Your cyber security news connection.

Greetings!

Special Section: breaking news from the Georgetown Cybersecurity Law Institute (our regular summary appears below)

The second and final day of Georgetown's Cybersecurity Law Institute opened with a long interview of recently retired FBI Director Robert Mueller. (Benjamin Powell, former general counsel at ODNI, conducted the interview.) Mueller traced his own interest in cyber security to his reading, in 1989, of Clifford Stole's book "The Cuckoo's Egg," which described the hunt for someone who hacked into Lawrence Berkeley National Laboratory. As Director, he saw firsthand the difficulty of attribution in the MafiaBoy denial-of-service attack case, an international investigation conducted by the FBI and Canada's RCMP.

In such cases it was important to identify the natural person responsible—the "warm body at the keyboard"—and such identification will remain important. More indictments like this week's charging of PLA hackers will surely come, and will be important in deterring not only individual criminals, but state services as well. He recommended that people read the indictment, calling the culpability of the individuals named "indisputable." (The recent arrests of BlackShades crimekit users afford another good example of a salutary deterrent.)

We've seen, Mueller added, many state-conducted attacks. While the PLA indictments dealt with information theft, he believes attacks will become increasingly destructive. 2012's attack on Saudi Aramco sets the template for the near future. He believes a large-scale destructive cyber attack to be "inevitable."

Companies need to identify both insider and external threats, and prompt detection is needed to stop and mitigate breaches. Seven out of ten of the businesses whom the FBI warned of breaches last year were unaware they'd been attacked, so there's clearly much room for improvement, both within the private sector and in terms of public-private cooperation. The private sector tends to connect with government episodically, often on the basis of who knows whom. Cyber security can (and has) taken lessons from counter-terrorism work, where cooperation among Federal, private, state, and local actors is relatively more advanced.

Mueller was, as Director, surprised at the degree to which companies feared they would lose either intellectual property or a market edge if they shared information. He thinks the Government might usefully provide companies protection from lawsuits prompted by information sharing.

Business, like government, continues to grapple with finding the right structures to deal with cyber risks. In the government, despite progress, there remain lanes that inhibit information sharing, and these need to be dealt with. NSA (which has "more geeks per square foot" than anyone else) is essential in interagency cooperation, particularly in the collaborative use of malware databases. The FBI's own cyber squad dates to 2002, and the Bureau now has more than one thousand specially trained cyber personnel available to respond quickly to incidents. It nonetheless remains tricky assembling the right expertise from around the country. We may have, in the future, virtual squads for investigation cyber attacks.

The FBI itself is a target, but Mueller treated this threat as a special case of the long familiar attempts by foreign governments and organized crime to compromise the Bureau. "The FBI's been a target for years. It's hit daily." The Bureau is ahead of the game in identifying internal threats (having for decades been concerned to identify spies). He thinks corporations haven't taken sufficient steps against insider threats, and that they could increase their security by systematically looking for anomalies.

In response to a question about what the Bureau is doing to recruit more cyber personnel (with an explicit reference to hiring people with tattoos, and an implicit reference to the present Director's joke about bringing in some hacker-stoners), Mueller made an interesting point. Pure technical skill is insufficient. You need cyber ability among your Special Agents, to be sure, but you also need traditional investigative aptitude, and that's the skill set the Bureau looks for.

An Enforcers' Roundtable followed former Director Mueller's interview. Representatives from CEB, the Connecticut Attorney General's office, the Federal Trade Commission, and the Department of Justice Criminal Division participated.

When asked what triggers an agency's involvement, the panel agreed that reports from agencies, victims, or press splashes all played a role, especially since finding one attack often leads to the discovery of others. The Federal Trade Commission representative pointed out that for a civil law enforcement agency like the FTC, news accounts and breach notifications are a great place to start.

The first thing a business should do is establish a plan before a breach occurs. Once there's a breach, a business should expect a lot of interaction with law enforcement. Be prepared for this, and don't underestimate the difficulty of improvising a breach response. A cursory customer service response won't cut it. The right people must be in place, their plans must be reasonable, and their plans must be carried out. You have to be able to execute the plan in a crisis. (The representative of Connecticut's Attorney General drew upon "I Love Lucy" for an example—Lucy and Ricky had thoroughly planned an impending childbirth, but the plans went out the window at the moment of labor, even with Fred and Ethel helping.)

Companies must reasonably oversee their third-party vendors? They can't assume a vendor's taking care of it.

Standards of reasonableness, as pervasive as they are throughout the law, continue to evolve, and those pertaining to cyber are of course still developing. Any granular cyber guidance from government would soon be overcome by events. One questioner suggested, reasonably, that more disclosure of government security practices might clarify reasonableness.

The Institute concluded with a simulation of cyber breach response. Among its lessons was advice to know your networks, know your data (and understand that it's an asset), and know your vendors. Compromise of a privileged ID is the attacker's Holy Grail, and international forensic investigations particularly benefit from ability to inspect machine data (as opposed to just user data).

Panelists stressed the importance of disciplined communications during a cyber incident. They also reinforced advice to have a pre-breach plan in place to avoid the "hair-on-fire" scramble of improvising during a cyber event.

Almost all cyber breaches have some human error at their root. The best prevention is job specific training and awareness. Job-specific reinforcement of sound cyber practices pays off. And it helps immeasurably if there's a good example at the top.

Today's regular daily summary starts here.

THE CYBERWIRE (Friday, May 23, 2014) — FireEye, which knows a thing or two about PLA cyber operations, backs the US indictment of Chinese cyber operators: among other indicators, the attackers' operational routine is entirely consistent with the rhythms of the Shanghai office workers exposed in APT 1. Vice News offers an interesting rundown of the episode's implications (read past the headline: "MIDLIFE" is a mechanically punning acronym). The US shows no inclination to back down from this confrontation with China as the two countries swap (so far relatively mild) trade and diplomatic jabs.

The eBay data breach has widespread effect, with some 145 million records exposed, and appears likely to join the Target breach in security folklore. Observers criticize the company's handling of customer notification, the ease or lack thereof of password resets, and the phishing capers the notification seems to have spawned. Questions about encryption are also raised, and eBay hastens to reassure customers that their passwords were also protected by "proprietary hashing and salting technology."

Long-known Internet Explorer 8 vulnerabilities remain open. Microsoft says it's working on a patch (but no release date is given). Do patch where fixes are available: a closed Word vulnerability is still being exploited in the wild.

Apple patches Safari with version 7.0.4. PayPal fixes a merchant account-hijacking bug. SourceForge undertakes a preventive, proactive password reset.

In industry news, Thales may be eying acquisition of Alcatel-Lucent's cyber business.

Legislation restricting bulk collection passes the US House to cold reviews.

A redacted report on Snowden's ("staggering," "grave") leaks is declassified.

A note to our readers—we'll be taking the day off Monday in observance of Memorial Day. The CyberWire will resume normal publication on Tuesday, May 27.

Today's edition of the CyberWire reports events affecting Australia, Canada, China, the European Union, France, Jordan, Oman, Pakistan, the Palestinian Territories, Russia, Syria, Taiwain, Thailand, the United Arab Emirates, the United Kingdom, and the United States.

Dateline Georgetown University Cybersecurity Law Institute (6)

Cyber Events (24)

Dateline Washington, DC: the latest from Georgetown

Mueller: Cyber experts need offline investigative skills (FCW) Robert Mueller said cybercrime investigators must be able to take the fight beyond cyberspace. Former FBI director Robert Mueller put in a good word for his old agency's improving cybercrime and cybersecurity workforce development, even as the federal government is ramping up efforts to recruit and train qualified personnel…

Buzzkill: FBI director says he was joking about hiring weed-smoking hackers (Naked Security) Sorry marijuana fans, the FBI won't be recruiting cyber-sleuthing stoners any time soon…

DHS official: Heartbleed has had 'minimal' impact on federal government (FierceGovernmentIT) Due to hard work and improved coordination throughout the federal government, the impact of the Heartbleed bug on the dot-gov domain has been minimal, said Larry Zelvin, director of the National Cybersecurity and Communications Integration Center within the Homeland Security Department's National Protection and Programs Directorate…

U.S. states probe eBay cyber attack as customers complain (Reuters) EBay Inc came under pressure on Thursday over a massive hacking of customer data as three U.S. states began investigating the e-commerce company's security practices…

Time for action on data security (The Lawyer) A recent Microsoft case in the US highlights the lack of clarity over data security, and European businesses need to take note…

L.A.'s Cyber Intrusion Command Center: A Model for Cybersecurity Governance? (Government Technology) IT governance and cybersecurity are two of the most critical issues in government, which is why Los Angeles is combining them in its new cyber command center…

Cyber Attacks, Emerging Threats, and New Vulnerabilities

FireEye Backs Washington with New APT1 Data Linking Attacks to China (InformationSecurity Magazine) Mandiant owner says connection days and times fit perfectly with the average PLA working day…

Chinese Cyber Attacks Trigger US MIDLIFE Crisis (Vice News) On Monday, the US Department of Justice (DoJ) indicted five members of the Chinese military for "cyber espionage against US corporations and a labor organization for commercial advantage," setting off a flurry of chatter, indictments, recriminations, and polemics covering just about everything under the sun. The most interesting part about all this is that it's a phenomenal example of a MIDLIFE crisis…

PLEAD Targeted Attacks Against Taiwanese Government Agencies (TrendLabs Security Intelligence Blog) In the recent 2H-2013 Targeted Attack Roundup Report we noted that we have been seeing several targeted attack campaign-related attacks in Taiwan…

Syrian SRS hackers Hacks King Abdullah of Jordan website in support of Syrian Refugees (HackRead) A group of Syrian hackers going with the handle of Syrian Revolution Soldiers (SRS) has hacked and defaced six high profile government websites of Kingdom of Jordan for not paying proper attention to the Syrian refugees. The targeted websites belong to King Hussein 1, Ministry of Planning and International Cooperation, Land Transport Regulatory Commission, Jordan Deposit Insurance…

Pakistani Police Website Hacked (eSecurity Planet) The hackers defaced the site with the statement, 'This site was hacked a victory for the Taliban'…

Hackers raid eBay in historic breach, access 145 mln records (Reuters) EBay Inc said that hackers raided its network three months ago, accessing some 145 million user records in what is poised to go down as one of the biggest data breaches in history, based on the number of accounts compromised…

By E-Mailing Hacking Victims, EBay Opens Users Up to More Risk of Attack (Bloomberg) After hackers stole e-mail addresses and other user data from EBay's network, the company announced today that it would e-mail users to suggest they change their passwords. That doesn't make a whole lot of sense…

"Recent Activity" Phishing Attacks on PayPal, Due to eBay Hack? (Softpedia) Marketplace eBay has been hacked, and about 145 million accounts have been affected. Email addresses, passwords, and personal user information have been swiped by the hackers, leaving everyone affected open to phishing attacks…

eBay Hack Raises Password 'Encryption' Questions (Threatpost) As is the case with most high-profile data breaches, despite an initial disclosure of information, more questions are inevitable…

After the breach: eBay's flawed password reset leaves much to be desired (Ars Technica) Site can make it hard to use long passwords, especially from manager software…

Reactions to the eBay breach (Help Net Security) A database containing eBay customers' name, encrypted password, email address, physical address, phone number and date of birth was compromised. Here are some of the comments we received…

After seven months and no Microsoft patch, Internet Explorer 8 vulnerability is revealed (ZDNet) Microsoft has failed to address a remotely exploitable security flaw affecting the most widely used version of Internet Explorer…

Patched Word Flaw Still Exploited Within Malware-Laced Assaults, Says Trend Micro (SPAMfighter) According to Trend Micro the security company, even after Microsoft patched a March 2014 declared security flaw in Word that allowed code execution from the remote, during April 2014, cyber-criminals yet continue to exploit it within their malicious attacks…

Have Hackers Defeated the iPhone Kill Switch? (Intego) Last month, I explained how iPhone and iPad users could enable a "Kill Switch," effectively making it much harder for thieves to sell stolen devices…

Sophisticated Google Drive phishing campaign persists (Help Net Security) Symantec researchers are once again warning about a sophisticated and persistent phishing campaign targeting Google users…

Beware #BringBackOurGirls email scammers (Graham Cluley) Last month, more than 200 innocent schoolgirls were seized in the north-eastern Nigerian state of Borno. To this day, many of them are believed to still be being held captive by members of the Boko Haram group…

Adobe Shockwave Lugging Around Hobbled, Vulnerable Version of Flash (Threatpost) It's bad enough that the Flash runtime bundled with Adobe's Shockwave player is deficient in security patches going back to January 2013, but what's worse is that the increased attack surface provided by Shockwave might make it easier to exploit. And, in the bargain, Adobe has known about the issue since October 2010…

Android Outlook App Could Expose Emails, Attachments (Threatpost) There are two issues with the way Microsoft's Outlook application encrypts content on older versions of Android that could expose users' emails and email attachments…

Bulletproof servers foil botnet/malware takedowns (SC Magazine) Check Point security innovations manager Tomer Teller says that the last two botnet/malware hosting operations his team worked with — in cooperation with the FBI and other parties — failed due to the use of bullet-proof hosting facilities by the cyber-criminal gangs concerned…

XML Schema, DTD, and Entity Attacks (Virtual Security Research via Packetstorm) The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. A core feature of XML is the ability to define and validate document structure using schemas and document type definitions (DTDs). When used incorrectly, certain aspects of these document definition and validation features can lead to security vulnerabilities in applications that use XML. This document attempts to provide an up to date reference on these attacks, enumerating all publicly known techniques applicable to the most popular XML parsers in use while exploring a few novel attacks as well…

SNMP DDoS Attacks Spike (Dark Reading) Akamai issues threat advisory on attack campaign that uses Team Poison-developed DDoS toolkit…

A peek inside a newly launched all-in-one E-shop for cybercrime-friendly services (Webroot Threat Blog) Cybercriminals continue diversifying their portfolios of standardized fraudulent services, in an attempt to efficiently monetize their malicious 'know-how', further contributing to the growth of the cybercrime ecosystem. In a series of blog posts highlighting the emergence of the boutique cybercrime-friendly E-shops, we've been emphasizing on the over-supply of compromised/stolen accounting data…

Despite source code leak, Android malware fetches top $5,000 price (IT World) Despite a leak of its source code, an Android program aimed at compromising online bank accounts is still commanding US$5,000 per copy, one of the highest prices seen for a type of malware, according to research from Symantec…

MHA Laptop Theft Exposes 5,500 People's Personal Data (eSecurity Planet) Names, addresses, birthdates and Social Security numbers may have been exposed…

Pennsylvania Dental Students Hit by Data Breach (eSecurity Planet) Students' names, e-mail addresses and Social Security numbers were mistakenly made available online…

UC Irvine Hacked (eSecurity Planet) Approximately 1,800 students' personal information may have been captured by keylogging malware…

Five new threats to your mobile device security (CSO) Google's Android operating system averaged 5,768 malware attacks daily over a six-month period, according to CYREN's Security Report for 2013…

Internet of Things (IOT): Seven enterprise risks to consider (TechTarget) The day when virtually every electronic device — from phones and cars to refrigerators and light switches — will be connected to the Internet is not far away. The number of Internet-connected devices is growing rapidly and is expected to reach 50 billion by 2020…

Privileged Use Also a State of Mind, Report Finds (Dark Reading) A new insider threat report from Raytheon and Ponemon reveals a "privileged" user mindset…

New Terrorism and New Media (Wilson Center) On the evening of March 1, 2011, Arid Uka, an Albanian Muslim living in Germany, was online looking at YouTube videos. Like many before him, he watched a jihadist video that presented the gruesome rape of a Muslim woman by US soldiers—a clip edited and posted on YouTube for jihadi propaganda purposes. Within hours of watching the video, Arid Uka boarded a bus at Frankfurt Airport, where he killed two US servicemen and wounded two others with a handgun…

Security Patches, Mitigations, and Software Updates

Apple Safari 7.0.4 closes 22 holes, including 21 listed under "arbitrary code execution" (Naked Security) Apple just pushed out another Safari update, bumping OS X's native browser to version 7.0.4…

PayPal fixes merchant account hijacking bug (Help Net Security) Well-known and prolific bug hunter Mark Litchfield has unearthed a pretty big flaw in PayPal Manager, which would allow attackers to hijack a merchants' account by changing their password, and consequently have access to their and their customers' personal information as well as being able to place orders from it…

SourceForge's turn to reset passwords — this time in a good cause! (Naked Security) Hot on the heels of eBay's password problems comes yet another password reset notification…

Microsoft Working on Patch for IE 8 Zero Day (Threatpost) Microsoft officials say they're well aware of the Internet Explorer 8 zero day disclosed Wednesday by the Zero Day Initiative and have been working on a fix for it. However, there's no stated timeline for releasing that patch…

Cyber Trends

Cybersecurity Goes Collaborative (PYMNTS) The aftermath of the recent major retailer breaches has led to a collaborative initiative that involves both private- and public-sector organizations working to create best practices and to share information to help improve retail-systems security…

Antivirus software can't keep up with new malware, Lastline Labs analysis finds (TechWorld) Startup runs malware through VirusTotal, gets depressing answer…

Cryptocurrency Mining: Could It Soon Replace Adverts? (Know Your Mobile) Tom Brewster investigates cryptocurrency mining and whether it's a suitable alternative to traditional adverts…

Divided we stand (The Economist) Organisms stop infections spreading by being diverse. So can computer apps…

More enterprises to adopt multi-factor authentication (Help Net Security) Rising security risks, and demand for seamless and secure access across any device, anytime, has triggered greater adoption of authentication solutions…

Cyber attacks on the rise across the Middle East and North Africa (The National) Ransomware attacks are on the rise in the Middle East proving to be an easy way for European cyber criminals to make money…

Marketplace

Vendors getting mixed messages on cybersecurity (FCW) Initiatives to help industry and government codify compatible cybersecurity requirements and capabilities are yielding some results, but acquisition experts say those plans have clouded federal cybersecurity acquisition efforts…

Thales to acquire Alcatel-Lucent cyber security business? (UPI) French companies Thales and Alcatel-Lucent are negotiating a strategic partnership that would see Thales taking over the cyber security and community security businesses of Alcatel-Lucent…

Proofpoint CEO: Target's Breach, Chinese Spying Boosting Security Biz (Yahoo Finance UK) Proofpoint's stock has come down this spring because of the snapback in tech valuations, nevertheless, internet security remains a hot space in the…

BlackPhone maker Silent Circle raises $30M, moves to Switzerland (Ars Technica) Crazy demand: CEO tells Ars he plans on shipping 3 million phones within a year…

Products, Services, and Solutions

ForeScout CounterACT Wins Gold in 2014 Govies Government Security Awards (MarketWatch) ForeScout Technologies , Inc., a leading provider of pervasive network security solutions for Fortune 2000 enterprises and government organizations, today announced its CounterACT™ platform has received gold status in the Network Security category of the 2014 Govies Government Security Awards competition…

CERN, MIT scientists launch Swiss-based secure webmail (Help Net Security) Last week marked the beta release of yet another encrypted, secure email service, and interest for it was so overwhelming that its developers had to temporarily close the signups…

Free App Lets the Next Snowden Send Big Files Securely and Anonymously (Wired) When Glenn Greenwald discovered last year that some of the NSA documents he'd received from Edward Snowden had been corrupted, he needed to retrieve copies from fellow journalist Laura Poitras in Berlin. They decided the safest way to transfer the sizable cache was to use a USB drive carried by hand to Greenwald's home in Brazil. As a result, Greenwald's partner David Miranda was detained at Heathrow, searched, and questioned for nine hours…

Facebook wants to listen in on your TV and music (Naked Security) Say, you don't mind if Facebook sticks one of your earbuds into its data-mining cranium, do you?…

Technologies, Techniques, and Standards

Malware detection in the user profile directory (TechTarget) While looking through RSA's Blueprint report, I noticed that it advises security teams to look through user profile directories for what they call "atypical location" installs. What do they mean by atypical locations, and why are malware authors presumably taking advantage of user profile directories for their malicious activities?…

Could staff training help to guard against cyber attacks? (TechRadar) The latest headlines are awash with news of security breaches at major companies, including the likes of Morrisons, Target and Kickstarter…

The Only 2 Things Every Developer Needs To Know About Injection (Dark Reading) There's no simple solution for preventing injection attacks. There are effective strategies that can stop them in their tracks…

Application Performance Management Offers Security Benefits (eSecurity Planet) Administrators use application performance management (APM) tools to meet ebbs and flows of demand. But few leverage the security benefits offered by APM solutions…

Research and Development

Mere possibility of measurement makes QKD protocol secure (Ars Technica) What if Eve listened, but heard nothing but noise?…

The quest for true randomness and uncrackable codes (YourIs) Quantum cryptography is said to be uncrackable. It will stay safe, but only if true randomness, the generation and use of intrinsically random numbers, can be achieved…

One of these defense projects could become bigger than the internet (Quartz) Forty years ago, a group of researchers with military money set out to test the wacky idea of making computers talk to one another in a new way, using digital information packets that could be traded among multiple machines rather than telephonic, point-to-point circuit relays. The project, called ARPANET, went on to fundamentally change life on Earth under its more common name, the Internet…

Darpa Is Weaponizing Oculus Rift for Cyberwar (Wired) For the last two years, Darpa has been working to make waging cyberwar as easy as playing a video game. Now, like so many other games, it's about to get a lot more in-your-face…

Academia

Discoveries By UNH Cyber Researchers Put Young Program In Tech Spotlight (The Courant) A group of "white hat" computer hackers at the University of New Haven uncovered security holes in two commonly used free texting apps this semester, briefly making them the toast of the worldwide tech media and providing welcome exposure for their nascent cyber forensics program…

MSU recertified as leading cyber security learning center (Mississippi Business Journal) Federal officials have reaffirmed Mississippi State University as a leading institution for cyber security education and research…

Legislation, Policy, and Regulation

Q & A: Adam Segal on China, Cyberspies and the Moral High Ground (New York Times) This week, the United States took its most aggressive step yet in trying to curb what it calls Chinese state-sponsored hacking attacks aimed at stealing trade secrets from American corporations. The Justice Department on Monday announced an indictment against five members of the People's Liberation Army accused of corporate cyberespionage. United States officials say the five men belong to Unit 61398, which operates out of an office tower on the outskirts of Shanghai…

Navy Braces For Backlash After PLA Cyber Indictments (Breaking Defense) The Justice Department's indictment of five People's Liberation Army officers on charges of cyber-espionage may prove to be a double-edged sword for the US military…

U.S. State Department stops Chinese delegations from attending Colorado Springs event (The Gazette) Three days before most of the world learned that the U.S. indicted five Chinese military officials for industrial spying, the U.S. State Department took action behind the scenes in a move that kept 16 people from China from attending an event in Colorado Springs this week…

China responds to NSA tampering with network gear vetting process (Ars Technica) China will ban import of "unsafe" tech to counter NSA and slap US companies…

Spy charges expose US cyber hegemonic mentality (Xinhua via the Pakistan Observer) The United States has indulged in its cyber hegemony mentality again as it filed ungrounded commercial cyber espionage charges against five Chinese military officers…

House passes USA Freedom Act, ending NSA bulk collection of American phone records (AP via US News and World Report) The House on Thursday passed legislation to end the National Security Agency's bulk collection of American phone records, the first legislative response to the disclosures by former NSA contractor Edward Snowden…

NSA reform falters as House passes gutted USA Freedom Act (Ars Technica) So-called reform measure still grants NSA broad access to phone metadata…

NSA's John DeLong on Privacy Compliance (IC on the Record) The National Security Agency this week granted FedScoop an exclusive interview with John DeLong, the agency's director of compliance. I sat down with DeLong at the National Cryptologic Museum across from NSA headquarters, and he agreed to a wide-ranging discussion of what his office does at NSA and the lengths to which NSA goes to ensure it operates within the confines of the law…

DHS: Lack of cyber law caused 'unnecessary delays' in Heartbleed response (Federal Times) The U.S government was forced to act quickly to fix the Heartbleed vulnerability that compromised hundreds of thousands of websites last month, but Homeland Security Department officials say that Congress' failure to pass cybersecurity legislation slowed their ability to respond to the weakness…

Thailand's coup d'état has a social media blindspot (Quartz) When the Thai military declared a coup d'état yesterday, one of its first moves was to shut down the country's TV broadcasters. But Thais are among the world's most enthusiastic social media users, so many its citizens simply shrugged at the blackout, picked up their smartphones, and turned to Twitter, Facebook, and Instagram to discuss the latest military intervention—the second in eight years, and the 12th since the country ended its absolute monarchy in 1932…

What does GCHQ know about our devices that we don't? (Privacy International) While the initial disclosures by Edward Snowden revealed how US authorities are conducting mass surveillance on the world's communications, further reporting by the Guardian newspaper uncovered that UK intelligence services were just as involved in this global spying apparatus. Faced with the prospect of further public scrutiny and accountability, the UK Government gave the Guardian newspaper an ultimatum: hand over the classified documents or destroy them…

Litigation, Investigation, and Law Enforcement

FBI head: Cyber crime posing 'enormous challenge' (AP via Adirondack Daily Enterprise) Law enforcement faces an "enormous challenge" in preventing state-sponsored cyber crimes, FBI Director James Comey said Wednesday, days after the Justice Department announced charges against five Chinese military officials accused of hacking into American companies to steal trade secrets…

Pentagon Report Calls Scope Of Snowden Leaks "Staggering," Their Impact "Grave" (TechCrunch) The Snowden Effect, that mix of consciousness raising and potential legal reform of government surveillance, has another side to it: the impact of Snowden's revelations on those revealed…

Department of Defense Information Review Task Force-2 Initial Assessment (IC on the Record) Impacts resulting from the Compromise of Classified Material by a Former NSA Contractor…

FBI withdraws national security letter following Microsoft challenge (Ars Technica) Rather than litigating gag order, FBI goes directly to the customer…

Hackers in chains: 13 of the biggest US prison sentences for electronic crime (FierceITSecurity) Last week David Camez gained the dubious distinction of having the longest U.S. prison sentence ever for electronic crime—tied only with one other, perhaps better-known individual, Albert Gonzalez…

You should fear background checks even if you've done nothing wrong (Quartz) I'm pretty sure I'm the only person named "Dan Fleshler" in the United States. That's good news. If my last name were Jones—or Smith, or Harris, or another common moniker—I might have suffered the Kafkaesque fate of Kevin A. Jones…

SpyEye-using Cybercriminal Arrested in Britain (Trend Micro) We've recently seen multiple arrests and take downs of cybercriminals and their infrastructure. Here is another one to add up. Law Enforcement in England has arrested and prosecuted a cybercriminal called Jam3s in cooperation with Trend Micro. His real identity is James Bayliss. James ran some SpyEye command-and-control servers and also coded a SpyEye plugin named ccgrabber. More than four years after the investigation started, this cybercriminal has been successfully prosecuted…

AFP arrests man over Melbourne IT hack (IT News) Police nab two alleged 'Anonymous' members. The Australian Federal Police has arrested two men over an alleged hacking campaign which targeted local corporate and government websites, one of whom the agency claims was involved in the 2012 attack on domain name registrar Melbourne IT…

Cyber Events

For a complete running list of events, please visit the event tracker on the CyberWire website.

Newly Noted:

AFCEA DC Chapter 5th Annual Cybersecurity Symposium (Washington, DC, USA, May 28, 2014) 5th Annual Cybersecurity Symposium featuring Government Keynotes and "Latest and Greatest" Information on Cyber Trends, Initiatives, Threats & more. This event attracts upwards of 800 folks annually. Break-out sessions planned focusing on Government problems and solutions.

AFCEA Presents: Insider Threat to Small Business (Fairfax, Virginia, USA, June 5, 2014) One of the biggest myths is that "I'm too small for cyber attackers to care about me." This common misperception leads to tremendous vulnerabilities as companies do not understand implications for their intellectual property and/or their link to others as part of the larger supply chain. Mr. Bill Wright will brief on Symantec's recently released 2014 report on cyber attacks, including the devastating facts on attacks on small- and medium-sized businesses.

AFCEA International Cyber Symposium (Baltimore, Maryland, USA, June 24 - 25, 2014) National security is continuously being redefined as awareness of the cyberspace domain evolves. Cyber threats and challenges grow every day. Successfully defending our networks requires a team approach. With this in mind, the AFCEA International Cyber Symposium will engage the key players, including the U.S. Government, the International Community, Industry and Academia, to discuss the development of robust cyberspace capabilities and partnerships. The operational theme "Cyber Awakening: Protecting a Nation's Cyber Security" will explore the aspects of operational security of U.S. Government, DoD and Industry Networks, cyber cooperation among Joint and Coalition partners, and discuss the training and development of the cyber workforce.

Passwords14 (Las Vegas, Nevada, USA, August 5 - 6, 2014) Passwords is the first and only conference of its kind, where leading researchers, password crackers, and experts in password security from around the globe gather in order to better understand the challenges surrounding digital authentication, and how to adequately address them.

Remaining This Month:

3 Day Startup (San Antonio, Texas, USA, May 23 - 25, 2014) The nation faces tremendous challenges to our online security. Turn innovative ideas into startups that protect our information and our livelihood. 3 Day Startup is an entrepreneurship program designed with an emphasis on learning by doing. The idea is simple: start tech companies over the course of three days.

CANSEC (Ottawa, Ontario, Canada, May 28 - 29 2014) CANSEC is Canada's foremost defence tradeshow. A two-day event, CANSEC will feature 120,000 square feet of indoor exhibits by Canada's leading edge defence companies, as well as an outdoor static display. This tradeshow targets a wide audience of customers that includes Government agencies and departments with an interest in the defence sector.

Hack in The Box Security Conference (HITBSecConf) Amsterdam (Amsterdam, the Netherlands, May 29 - 30, 2014) HITBSecConf Amsterdam is a gathering of network security professionals and enthusiasts who come from all corners of the globe to discuss the next generation of attacks and defense techniques. This is not an event you come to for 'security 101' talks or marketing hype. We cover stuff that hasn't made it into the news — yet. Potential security issues coming our way in the next 12 months.

Coming Next Month:

Area41 (Zurich, Switzerland, June 2 - 3, 2014) Area41 is an international security technology and research conference offering both trainings/workshops and traditional presentation tracks.

The Device Developers' Conference: Manchester (Manchester, England, UK, June 3, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.

NSA SIGINT Development Conference 2014 (Fort Meade, Maryland, USA, June 3 - 4, 2014) This classified conference will focus on the preeminent intelligence issues facing those who are tasked with SIGINT as part of their mission. Over 1500 participants from the US intelligence community and throughout the world will attend this conference.

The Device Developers' Conference: Scotland (Uphall, Scotland, UK, June 5, 2014) The Device Developers' Conference is an annual UK event for the developers of intelligent systems and devices. The objective is to provide an event that provides engineers with an opportunity to learn about the latest tools, technologies and techniques for the successful development of leading edge electronic products and systems.

The 2014 Cyber Security Summit (DC Metro) (Tysons Corner, Virginia, USA, June 5, 2014) The Cyber Security Summit, an exclusive conference series sponsored by The Wall Street Journal, has announced their inaugural DC Metro event. The event will connect C-Level & Senior Executives responsible for protecting their companies' critical infrastructures with cutting-edge technology providers and renowned information security experts. This informational forum will focus on educating attendees on how to best protect their highly vulnerable business applications and intellectual property. Attendees will have the opportunity to meet the nation's leading solution providers and discover the latest products and services for enterprise cyber defense.

MIT Technology Review Digital Summit (San Francisco, California, USA, June 9 - 10, 2014) The MIT Technology Review Digital Summit examines tomorrow's digital technologies and explains their global impact on both business and society. You'll get insider access to the innovative people and companies at the heart of the next wave of the digital revolution.

Cyber 5.0 Conference (Laurel, Maryland, USA, June 10, 2014) The mission of the Cyber Conference is to provide a forum for small and mid-sized businesses in Howard County and the region to access industry and government leaders with current information on cybersecurity that will improve their market position, enhance their corporate security policies and infrastructure, identify potential business opportunities, and provide a take away of information and contacts for follow-up that assists businesses in understanding the role they play in national cybersecurity and how they can address those challenges. All businesses have a role to play in protecting the national security of our infrastructure.

Global Summit on Computer and Information Technology (Sousse, Tunisia, June 14 - 16 2014) The summit is hosting multiple conferences in different areas of Computer & Information Technology. CIT is a major platform for researchers and industry practitioners from different fields of computer and information technology promising multidisciplinary exchanges in computer and information technology. We are attracting many high quality research papers spanning over the various aspects of information technology, computing science and computer engineering. Such research highlights foundational work that strives to push beyond limits of existing computer technologies, including experimental efforts, innovative systems, and investigations that identify weaknesses in existing IT services.

NRC Cyber Security Seminar/ISSO Security Workshop (Bethesda, Maryland, USA, June 16, 2014) NRC will be hosting its second NRC Semi-Annual All-Hands ISSO Workshop. This workshop will consist of computer security policy, standards, cybersecurity, guidance, FISMA compliance, and training updates. The event will be promoted agency-wide. Exhibit tables will be set-up just outside the Auditorium and companies will have the opportunity to demo their latest technologies to NRC's IT personnel. A complete agenda will be posted once all speakers are confirmed.

2014 Spring National SBIR Conference (Washington, DC, USA, June 16 - 18, 2014) SBIR/STTR programs are the nation's largest source of early stage / high risk R&D funding for small business. At this conference you'll learn how to participate and compete for funding in these two programs that encourage small businesses to engage in Federal Research/Research and Development (R/R&D) and to commercialize your technological innovations.

18th Annual Colloquium for Information Systems Security Education (San Diego, California, USA, June 16 - 18, 2014) The Colloquium recognizes that the protection of information and infrastructures that are used to create, store, process, and communicate information is vital to business continuity and security. The Colloquium's goal is to work together to define current and emerging requirements for information assurance education and to influence and encourage the development and expansion of information assurance curricula, especially at the graduate and undergraduate levels.

MeriTalk's Cyber Security Brainstorm (Washington, DC, USA, June 18, 2014) This second annual event will take place on Wednesday, June 18 2014 at the Newseum in Washington D.C. The event will bring together Federal cyber security experts to share best practices, collaborate on challenges, and discuss what is needed for the future of cyber security. This year's program will begin with a keynote from White House Federal Agency Cybersecurity Director John Banghart, followed by panel sessions on continuous diagnostics & mitigation (CDM), data breach, and identity management.

Suits and Spooks New York (New York, New York, USA, June 20 - 21, 2014) Not another hacker conference. Suits and Spooks is a unique gathering of experts, executives, operators, and policymakers who discuss hard challenges in a private setting over two days. This two-day event will be held June 20 - 21, 2014.

SANSFIRE (Baltimore, Maryland, USA, June 21 - 30, 2014) For more than 10 years, the Internet Storm Center has been providing free analysis and warning to our community. SANSFIRE 2014 is not just another training event. It is our annual "ISC Powered" event. It taps into the expertise behind our daily postings, podcasts, and data collection efforts by offering evening events focusing on current trends and actual relevant threats. The strength of the Internet Storm Center is its group of handlers, who are network security practitioners tasked with securing real networks just like you. This is your chance to meet some of them in person.

26th Annual FIRST Conference (Boston, Massachusetts, USA, June 22 - 27, 2014) The Forum of Incident Response and Security Teams (FIRST) is a global non-profit organization dedicated to bringing together computer security incident response teams (CSIRTs) and includes response teams from over 240 corporations, government bodies, universities and other institutions spread across the Americas, Asia, Europe and Oceania. The annual FIRST conference provides a setting for conference participants to attend a wide range of presentations delivered by leading experts in both the CSIRT field and from the global security community. The conference also creates opportunities for networking, collaboration, and sharing technical information and management practices. The conference enables attendees to meet their peers and build confidential relationships across corporate disciplines and geographical boundaries. FIRST conference participants include not only CSIRT staff, but also IT managers, network and system administrators, software and hardware vendors, law enforcement representatives, security solutions providers, telecommunications organizations, ISPs, and general computer and network security personnel.

Gartner Security & Risk Management Summit 2014 (National Harbor, Maryland, USA, June 23 - 26, 2014) The Gartner Security & Risk Management Summit is the only time when the entire Gartner analyst and security and risk management community come together in one location to bring the latest research, insights and forward-thinking perspectives.

United Nations Interregional Crime and Justice Research Institute Cyber Threats Workshop (Turin, Italy, June 27 - 29, 2014) The United Nations Interregional Crime and Justice Research Institute (UNICRI) is organizing a series of workshops and short courses within the framework of the UNICRI Journalism and Public Information Programme, a unique international programme tailored for journalists, chief information officers and students who want to specialize in public information and journalism. The programme aims at deepening knowledge of emerging security threats.

the cyberwire
Compiled and published by the CyberWire editorial staff. Views and assertions in linked articles are those of the authors, not the CyberWire.
The CyberWire is supported by CyberPoint International and its community partners. We invite the support of other organizations with a shared commitment to keeping this informative service free and available to organizations and individuals across the globe.