hawaii (, Jan 1, 1970) Be a part of the 2nd Annual Information Technology Expo set to take place at the new National Security Agency (NSA) Regional Operations Center in Wahiawa, HI. The event is being sponsored once again by the NSA Hawaii NSA/CSS Technology Directorate. The focus of this event will be Cyber Security, Big Data and Cloud Computing technologies but all interested companies are welcome to exhibit.
InfoSec World Conference & Expo 2014 (, Jan 1, 1970) With the primary objective of providing top-notch education to all levels of information security and IT auditing professionals, InfoSec World delivers practical sessions that give you the tools to strengthen your security without restricting your business.
NIST IT Security Day (Gaithersburg, Maryland, USA, Apr 8, 2014) The Office of the Chief Information Officer, OCIO, is hosting NIST IT Security Day as a means to heighten awareness for all NIST users on the many aspects of operational information technology security and networking at home and in the office. This event's objective is to educate users on IT security and related topics. The event will feature guest speakers on general and technical IT security topics and tutorials on internal services and products.
IT Security Entrepreneurs Forum (ITSEF) 2014 (, Jan 1, 1970) IT Security Entrepreneurs Forum (ITSEF) is SINET's flagship event, designed to bridge the gap between the Federal Government and private industry. ITSEF brings unique value to the Cybersecurity community by providing a venue where entrepreneurs can meet and interact directly with top government agency and industry officials in an open and collaborative environment. This SINET community of interest and trust facilitates broadened awareness of the government's challenges, needs, and its future direction regarding Cybersecurity, while shining a spotlight on the entrepreneurs and their innovative technologies that are helping to address and solve today and tomorrow's security challenges.
Women in Cybersecurity Conference (, Jan 1, 1970) WiCyS is an effort to bring together women (students/faculty/researchers/professionals) in cybersecurity from academia, research and industry for sharing of knowledge/experience, networking and mentoring. Any individual or organization interested in recruitment/retention of women in this field and/or diversification of their cybersecurity workforce is especially encouraged to get involved.
Suits and Spooks San Francisco (, Jan 1, 1970) S3+: Surveillance, Security, Sovereignty and other Critical Issues. Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. CFP is now open. If you're interested in being a speaker at Suits and Spooks San Francisco, please send an email with your topic title, short abstract, and your bio by February 15th.
East Africa Banking and ICT Summit (Kampala, Uganda, Apr 25, 2014) The global event series for Banking and ICT Summit enters its third year. The summit will continue to provide delegates with technical & practical sessions, lectures and showcase for banking and ICT innovations, and unique networking opportunities.
National Collegiate Defense Cyber Competition (, Jan 1, 1970) Registration for the 2014 CCDC season is underway! Visit your region's website or contact your regional for registration and competition information.
InfoSecIndy (Indianapolis, Indiana, USA, Apr 26 - 27, 2014) Join us on April 26-27, 2014 in Indianapolis, Indiana for the premier Midwest Information Security and Digital Forensics Conference.
Infosecurity Europe 2014 (, Jan 1, 1970) Infosecurity Europe is Europe's number one Information Security event. Featuring over 350 exhibitors, the most diverse range of new products and services, an unrivalled education programme and over 12,000 visitors from every segment of the industry, it's the most important date in the calendar for Information Security professionals across Europe.