The CyberWire Daily Briefing 07.25.16

Summary

By The CyberWire Staff

More attacks over the weekend are attributed to ISIS inspiration, either definitively or tentatively. Online monitoring apparently enabled Brazilian authorities to disrupt plans to attack targets around the Rio Olympics. Both ISIS and its jihadist rivals in al Qaeda continue to call for attacks throughout the Dar al Harb.

Turkey continues its post-coup-attempt crackdown, initiating a state of emergency and (temporarily, at least) suspending adherence to the European Convention on Human Rights. The government is also demanding extradition from the US of a Muslim cleric critical of the regime. Anonymous hacktivists—generally pro-coup or at least anti-Erdoğan—are currently active against Turkish targets, one of which is energy provider Izmir Gaz.

Wikileaks has released a tranche of documents taken from the US Democratic National Committee. They detail both donor lists (including personally identifiable information) and party emails. The latter documents excite the most outrage, particularly among supporters of Senator Sanders’s candidacy, because they appear to show close coordination between the DNC and the Clinton campaign. Consensus holds that Russian intelligence services gave WikiLeaks the documents. Why is another question. The DNC spin is that it’s because President Putin wants to see a President Trump; the RNC spin is that this is risible. DNC Chair Wasserman-Schultz took the fall for the emails, resigning over the weekend.

In industry news, Core Security has acquired Damballa. TechCrunch reports that StackPath emerged from stealth with $180 million in funding (led by ABRY Partners) and four acquisitions already queued up: MaxCDN, Fireblade, Cloak, and Staminus.

Notes.

Today's issue includes events affecting Australia, Bangladesh, Brazil, Canada, China, Ecuador, European Union, Germany, India, Iran, Iraq, Democratic Peoples Republic of Korea, Republic of Korea, Netherlands, New Zealand, Russia, Saudi Arabia, Syria, Turkey, United Kingdom, United States and Vietnam

On the Podcast

The CyberWire's regular daily Podcast will be out later this afternoon, with interviews, educational tips, and more on the stories of the day. Today we hear from our partners at Virginia Tech's Hume Center, as Charles Clancy explains the security opportunities and challenges of smart cities. (As always, if you enjoy the podcast, please consider giving it an iTunes review.)

Sponsored Events

3rd Annual Senior Executive Cyber Security Conference: Navigating Today’s Cyber Security Terrain (Baltimore, MD, September 21, 2016) Hear from industry leaders on cyber security best practices and trends that will help you better secure your organization’s data. This year’s agenda examines the current cyber security landscape, threats, and challenges ahead for organizations and how senior leaders can work towards “shifting their data to being safe and secure.”

Selected Reading

Cyber Trends

The Internet of Things Will Turn Large-Scale Hacks into Real World Disasters (Motherboard) Disaster stories involving the Internet of Things are all the rage. They feature cars (both driven and driverless), the power grid, dams, and tunnel ventilation systems. A particularly vivid and realistic one, near-future fiction published last month in New York Magazine, described a cyberattack on New York that involved hacking of cars, the water system, hospitals, elevators, and the power grid. In these stories, thousands of people die. Chaos ensues. While some of these scenarios overhype the mass destruction, the individual risks are all real. And traditional computer and network security isn’t prepared to deal with them

Scanning Code for Viruses Is No Longer a Job for Humans (Motherboard) If the information security company Kaspersky Lab had to use humans to analyze all the malware it sees, it would need to hire 350,000 people—half of those living in Washington, DC, or almost the entire population of the city of Florence, Italy. Yet, they do the trick with just 3,300 employees—and those analysts only inspect a tiny fraction of the whole volume of code

As voice interaction increases, what will security look like in the next 5 years? (Help Net Security) Things are getting chatty – everywhere

Legislation, Policy and Regulation

Turkey’s Parliament Approves State of Emergency (Voice of Amercia) Turkish leaders are saying life will continue as normal for most people despite a state of emergency

Turkey to temporarily suspend European Convention on Human Rights after coup attempt (Hurriyet Daily News) Turkey will temporarily suspend the implementation of its obligations emanating from the European Convention on Human Rights (ECHR), in line with the declaration of a state of emergency, Deputy Prime Minister Numan Kurtulmuş has said, while vowing that fundamental rights and freedoms will not be affected during this period

Turkey attempted coup: EU says measures 'unacceptable' (BBC) The European Union says Turkey's measures against the education system, the judiciary and the media following the failed coup are "unacceptable"

Turkish Embassy Deplores ‘Prejudiced’ U.S. Media, Rolls Out Official Coup Documentary (Foreign Policy) Decrying a spate of negative press coverage, the Turkish Embassy in Washington made its case to reporters Friday that Ankara has not abused its authority in the wake of a failed coup, screening a slick, government-produced documentary that shows tanks running over protesters and fighter jets strafing a city

German Interior Minister: 'No Constitutional State Can Prevent Every Crime' (Spiegel Online International) After this week's attack on a train near Würzburg, fears of terror in Germany are growing. In an interview, German Interior Minister de Maizière says greater security precautions at major events are needed, but that acts of violence cannot be completely eliminated

A Summer Of Terrorism Points To The Limits Of Counterterrorism (NPR) The summer is barely halfway over, and already major terror attacks have unfolded across the globe

Kerry calls for new measures to counter changing Islamic State (Reuters) U.S. officials on Thursday called on partners in the coalition against Islamic State to increase intelligence sharing as the militant group morphs to focus on attacks beyond its shrinking self-declared caliphate in Iraq and Syria

Donald Trump: 'I am a fan of the future, and cyber is the future' (Verge) Donald Trump's controversial remarks on NATO are drawing headlines this morning, after the candidate told The New York Times he wouldn't necessarily defend allies under attack. But the full transcript of that conversation, published today by the Times, also showed a winding response from Trump to a question about cyberattacks. Trump says he's all for "cyber," although it's unclear from the conversation what exactly that means

Donald Trump's Take on Cyberwarfare Makes Concerning Reading (Infosecurity Magazine) With many believing Donald Trump to be winning the race to become the next President of the United States, it’s a reassuring thought to know that he has a firm grasp on the delicate issue if cybersecurity, right?

EU dual-use tech ban plan could classify smartphones as weapons (CSO) Smartphones could be caught up in a plan to require licensing of exports of cyber-surveillance tools

Dateline

Automotive Cybersecurity: The View from General Motors (The CyberWire) Mary Barra, Chair and CEO of General Motors, delivered the opening keynote in which she reviewed trends predicted by futurists that suggest a comprehensive transformation in the automobile industry. Connectivity will drive that transformation

GM CEO Mary Barra’s Keynote: Full Text (General Motors (as provided to the CyberWire)) Thanks, Tom. At General Motors, we are very pleased to join you and others to sponsor this first-ever “Global Automotive Cybersecurity Summit”… and to do so here in Detroit

Cybersecurity Roundtable: Future Voluntary Solutions, Information Sharing, and Best Practices to Counter Cyber Threats (The CyberWire) The Summit’s first panel, chaired by Jon Allen (Acting Executive Director, Auto-ISAC and Principal, Booz Allen Hamilton), addressed voluntary solutions, information-sharing, and best practices. Before introducing the panelists, Allen offered an overview of Automotive Information Sharing and Analysis Center (Auto-ISAC). It’s noteworthy, he said, that this ISAC formed before there was a major incident

DC Meets Detroit: Government Automotive Cybersecurity Roundtable (The CyberWire) This panel took up the intersection of government regulation, oversight, and support with industry efforts to enhance the security of its products

Securing the Car Through Vulnerability Testing and Coordinated Disclosure Programs (The CyberWire) Earlier speakers had seen much promise in the white-hat community. This panel turned to an insider’s view of that community and its practices: crowdsourcing, bug bounties, responsible disclosure, etc

Law Enforcement, the FBI and Automotive Cybersecurity (The CyberWire) David Johnson, Associate Executive Assistant Director, Federal Bureau of Investigation, delivered a midday keynote on the threat stream, how it affects the automobile industry, what FBI's doing about it, and his view of the current state of public-private cooperation

CNN Q&A on Automotive Cybersecurity with Assistant Attorney General John Carlin (The CyberWire) Rene Marsh, Transportation and Government Regulation Correspondent, CNN, held a question-and-answer session with John Carlin, Assistant Attorney General for National Security, US Department of Justice

Cybersecurity Lessons Learned from Outside the Automotive Sector (The CyberWire) Jennifer Tisdale, Cybersecurity & Intelligent Transportation Systems Manager, Michigan Economic Development Corporation, moderated this panel, which included Marty Edwards (Assistant Deputy Director, NCCIC and Director, ICS-CERT, US Department of Homeland Security), Brian Witten (Senior Director, Symantec Research Labs, Symantec Corporation), and Phil Harvey (Technical Director, Cybersecurity and Special Missions, Intelligence, Information, and Systems, Raytheon Company)

Lessons from the Defense Industry: Advice from General Dynamics. (The CyberWire) General Dynamics executive Thomas Kirchmaier offered a defense industry perspective on lessons automobile manufacturers might apply in their own sector

Fireside Chat: The Future of Autonomous Vehicles (The CyberWire) Autonomous vehicles aren’t the only technology that poses cybersecurity challenges to the automobile industry, but they’re clearly the centerpiece of that industry’s future

Automotive Cybersecurity: The View from the US Department of Transportation. (The CyberWire) GM CEO Mary Barra introduced US Secretary of Transportation Anthony Foxx for the final keynote. Secretary Foxx began by saying that we're laying a new foundation for US transportation

Coming soon: Cybersecurity guidelines for automakers (Detroit Free Press) U.S. Department of Transportation Secretary Anthony Foxx urges automakers to share information about cybersecurity to ensure future vehicles are safe

Industry collaborates on automotive cybersecurity best practices (Help Net Security) New technology has paved the way for extraordinary advancements in vehicle safety, emissions reduction, and fuel economy. Today’s vehicles do more to keep drivers secure and connected than ever before. However, connected vehicles must be designed and manufactured with security in mind

Products, Services, and Solutions

Verizon wants to replace your net gateways with 'a simple mux' (Register) And then pipe in virtual network functions from all the big bit-movers

Technologies, Techniques, and Standards

Uber Flaw Discovery Shows Why Bug Bounty Programs Are Important (eWeek) Although Uber is a tech company, it didn't discover the flaw on its own but rather by way of a researcher participating in a bug bounty program

Rehashed: Lessons learned from the Safe Skies TSA master key leak (CSO) Hackers discuss the problems with key escrow and government backdoors

Handling Cross-Site Scripting As Attacks Get More Sophisticated (Qualys Blog) Adopting third-party libraries to encode user input in the development phase and using a web application firewall in the deployment phase could fool web security managers into thinking their web applications are completely safe from Cross-Site Scripting (XSS) attacks

How to secure critical utilities (Help Net Security) Over the past few years the issue of cybersecurity and the threat of hackers stealing data has increased tenfold. Not a day goes by without a breach being reported of a retailer losing the credit card details, passwords or login information of thousands of customers

New Decryption Tools Aid Ransomware Fight (Infosecurity Magazine) Security firm AVG has fired back in the long-running tit-for-tat battle with the ransomware black hats by releasing a new tool to decrypt files locked with the Bart variant

Open Source Tools to Get Brussels Security Audit (Infosecurity Magazine) Apache HTTP Server and password manager Keepass are to receive a code audit from the European Commission (EC) after a public vote

Process safety and cyber security – they are not the same (Control Global) Moore Industries issued a very good white paper on a logic solver for tank overfill protection. Additionally, ABB and Siemens continue to issue articles about the use of integrated control and safety systems

Fight cyber threats by stepping up policies (Financial Planning) Amid mounting scrutiny from regulators, experts urge advisers to step up their policies and procedures to guard against cyber threats

Responding to a Cyber Attack: Counsel's Role (Lexology) A recent Tripwire survey of 150 information technology professionals in the oil, natural gas, and electricity sectors found that more than 75 percent worked at organizations that had experienced at least one cyber attack in the past 12 months, and more than 80 percent believe that such an attack will harm physical infrastructure this year.1 When a cyber attack affects a company, quickly involving counsel is vitally important to manage the potential consequences

Why cryptographic keys & digital certificates matter to DevOps (ComputerWeekly) What happened was the marketing people at Venafi hired a corporate brand consultant and asked them to come up with a funky term so that the firm didn’t have to just explain that it makes cryptographic keys and digital certificates

New Details of North Korean Spy Radio Messages Emerge (Defense News) A North Korean broadcast of numbers on June 24 ended a 16-year sojourn that is surprising many who thought Pyongyang had given up on the old spy trick

Marketplace

Core Security Combines Identity, Vulnerability, and Now Network Detection and Response as The Industry's First Complete Actionable Insight Platform (PRNewswire) Core Security®, a leader in Vulnerability and Access Risk Management, today announced the acquisition of Damballa, experts in network detection and response

Security-as-a-service startup StackPath nabs $180M, 4 acquisitions including MaxCDN (TechCrunch) A mass migration of IT services to the cloud, coupled with a huge growth of connected devices, has created a perfect storm for security breaches with some 400 million malware attacks identified last year alone according to IDC. Now, a new hopeful called StackPath believes it might have the key (and size) to fighting malicious hackers once and for all

Kenna Cybersecurity Fundraises on OurCrowd: Vulnerability Management (Crowdfund Insider) Among other sentiments, cybersecurity with particular reference to email and servers, have been buzzwords throughout the RNC that’s been occupying Cleveland these last days

As Microsoft invades its turf, Ottawa firm Titus decides to go big (Globe and Mail) Titus Inc. used to be a nearly invisible Canadian success story

FireEye: 3 Reasons To Buy (Seeking Alpha) Though FireEye shares have gained momentum on the back of buyout speculation, investors should not ignore the company's robust long-term prospects.

FirstWave Cloud Technology Ltd wins $2.4M in cloud security contracts (Proactive Investors Australia) FirstWave Cloud Technology Ltd (ASX:FCT) has booked $2.4 million worth of new contracts secured from 15 enterprise and government customers

Cylance® Hires Security Industry Veteran John McClurg from Dell (PRNewswire) McClurg joins new Office of Security and Trust to be led by Chief Security and Trust Officer Malcolm Harkins

Security Patches, Mitigations, and Software Updates

Critical holes in Micro Focus Filr found, plugged (Help Net Security) Popular enterprise file management and collaborative file sharing solution Micro Focus Filr sports half a dozen security flaws, most of which can be exploited – either by themselves or concatenated – to take over control of the (virtual) appliance

Cyber Attacks, Threats, and Vulnerabilities

Munich Shooter Invited People to McDonald’s using hacked Facebook account (Hack Read) Munich shooter Ali David Sonboly killed 10 people and injured 16 — police now confirm that David Sonboly hacked a Facebook account to tempt people into visiting McDonald’s for free food

‘The Blood Of Sinners Will Spill’ Claims Would-Be Olympic Terrorist (Vocativ) A forum thread reveals Brazilians openly plotting terror attacks during the Olympics

Don’t underestimate Islamic State. More atrocities are on their way (Guardian) The attacks in Nice and Bavaria show that as the organisation loses territory, it is becoming an ideological state inciting anyone it can influence to acts of violence

Al Qaeda chief urges kidnappings of Westerners for prisoner swaps: SITE (Reuters) Al Qaeda chief Ayman al-Zawahiri has appeared in an audio interview calling on fighters to take Western hostages and exchange them for jailed jihadists, the monitoring service SITE Intelligence Group said on Sunday

Is al-Qaeda’s affiliate in Syria no longer a ‘sideshow’? (Washington Post) The Obama administration has begun to see Jabhat al-Nusra, al-Qaeda’s affiliate in Syria, as a global threat that could eventually rival the Islamic State, echoing a Russian argument that it has long resisted

Anonymous Hacks Turkish Energy & Gas Provider Website (Hack Read) Anonymous hackers are conducting cyber attacks on Turkish cyberspace, especially after the failed coup — latest target is Izmir Gaz Company

WikiLeaks Involuntarily Exposes Personal User Information in Latest DNC Leak (Softpedia) Information on DNC donors exposed online via WikiLeaks dump

All Signs Point to Russia Being Behind the DNC Hack (Motherboard) In the wee hours of June 14, the Washington Post revealed that “Russian government hackers” had penetrated the computer network of the Democratic National Committee. Foreign spies, the Post claimed, had gained access to the DNC’s entire database of opposition research on the presumptive Republican nominee, Donald Trump, just weeks before the Republican Convention. Hillary Clinton said the attack was “troubling”

Clinton campaign — and some cyber experts — say Russia is behind email release (Washington Post) A top official with Hillary Clinton’s campaign on Sunday accused the Russian government of orchestrating the release of damaging Democratic Party records to help the campaign of Republican Donald Trump — and some cybersecurity experts agree

How Putin Weaponized Wikileaks to Influence the Election of an American President (Defense One) Evidence suggests that a Russian intelligence group was the source of the most recent Wikileaks intel dump, which was aimed to influence the U.S. election

Bernie Sanders Campaign Chief Says Someone Must Be 'Accountable' for What DNC Emails Show (ABC News) Bernie Sanders campaign manager Jeff Weaver said his team was "disappointed" by the emails from the Democratic National Committee leaked through WikiLeaks, which seemed to reveal staff in the party working to support Hillary Clinton

Wasserman Schultz to resign amid DNC email hack (Washington Examiner) Rep. Debbie Wasserman Schultz, chairwoman of the Democratic National Committee, announced her decision to resign Sunday amid controversy over leaked emails that exposed the DNC's underhanded efforts to stifle Sen. Bernie Sanders' popularity during the primary

Clinton campaign manager: Russians leaked Democrats’ emails to help Donald Trump (Washington Post) Hillary Clinton's campaign manager, Robby Mook, indicated that he believes "Russian state actors" had some involvement in the leaked Democratic National Committee emails that show top Democrats writing off Sen. Bernie Sanders's chances during the primaries

Top Republican lawmaker resigns suddenly citing "cyber security issues" (Daily Herald) State Rep. Ron Sandack, a Downers Grove Republican and vocal legislative ally of Gov. Bruce Rauner, is resigning from the Illinois House after saying he's had "cyber security issues" in recent days

A hackable election: 5 things you need to know about e-voting machines (CSO) E-voting machines without paper trails are still used in several U.S. states, leading to fears that a 'determined adversary' could hack this year's election

PowerWare Ransomware Masquerades as Locky to Intimidate Victims (Threatpost) A new variant of the PowerWare ransomware is stealing street creds from the Locky strain of ransomware in an attempt to spoof the malware family. A new sample of PowerWare found by Palo Alto Networks’ Unit 42 reveals the ransomware’s quickly evolving tactics

Experiencing slow internet? Your ISP may be under attack (Times of India) Have you experienced a painfully slow internet connection for a week? Are webpages loading after a prolonged delay or timing out? Well, you are under attack. Not you directly, but your internet service provider (ISP)

DDoS Attack Trends in the Gaming Industry (Value Hosted) From historic DDoS attacks against the PlayStation Network to the recent sustained attacks against Blizzard, DDoS attacks have become such a regular occurrence in the gaming industry that it has almost become an accepted part of the culture. Most of the DDoS attacks targeting the gaming industry fall into one of the two categories below. So let’s look at a few commonalities that indicate how and why these attacks occur

BlackMoon Banking Trojan Infected over 160,000 South Koreans (Tirate un ping) The crooks behind the recent campaign may be from China. Over 100,000 South Koreans had their banking credentials stolen by crooks who leveraged the BlackMoon banking trojan, also detected as W32/Banbra, Fortinet researchers reveal

Microsoft EOP exposes users to data breaches, whitepaper (SC Magazine) Vircom researchers believe that Microsoft Exchange Online Protection (EOP) may be exposing users and their networks to both data breach and data loss risks due to the manner in which EOP manages the retention and quarantining of spam email

Asiana Airlines' customer database leaked on Internet (Korea Times) Tens of thousands of items of sensitive passenger information have been leaked on the Internet in a large-scale private data breach against Korea’s second-biggest airline, Asiana Airlines

Warframe, Clash of Kings players’ info stolen after forum hacks (Help Net Security) Two new website hack/ user data theft combos have been revealed last week, and the victims are players of popular mobile real time strategy game Clash of Kings and online free-to-play third-person shooter Warframe

Researchers Put Together PHP Zero-Day in Order to Hack PornHub (Twrix) A team of three researchers went so far as to search and discover a PHP zero-day so they could hack PornHub as part of its official bug bounty program

Cyber attack on Hunting & Fishing (New Zealand Business Herald) Hackers have attacked Hunting & Fishing's website, forcing the company to keep it closed and issue a warning to customers about suspicious transactions

Wolverhampton Council Blunder Exposes Data on 10,000 (Infosecurity Magazine) Wolverhampton council is the latest local authority to have its knuckles wrapped by the Information Commissioner’s Office (ICO) after a data handling blunder led to it exposing the personal details of nearly 10,000 people

The use of protective relays as an attack vector – the cyber vulnerability of the electric grid (Control Global) Protective relays are used to protect electric equipment such as motors and generators from electric faults. As an analogy, they are the circuit breakers in your house

Banks on edge after spate of spectacular cyber heists (South China Morning Post) Cybersecurity specialists say recent attacks on Bangladesh, Vietnam and Ecuador are probably just the tip of the iceberg

Academia

Free Cyber Security Camp at USD Inspires Future Defense Experts (Times of San Diego) Inspiring a new generation of students to consider the cyber security field is the goal of a free summer day camp next week at the University of San Diego

Hackers convene in southern Utah for U.S. Cyber Challenge Program Read more: KCSG Television - Hackers convene in southern Utah for U S Cyber Challenge Program (KCSG) U.S. Cyber Challenge begins its final boot camp of the season next week in Utah at the Western Regional Cyber Camp

Partnership to create cybersecurity job, education oportunities in Southwest Virginia (Augusta Free Press) The University of Virginia’s College at Wise and the MACH37 Cyber Accelerator at the Center for Innovative Technology have agreed to a Memorandum of Understanding that will strengthen the cybersecurity industry and create new cyber jobs, internships, and educational programs in the Southwest Virginia region

DCC expanding offerings for growing cybersecurity field (GoDanRiver.com) Danville Community College is planning to expand offerings for cybersecurity and networking students, including offering a national security organization and Department of Homeland Security training certification program, DCC CyberCenter Director and Professor Steven Carrigan said recently

Litigation, Investigation, and Enforcement

Brazil arrests 10 Islamic State backers in alleged Olympics terror plot (Chicago Tribune) Ten Brazilians who pledged allegiance to the Islamic State militant group were arrested Thursday, authorities announced, describing them as "amateurs" who discussed on social media the possibility of staging attacks during next month's Olympics

Facebook, Twitter co-operated with Brazil probe of alleged militants (Reuters) The judge overseeing the probe that led to the arrest last week of suspected Islamist militants in Brazil said Facebook Inc. and Twitter Inc. co-operated with investigators by providing information about the suspects' use of both social networks

Aug. Sentencing for Couple Who Planned to Join Islamic State (AP via ABC News) A federal judge has scheduled sentencing next month for a Mississippi couple who pleaded guilty to planning to travel to Syria and join the Islamic State group

Ties with Turkey will be impacted if U.S. doesn't extradite Gulen: minister (Reuters) Turkey's ties with Washington will be impacted if the United States does not extradite the cleric it accuses of masterminding a failed military coup, Turkish Foreign Minister Mevlut Cavusoglu on Monday, adding he would meet with U.S. officials on the topic during a coming visit

Apple’s Touch ID blocks feds—armed with warrant—from unlocking iPhone (Ars Technica) Supreme Court has not ruled about compelled unlocking of fingerprint-locked devices

Law enforcement and IT security companies join forces to fight ransomware (Help Net Security) Today, the Dutch National Police, Europol, Intel Security and Kaspersky Lab launched the No More Ransom initiative, a new step in the cooperation between law enforcement and the private sector to fight ransomware together

The Missing Man at the Center of Hillary Clinton’s Email Scandal (Daily Beast) Hillary Clinton’s top techie took the Fifth when asked about her private servers. But he may not be able to stay silent

How the New York Fed fumbled over the Bangladesh Bank cyber-heist (Reuters) When hackers tried to steal nearly $1 billion from Bangladesh’s central bank, the Federal Reserve Bank of New York failed to spot warning signs and nearly let all the money go. Here’s the inside story of what happened

The KickassTorrents Case Could Be Huge (Wired) It was a legal iTunes purchase that helped the feds nab Artem Vaulin, the alleged proprietor of KickassTorrents (KAT), the world’s biggest purveyor of illegal torrent files. The irony is almost too much to bear pointing out. But according to one lawyer familiar with the ins and outs of copyright infringement, the case could have sweeping repercussions on how torrents are regulated

UK Security Firm Execs Admit to Hacking Rival Company (Softpedia) Quadsys employees accused of hacking rival's database

“Selfie war” paramedics accused of taking photos with unconscious patients (Naked Security) Two paramedics have been arrested and accused of conducting what police called the “sick game” of using patients in ambulances – some of them “intubated, sedated or otherwise unconscious” – as props in their selfie competitions

Bathroom Snapchat video of suicide teen ruled criminal by court (Naked Security) A California appeals court has rejected a student’s assertion that “making loud obscene noises” meant a fellow student in a school toilet had waived his right to not being videotaped and to have that video be posted to social media

Three Arrested For Cell Phone Hacking Scam (Dar) Defendants accused of using stolen phone details to make international calls charged to victims' accounts

Design and Innovation

Can MEMS be a sensor and a cryptographic device at the same time? (New Electronics) MEMS developers invest enormous effort as they struggle to eliminate process variations which result in imperfect devices, manufacturing yield loss and lower profit margins.Yet it’s ironic that the very flaws that plague MEMS sensors are in fact features for another application – cryptography

Industry Events

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

newly Noted Events

EDGE2016 Security Conference (Knoxville, Tennessee, USA, October 18 - 19, 2016) The EDGE2016 conference is where true collaboration between business and technology professionals happens. Combining engaging keynotes from world-renowned visionaries, recognized technology industry leaders, topical roundtables, training sessions, and industry-specific tracks, EDGE2016 is where complex business security problems meet real-world solutions.

2016 ICS Cyber Security Conference (Atlanta, Georgia, USA, October 24 - 27, 2016) As the largest and longest-running cyber security-focused conference for the industrial control systems sector, the event caters to the energy, utility, chemical, transportation, manufacturing, and other industrial and critical infrastructure organizations, including the military. The conference will address topics covering ICSs, including protection for SCADA systems, plant control systems, engineering workstations, substation equipment, programmable logic controllers (PLCs), and other field control system devices.

upcoming Events

Community College Cyber Summit (3CS) (Pittsburgh, Pennsylvania, USA, July 22 - 24, 2016) The third annual Community College Cyber Summit (3CS) is organized and produced by six Advanced Technological Education (ATE) centers funded by the National Science Foundation (NSF) and involved in cybersecurity. 3CS meets the perceived need for a national academic conference that focuses exclusively on cybersecurity education at the community college level. Faculty, administrators, and other stakeholders in community college cybersecurity education are invited and encouraged to attend

SANS San Jose 2016 (San Jose, California, USA , July 25 - 30, 2016) Information security training is coming to Silicon Valley from SANS Institute, the global leader in information security training. At SANS San Jose 2016, July 25-30, 2016, choose from 7 hands-on, immersion-style cybersecurity training courses taught by real-world practitioners. We will see you at The Westin San Jose, located in the heart of downtown San Jose. Now is the time to improve your information security skills. SANS San Jose 2016 features comprehensive hands-on technical training from some of the best instructors in the industry and includes several courses that will prepare you or your technical staff for DoD 8570 and GIAC approved certification exams. Start making your plans to attend now!

SANS ICS Security Summit & Training — Houston 2016 (Houston, Texas, USA, July 25 - 30, 2016) SANS has joined forces with industry leaders and experts to strengthen the cybersecurity of Industrial Control Systems (ICS). The initiative is turning ICS cybersecurity around by equipping both security professionals and control system engineers with the security awareness, work-specific knowledge, and hands-on technical skills they need to secure automation and control system technology. Register now for these ICS skills based courses.

AfricaHackOn (Nairobi, Kenya, July 28 - 29, 2016) What began as a casual meet up for information security professionals has become one of the formidable forces in the profession. That group is the AfricaHackOn. Housed under its parent umbrella, Euclid Consultancy Ltd, AH as fondly known, has traversed all odds to becoming a leading venture in raising awareness on matters affecting cyber security and also grooming upcoming talent into the job market. We have been poised to becoming a one stop shop for talent and resources in a field greatly short staffed.

Black Hat USA (Las Vegas, Nevada, USA, August 1 - 6, 2015) Black Hat — built by and for the global InfoSec community — returns to Las Vegas for its 18th year. This six day event begins with four days of intense Trainings for security practitioners of all levels (August 1-4) followed by the two-day main event including over 100 independently selected Briefings, Business Hall, Arsenal, Pwnie Awards, and more (August 5-6)

SANS Boston 2016 (Boston, Massachusetts, USA , August 1 - 6, 2016) SANS will be returning to Boston with an exceptional cyber security training lineup this August, including a special evening event hosted by Stephen Northcutt, where you'll get choose your favorite chowder! We are bringing our top courses and best instructors to make SANS Boston the perfect training event for you. You can't miss SANS comprehensive hands-on technical training from some of the best instructors in the industry.

Secure Bermuda 2016 (Bermuda, August 10, 2016) Industry-leading intelligence from expert cybersecurity thought leaders and innovators. In addition to human capital shortages, the Bermudian cybersecurity industry faces an uphill battle to keep up with the acceleration of Internet-connected technology. Join us on August 10th at the Hamilton Princess Hotel for Secure Bermuda 2016. In just one day, the event will provide essential intelligence that enables Bermudian technology leaders to drive their cybersecurity strategy forward. The conference covers today's cybersecurity trends and threats as well as those of the future, equipping delegates with the tools needed to cope in an increasingly complex landscape.

TECHEXPO Top Secret Polygraph-Only Hiring Event (Baltimore, Maryland, USA, August 10, 2016) Polygraph-Tested Professionals are invited to interview for new career opportunities on Wednesday, August 10 at the BWI Marriott in Baltimore, MD. A CI or Full Scope Polygraph is Required to Attend. Hot job opportunities are available in Cyber Security, Intelligence, Defense and IT. Hiring managers will be onsite to fill critical open positions.

Insider Threat Program Development Training For NISPOM CC 2 (Aberdeen, Maryland, USA, August 10 - 11, 2016) Insider Threat Defense will hold a two-day training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2). For a limited time the training is being offered at a discounted rate of $795 (normally $1395). The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained over one hundred fifty organizations and has become the "go-to company" for Insider Threat Program Development Training.

International Conference on Cyber Security (ICCS) 2016 (Kota, Rajasthan, India, August 13 - 14, 2016) The International Conference on Cyber Security (ICCS) 2016 is an unparalleled opportunity to discuss cyberthreat analysis, operations, research, and law enforcement to coordinate various efforts to create a more secure world. The ICCS 2016 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY. The conference program will include special sessions, presentations delivered by researchers from the international community, including presentations from keynote speakers and state-of-the-art lectures and keynote speeches

2016 Information Assurance Symposium (Washington, DC, USA, August 16 - 18, 2016) The Information Assurance Symposium is the premier IA event at which leaders and practitioners share vital information and provide direction and best practices to meet today’s challenges in IA and the cyber environment. The classification of the event is UNCLASSIFIED//FOR OFFICIAL USE ONLY. The 2016 IAS is expecting upwards of 2,000 attendees and will provide an excellent opportunity to learn and network with leading information assurance and cyber security professionals, subject matter experts and solution providers from throughout Government, industry and academia. The Information Assurance Symposium will include a variety of keynote sessions, five distinct tracts and panel discussions spanning over three days. It will also have a vendor expo where hundreds of exhibitors will display a wide variety of IA products, services and demonstrations. Exciting networking opportunities will be offered in the exhibit hall, all designed to enhance the IAS attendee experience.

Insider Threat Program Development Training (Washington, DC, USA, March 29 - 30, 2016) Insider Threat Defense announced it will hold a training class on Insider Threat Program Development (National Insider Threat Policy-NISPOM Conforming Change 2) on March 29-30, 2016, in Washington, DC. For a limited time the training is being offered at a discounted rate of $795. The training is comprehensive and provides students with the knowledge and resources to develop and implement a robust Insider Threat Program. Insider Threat Defense has trained a substantial number of organizations and has become the "Go To Company" for Insider Threat Program Development Training

SANS Alaska 2016 (Anchorage, Alaska, USA, August 22 - 27, 2016) SANS is bringing our renowned security training to Alaska! Join us in August for a week of hands-on training and compelling bonus sessions while taking in breathtaking views and experiencing the great Alaskan wilderness. SANS Alaska will feature two hands-on, immersion-style security training courses taught by real-world practitioners August 22-27, 2016 in Anchorage.

CISO New Jersey (Hoboken, New Jersey, USA, August 23, 2016) With newspaper headlines covering the latest data breaches, cloud computing security questions going unanswered and hackers developing more sophisticated attacks, the IT department has a growing responsibility to protect customer and company data. The CISO Summit brings together C-level IT security executives, industry analysts and solution providers to discuss challenges and best practices in a relaxed, yet focused business setting. Agenda sessions include panel discussions, think tanks, analyst Q&A sessions and much more.

CyberTexas (San Antonio, Texas, USA, August 23 - 24, 2016) CyberTexas was established to provide expanded access to security developments and resources located in Texas; provide an ongoing platform for the education and skill development of cyber professionals & job creation; build strong relationships with other U.S. and International geographies focused on cyber ecosystem development; bring national and international resources to the region to showcase Texas-based cyber assets; identify and encourage business opportunities within and outside of Texas; and create long-term value for the cyber security ecosystem of San Antonio and the State of Texas.

Chicago Cyber Security Summit (Chicago, Illinois, USA, August 25, 2016) The Cyber Security Summit is an exclusive conference series connects C-Suite & Senior Executives who are responsible for protecting their companies’ critical infrastructures with innovative solution providers and renowned information security experts. This educational and informational forum will focus on educating attendees on how to best protect highly vulnerable business applications and critical infrastructure. Attendees will have the opportunity to meet the nation’s leading solution providers and discover the latest products and services for enterprise cyber defense.

Air Force Information Technology and Cyberpower Conference 2016 (Montgomery, Alabama, USA, August 29 - 31, 2016) America is faced with a national emergency in cyberspace. US national security, economic vitality, financial stability and foreign policy are being eroded. Increasingly prevalent and severe malicious cyber activities are being directed against the DOD, USG, Private-Sector, Critical Infrastructure and Key Resource operators, Academia and Civil Society. USG industrial-aged thought, processes, and organizational relationship are not fostering “success” against decentralized, digital-age threat actors. An information-age solution is needed. Private-public dialogue is integral to building a new paradigm in which digital platforms are secure, and the nation is defended in a domain. Building bridges between government and the private sector is essential for victory. This conference will promote a national dialogue between the US Air Force, commercial businesses, academia and civil society to generate “whole of nation” strategies and processes aimed at overcoming challenges and ambiguities of an increasingly digital world.

CISO Toronto (Toronto, Ontario, Canada, August 30, 2016) A data breach is not only a PR nightmare, but cause for customers to turn to competitors, exposing sensitive company information and racking up fines from industry regulators. In order for organizations to operate smoothly, CISOs and IT security executives need to be ahead of the hackers, and kept abreast of the latest IT security topics and trends.

Sponsor & Support

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter’s financial reach, or it might just not be the right time for you to do those things. That’s why we launched our new Patreon site, where we’ve created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you’ll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.