Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
Officers The articles and information appearing herein are intended for President educational purposes to promote discussion in the public interest and to Larry K. McKee, Jr. keep subscribers who are involved in the development of Cyber-related concepts and initiatives informed on items of common interest. The Chief Operations Officer newsletter and the information contained therein are not intended to Jim Ed Crouch provide a competitive advantage for any commercial firm. Any misuse or unauthorized use of the newsletter and its contents will result in removal ------from the distribution list and/or possible administrative, civil, and/or CyberPro Editor-in-Chief criminal action. Lindsay Trimble The views, opinions, and/or findings and recommendations contained in CyberPro Research Analyst this summary are those of the authors and should not be construed as an Kathryn Stephens official position, policy, or decision of the United States Government, U.S. Department of Defense, or National Security Cyberspace Institute.
CyberPro Archive
To subscribe or unsubscribe to this newsletter click here CyberPro News Subscription.
Please contact Lindsay Trimble regarding CyberPro subscription, sponsorship, and/or advertisement.
All rights reserved. CyberPro may not be published, broadcast, rewritten or redistributed without prior NSCI consent.
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 1
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
TABLE OF CONTENTS
This Week in CyberPro ...... 5 Education & Training ...... 6 Cyberspace – Big Picture ...... 8 Cyber-Attack Just a Click Away ...... 8 Time to Move Toward a More Secure Cyberspace ...... 8 Center for Cyberspace Research Awarded a $2.1 Million Grant ...... 8 Government, Industry Create Threat Forum for Power Grid ...... 9 International Perspectives: Cyber Security ...... 9 Employers Crack Down on Social Networking, Web Surfing at Work ...... 9 Cyberspace – U.S. Government ...... 10 Making Cyber-Security a National Priority ...... 10 NIST Eyes IT Lab Reorganization ...... 10 Guidelines Aim to Close Gaps in Cybersecurity ...... 10 U.S. Pledges $1.2 Billion for Digital Health Networks ...... 11 Audit of Dept. of Energy Reveals Unaddressed Problems ...... 11 National Defense Network Created to Fight Cyber Attacks ...... 11 Pre-Empting a Digital Pearl Harbor ...... 11 U.S. Cyber Leadership Debate ...... 12 Langevin ‘Concerned and Disappointed’: Still No Cybersecurity Czar...... 12 Cybersecurity Resignations Raise Questions ...... 13 Obama is Failing the Cybersecurity Test ...... 13 Cyber Exits Lamented Coast to Coast ...... 13 Janet Napolitano: The Cyber Czar? Part 2 ...... 14 Cyberspace – Department of Defense (DoD) ...... 14 New Flash Drives Arrive on Market for DoD ...... 14 Collaboration Key to Success in Cyber Operations...... 15 Breaking Down the Military Fiefdoms by Building a ‘Fifth Arm’ to Combat Cyber Security ...... 15 DoD Likely to Adopt Limited Social Networking ...... 15 Signs of Support for DoD 2.0 ...... 15 National Guard Embraces Social Media ...... 16 Butler Tapped for Cyber/Space Policy Slot ...... 17 110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 2
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
24th Air Force Activated, 2 Units Realign in Joint Ceremony ...... 17 Air Force Establishes New, ‘Reduced’ Cyber-War Command ...... 17 Leaders Issue Joint Message, Define Cyber Mission...... 17 Northrop Grumman’s Cybersecurity Team Receives Army Information Operations Award Potentially Worth $430 Million ...... 17 The Three-Star Navy Cyber Command ...... 18 Navy CIO Says Cybersecurity is an Urgent National Issue ...... 18 Cyberspace – Department of Homeland Security (DHS) ...... 19 Agencies Struggling Over Control of Cybersecurity Overblown, say DHS Officials ...... 19 DHS Plans Wiki for Agencies, Cybersecurity Centers to Coordinate Efforts ...... 19 DHS Plans Cybersecurity Wiki ...... 19 Cyberspace – International ...... 20 Waging War on Gangsters Who Stalk the Internet...... 20 Citizen Soldiers Wage Cyberwar ...... 20 The Twitter Fiasco: A Bungled Caper by Russian Intelligence ...... 20 Georgian Blogger Says Will Not Be Silenced ...... 20 U.S. Tests Censorship Circumvention Tool; Chinese Shrug ...... 21 China Scales Back Censorship Plans ...... 21 British Government Puts a Food in It ...... 22 Management Plan Drawn for Meeting Crisis Out of Cyber Attacks ...... 22 Cyberspace Research ...... 22 Botmaster: It’s All About Infecting, Selling Big Batches of Bots ...... 22 Millions of E-mail Viruses Bypass Major Anti-Virus Engines ...... 23 Social Sites Being Targeted More by Criminals ...... 23 Botnets Go Public By Tweeting on Twitter ...... 23 Criminals Increase Attacks on Social Networking Sites ...... 23 Survey: Social Networks Increasingly Blocked ...... 24 Social Zombies Out for Your Network, Not Brains ...... 24 Insider Risk Problem Revealed ...... 24 Virus Arms Race Primes Malware Numbers Surge ...... 24 Sandia to Boot Behemoth Botnet ...... 25 Cyberspace Hacks and Attacks ...... 26 Attacks on U.S., Korean Web Sites Leave a Winding Trail ...... 26 July DDoS Damage Could Have Been Contained ...... 26 110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 3
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
Denial-of-Service Attacks Hard to Kill ...... 26 Twitter’s Biz Stone: Lessons Learned from Crippling DDoS Attack ...... 27 Twitter Withstands Second DDoS Attack in a Week ...... 27 Forensic Analysis Reveals Twitter Attack Details ...... 27 The Fake Facebook Friend: ‘Please Help Me’ ...... 28 European Cyber-Gangs Target Small U.S. Firms, Group Says ...... 28 57,000 Web sites Compromised in Mass Attack, ScanSafe Reports ...... 28 Could Google be Tricked Into Talking to Botnets? ...... 28 Are Software Houses Infecting Their Customers ...... 29 Cyber Heist Crushes Bank ...... 29 Hackers and Malware Developers are Turning Their Attentions to the Smartphone ...... 29 Cyberspace Tactics and Defense ...... 30 Microsoft Working to Eliminate Internet Anonymity ...... 30 IEEE Program Brings Security Vendors Together ...... 30 IT Regulation Will Weed out Bad Technology ...... 30 Microsoft Team Traces Malicious Users ...... 30 Cyberspace - Legal ...... 31 Health Care Breach Notification Mandated ...... 31 Three Indicted for Hack Attacks on Heartland, Hannaford ...... 31 Two Convicted for Refusal to Decrypt Data ...... 32 Cyberspace-Related Conferences ...... 33 Cyberspace-Related Training Courses ...... 33 Cyber Business Development Opportunities ...... 36 Employment Opportunities with NSCI ...... 38 CyberPro Content/Distribution ...... 38
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 4
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
THIS WEEK IN CYBERPRO
BY LINDSAY TRIMBLE, NATIONAL SECURITY CYBERSPACE INSTITUTE, INC.
A recent article in World Politics Review discusses the importance of developing an international treaty on cybercrime (page 8). This necessary increase in global collaboration and an international definition outlining what constitutes a cyber act of war would increase the ability to prevent cyber war. U.S. President Barack Obama has called cyber attacks one of America’s “most serious economic and national security challenges” (page 8) and a recent House Armed Service Committee hearing made “Cyberspace as a Warfighting Domain” its focus. Many are recognizing the importance of increasing cyber defenses to prevent a “digital Pearl Harbor” (page 11).
Some are questioning whether Obama is fulfilling his commitment to place cybersecurity at the top of his agenda. Following the resignations of Melissa Hathaway of the National Security Council and Mischel Kwon of the Department of Homeland Security, some experts say that the Obama administration is failing to develop a new, unified cybersecurity strategy (page 13). The delay in appointing a federal cyber czar has also caused apprehension; Rep. Bennie Thompson (D-Miss.), chairman of the House Homeland Security Committee, said that he is concerned about the “loss of momentum on cybersecurity.” Experts say the position is tough to fill because many cybersecurity professionals do not want to leave a high- paying job in the private sector to take on a “high-pressure temp job” (page 13). Along with international collaboration and national leadership, educating civilians in the importance of cybersecurity is crucial. Susan Brenner, professor of law and technology at the University of Dayton School of Law, said that “civilian participation in cybersecurity is absolutely essential because the systems used in attacks and most of the systems attacked are owned and operated by civilians” (page 10).
The U.S. military is taking steps that demonstrate the Department of Defense commitment to improved cyber defense. The Air Force recently activated the 24th Air Force at Lackland Air Force Base in San Antonio, Texas, to oversee cyber operations and provide “combat-ready forces trained and equipped to conduct sustained cyber operations” (page 17). The Navy has plans to create a new Fleet Cyber Command in the near future, as well (page 18). Reports say the new command will be led by a three-star admiral, adding to the team led by Vice Adm. Denby Starling II at the Naval Network Warfare Command in Little Creek, Va.
Distributed denial-of-service attacks on South Korean and U.S. government Web sites in July (page 26) and more recent attacks on social networking sites including Twitter (page 27) have highlighted cyber crime in the news. To learn about the latest security threats compromising information systems, consider attending Cybercrime Security Forum 2009, Oct. 26 to 28 in Herndon, Va. (page 6).
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 5
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
EDUCATION & TRAINING
Save $200 on registration for the Cybercrime Security Forum 2009
Cyber criminals can run but they can’t hide when you are prepared to protect your organization against threats, attacks and exploits.
Please join Global Knowledge and the Cybercrime Security Team at Cybercrime Security Forum 2009. You will not want to miss this information-packed three-day network security event. Attend this event and you will hear and learn about the latest security threats, attacks and exploits compromising government agencies’ information and information systems and how you can protect and defend your organization against them.
Register by Sept. 1 and you’ll save $200!
Cybercrime Security Forum 2009 Date: Oc t. 26-28, 2009 Location: CIT Complex, Herndon, VA
Who should attend? This is an ideal event for government personnel and contractors who are responsible for protecting their networks and mission-critical applications and information.
For more information and to register for CyberCrime Security Forum 2009, visit: www.globalknowledge.com/Cybercrime09 .
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 6
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
Don’t Let Hackers Take Advantage of You
There is no doubt that the tools hackers use to wreak havoc have become more and more sophisticated and the destruction left in their wake has created immeasurable costs to organizations.
Don’t give hackers the chance to take advantage of your organization. Get the knowledge and skills you need to proactively protect and defend your mission critical information and information systems.
Our Foundstone Ultimate Hacking series of courses will help you:
o Recognize vulnerabilities o Develop and implement countermeasures o Perform ongoing assessments o Penetrate and secure networks and hosts
Foundstone Ultimate Hacking Series: Foundstone Ultimate Hacking – Course Code 9810* Foundstone Ultimate Hacking: Expert – Course Code 9811 Foundstone Ultimate Hacking: Windows Security – Course Code 9812* Foundstone Ultimate Web Hacking – Course Code 9815*
*Courses qualify for CPE hours for CISSP/SSCP holders and CE hours for CISA/CISM holders.
For more information or to schedule a course, call 1-877-333-8326.
Intelligent Software Solutions ISS is a leading edge software solution provider for enterprise and system data, services, and application challenges. ISS has built hundreds of operationally deployed systems, in all domains – “From Space to Mud”™. With solutions based upon modern, proven technology designed to capitalize on dynamic service-oriented constructs, ISS delivers innovative C2, ISR, Intelligence, and cyber solutions that work today and in the future. http://www.issinc.com.
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 7
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
CYBERSPACE – BIG PICTURE
Cyber-Attack Just a Click Away working to develop cyber capabilities. Russia BY: LEE HAMILTON, INDYSTAR.COM has proposed an international cyber treaty, 08/24/2009 although the article points out that an This article discusses several recent cyber international treaty would require each nation attacks – what President Barack Obama has to state that they can keep their citizens from called one of America’s “most serious economic being involved in cyber attacks. The United and national security challenges.” The Defense States has called for better collaboration with Department, for example, recorded 37,000 international law enforcement which could attempted breaches of private and government counter cybercrime, although it would not stop computer systems in 2007, as well as an state-sponsored cyber operations. additional 80,000 attacks on Pentagon systems. http://www.worldpoliticsreview.com/article.as Russia and China are thought to be the two px?id=4194 nation’s with the greatest technical capabilities to launch cyber attacks, although North Korea is Center for Cyberspace Research Awarded a becoming more involved in cyber-warfare. The $2.1 Million Grant article also discusses the difficulty with U.S. AIR FORCE prosecuting cyber crime cases, and also about 08/18/2009 the need for cyber leadership from the White The Center for Cyberspace Research at the Air House. Force Institute of Technology was recently http://www.indystar.com/article/20090824/OPI awarded a renewal grant for $2.1 million to go NION12/908240315/1002/OPINION/Cyber- towards its Scholarship for Service fellowship attack+just+a+click+away program. This program recruits and trains civilians to work in federal, state and local Time to Move Toward a More Secure government cybersecurity positions. The Cyberspace Scholarship for Service program hopes to BY: CHRIS BRONK, WORLD POLITICS REVIEW increase the number of qualified workers who 08/13/2009 are entering cyber operations and cyber This article discusses the need for a cohesive security positions, as well as increase the cybersecurity policy both for the United States capacity of the U.S. higher education enterprise as well as an international agreement that to produce professionals in technological fields. would help to prevent some cyber attacks. The Those who are selected to participate in the article talks about the increase in attacks, and programs earn a master’s degree in cyber the lack of a “fully ratified international treaty operations and must work as a civilian for a on cybercrime.” There is not an international federal, state or local government agency for at definition about what constitutes a cyber act of least two years. war or cyber crime. Other countries are quickly http://www.af.mil/news/story.asp?id=1231637 developing cyber capabilities that could 66 threaten the United States, especially China and Russia. Some even believe that al-Qaida is
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 8
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
Government, Industry Create Threat senior level executives from 20 countries Forum for Power Grid attended the lecture, and discusses his “top five BY: WILLIAM JACKSON, GOVERNMENT COMPUTER take-aways” from the lecture. Coleman says NEWS that the issue of cybersecurity and current 08/11/2009 threat level from cyber attacks is not over- Operators of the nation’s power grid, stated, and even believes that the threat from government regulators and security vendors cyber attacks deserves more aggressive action have worked together to create the Energy from businesses, governments, militaries and Sector Security Consortium (EnergySec) – a law enforcement worldwide. Coleman says that forum for sharing information about threats to foreign relation issues are adding complexity to the energy infrastructure. Seth Bromberger, cyber conflicts, and that international militaries director of EnergySec, says that the new forum need to develop strategies to address cyber will work well, since there is no “competitive warfare as well as operational doctrine for the disadvantage” to sharing information in the cyber environment. Finally, he writes that energy sector. The former way of public private cooperation is crucial to communicating information, the Electricity cybersecurity, and that increased disclosure Sector-Information Sharing and Analysis Center could improve cybersecurity as the amount of (ES-ISAC), made information sharing more classified and sensitive information has led difficult because it was managed by the North some to dismiss publicly-released information American Electric Reliability Corporation, which on cyber attacks and threats. discouraged some from sharing information http://www.defensetech.org/archives/004995. because of the formal relationship between html utilities and regulators. Sharing information is becoming more important with the Employers Crack Down on Social development of the smart grid, and EnergySec Networking, Web Surfing at Work plans to work closely with the ES-ISAC while BY: TIM WILSON, DARK READING providing an alternative channel for information 08/21/2009 sharing “in a less formal environment.” The ScanSafe, which filters more than 1 billion Web group currently has more than 200 members, queries each month, says that 76 percent of and will use a secure Web portal for sharing U.S. companies are now blocking social information and concerns, such as questions networking sites, a 20 percent increase over the about the new Critical Infrastructure Protection past six months. ScanSafe reports that more Standards. companies are blocking social network sites http://gcn.com/Articles/2009/08/11/EnergySec than online shipping, Webmail or sports sites. -data-sharing-coalition.aspx Spencer Parker, director of product management at ScanSafe, explains that social International Perspectives: Cyber Security network sites not only affect productivity and BY: KEVIN COLEMAN, DEFENSE TECH bandwidth, but can also expose businesses to 08/24/2009 malware. Many companies are also increasingly In this article, Kevin Coleman talks about blocking access to sites including travel, attending a lecture on cyber security at restaurants and job hunting sites. Harvard’s Kennedy School of Government http://www.darkreading.com/securityservices/ program for Senior Executives in National and security/client/showArticle.jhtml?articleID=219 International Security. Coleman reports that 80 401053
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 9
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
CYBERSPACE – U.S. GOVERNMENT
Making Cyber-Security a National Priority implementation of any reorganization plan. The BY: CHANDLER HARRIS, GOVERNMENT TECHNOLOGY post has been vacant since William Jeffrey 08/24/2009 resigned two years ago. Former President Defense Secretary Robert Gates recently told George W. Bush never named a replacement CBS News that the United States is constantly and President Barack Obama has yet to under cyber-attacks “all the time, every day” nominate an NIST director. and that there needs to be a new military http://www.govinfosecurity.com/articles.php?a cyber-command that would exclusively focus on rt_id=1720 defending the Pentagon’s networks and developing cyber-warfare capabilities. This Guidelines Aim to Close Gaps in article discusses how President Barack Obama Cybersecurity committed to making cyber-security a national BY: GREGG CARLSTROM, FEDERAL TIMES priority and appointing a cyber-security 08/24/2009 coordinator, but some experts say that he The National Institute of Standards and needs to better outline citizen involvement in Technology has recently released new cyber security. Susan Brenner, professor of law cybersecurity guidelines – the “NIST Special and technology at the University of Dayton Publication 800-53” – to help agencies develop School of Law, says that “civilian participation in their cybersecurity policies by providing cyber-security is absolutely essential because “controls to defend against hackers, worms, the systems that are used in attacks and most viruses and other threats.” These controls are of the systems that are attacked are owned and expected to be used by the entire federal operated by civilians.” The article also discusses government, including the Defense Department how education is essential to cyber-crime and intelligence agencies. Rob Ross, the NIST prevention, especially for building a “national manager in charge of implementing the Federal understanding about appropriate online tools Information Security Management Act, says and behavior.” that the security controls are a first for national http://www.govtech.com/gt/articles/714308 security systems and that the controls will help develop a unified framework for the entire NIST Eyes IT Lab Reorganization federal government. Other experts are BY: ERIC CHABROW, GOVERNMENT INFORMATION concerned because the controls require federal SECURITY agencies to complete a comprehensive risk 08/21/2009 assessment to identify which controls they will In an effort to enhance research on implement, but some such as John Gilligan, a cybersecurity, the National Institute of former chief information officer at the Air Force Standards and Technology is reorganizing its and Energy Department, says that NIST should Information Technology Laboratory. The NIST not assume that all agencies are capable of has not provided details of the reorganization performing an adequate risk assessment. This plan, but said it would neither reduce the publication is the first time that NIST has number of its employees nor involve major prioritized the controls, breaking them into changes in the lab’s core competencies. The three categories by the severity of the threat, absence of an NIST director may delay 110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 10
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
and can be “implemented with varying degrees contained on desktops, servers and other of urgency.” network-based storage devices. http://www.federaltimes.com/index.php?S=42 http://www.databreaches.net/?p=6728 46129 National Defense Network Created to Fight U.S. Pledges $1.2 Billion for Digital Health Cyber Attacks Networks BY: BROCK COOPER, THE CUTTING EDGE BY: BRAD REED, NETWORK WORLD 08/24/2009 08/21/2009 Scientists at DOE’s Argonne National Laboratory The U.S. government has pledged $1.2 billion to have devised a program that allows for Cyber help hospitals and clinicians develop and Security defense systems to communicate when implement systems for digital health records attacked and transmit that information to cyber and information sharing, half of which would go systems at other institutions in the hopes of toward making electronic record systems. Dr. strengthening the overall cyber security posture David Blumenthal, the national coordinator for of the complex. In cyber attacks, every second health IT, said that the grants would “begin the counts and secure sharing of the process of creating a national, private, secure information will assist in strengthening others electronic health information system” to “help against similar attacks. The program has proven doctors and hospitals acquire electronic health to be an important cyber security and records and use them… to improve the health communication tool. of patients and reduce waste and inefficiency.” http://www.thecuttingedgenews.com/index.ph The digital health grants are being funded by p?article=11513 the economic stimulus package passed by Congress earlier this year. Pre-Empting a Digital Pearl Harbor http://www.networkworld.com/news/2009/08 BY: REP. BOBBY BRIGHT, MILITARY INFORMATION 2109-ehealth-grants.html TECHNOLOGY 08/2009 Audit of Dept. of Energy Reveals This article discusses the importance of Unaddressed Problems improving cyber defenses, especially for DATABREACHES.NET avoiding and preventing a “technological 08/18/2009 surprise” comparable to the surprise of the A recent audit of the Department of Energy to Pearl Harbor attack. At a recent House Armed determine whether the department and its Service Committee hearing on “Cyberspace as a contractors adequately safeguard sensitive Warfighting Domain,” the acting director of electronic information revealed that the DARPA Bob Leheny discusses the importance of department has taken a number of steps to “rapid experimentation of new defensive improve protection of PII since prior reports. capabilities” in order to “stay ahead of The review, however, identified opportunities cyberthreat advances.” DARPA reports that one to strengthen the protection of all types of of their main goals is developing secure and sensitive unclassified electronic information and self-forming networks that could help to turn reduce the risk that such data could fall into the “information superiority into combat power.” hands of individuals with malicious intent. Rep. Bobby Bright (D-Ala.) also discusses Additionally, the review revealed that sites advances towards cyber combat power, reviewed were not encrypting sensitive data including the establishment of a cybersecurity
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 11
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
office within the White House, and Gen. Kevin http://www.military-information- Chilton’s plans to establish a “Cyber Command” technology.com/mit-archives/195-mit-2009- within the military by September. volume-13-issue-7/1894-view-from-the- hill.html
U.S. CYBER LEADERSHIP DEBATE
Langevin ‘Concerned and Disappointed’: Jim Langevin (D-R.I.), chair of the House Still No Cybersecurity Czar Cybersecurity Caucus, recently told Federal BY: MAX CACAS, FEDERAL NEWS RADIO News Radio that Hathaway’s resignation will be 08/24/2009 a loss for the Obama administration. Some This article discusses the recent resignation of reports claim that Hathaway decided to leave Melissa Hathaway, and how her resignation her position because of frustration over “underscores the fact that President Obama has infighting within the administration over the yet to name his permanent cybersecurity czar.” cyber-czar position. Langevin says that the
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 12
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
White House is continuing to work on filling the when it comes to establishing federal position, and is trying to make sure to get the cybersecurity leadership. Author Dennis Fisher right person for the job, but also says that he says that the loss of Mischel Kwon, the director wishes the appointment could have happened of US-CERT, to RSA is a “key loss for the Obama sooner. Langevin also explains that Health administration,” but explains that many federal Reform has been a top federal priority lately cybersecurity officials including Kwon and which, in addition with the difficulty of defining Melissa Hathaway are frustrated with the lack the duties and role of the new cybersecurity of authority they are given and the number of coordinator, has made it more difficult to fill the obstacles they must deal with. The Obama position. administration is also finding it difficult to http://www.federalnewsradio.com/?nid=35&si appoint a federal cyber czar as many d=1746761 cybersecurity professionals do not want to leave a high-paying job in the private-sector for Cybersecurity Resignations Raise “what amounts to a high-pressure temp job.” Questions The article says that those involved in the BY: SHAUN WATERMAN, THE WASHINGTON TIMES search for a cyber czar claim that Obama is 08/13/2009 “taking the search very seriously,” but that “it’s The recent resignations of Melissa Hathaway of time for the talking to end and the action to the National Security Council, and Mischel start.” Kwon of the Department of Homeland Security, http://www.threatpost.com/blogs/obama- have some saying that the Obama failing-cybersecurity-test-112 administration is failing at developing a new, unified cybersecurity strategy as well as Cyber Exits Lamented Coast to Coast appointing a federal cyber czar to coordinate BY: ERIC CHABROW, GOVERNMENT INFORMATION cybersecurity efforts. Rep. Bennie Thompson SECURITY (D-Miss.), chairman of the House Homeland 08/10/2009 Security Committee, says that he is concerned In his blog, California’s state director of about a “loss of momentum on cyber-security” information security Mark Weatherford said and other officials say that the resignations of that U.S.-CERT director Mischel Kwon’s so many cyber officials are “indicative of the resignation is a sign that the “momentum strain on top cybersecurity staff.” Art Coviello, towards a more serious approach to president of RSA, says that two resignations are cybersecurity” is slowing down. Weatherford not necessarily indicative of a broader issue, also writes that he is concerned because and says that President Barack Obama has not President Barack Obama has not appointed a taken an unusual amount of time to appoint a federal cybersecurity coordinator or a senior IT federal cybersecurity coordinator. security adviser as promised following the http://washingtontimes.com/news/2009/aug/1 completion of the 60-day federal cybersecurity 3/key-cybersecurity-staff-quit/ review. Weatherford asks why the federal government is having such a hard time keeping Obama is Failing the Cybersecurity Test cybersecurity leadership and says that reasons BY: DENNIS FISHER, THREATPOST could include a lack of funding and authority or 08/12/2009 unclear expectations for the job. This article discusses the need for President http://blogs.govinfosecurity.com/posts.php?po Barack Obama to take “bold, decisive action” stID=269
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 13
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
Janet Napolitano: The Cyber Czar? Part 2 developing federal cybersecurity policies to the BY: ERIC CHABROW, GOVERNMENT INFORMATION Department of Homeland Security from the SECURITY White House Office of Management and 08/21/2009 Budget. Modifications to U.S. ICE also dropped Blogger Eric Chabrow discusses a previous blog its provision to create a National Office of post in which he said that Homeland Security Cyberspace in the White House. Chabrow writes Secretary Janet Napolitano was currently acting that these changes may indicate that DHS, and as the government’s cybersecurity czar by not the White House, may lead efforts to “championing administration cybersecurity develop federal cybersecurity policies. policy.” Since that blog post, Chabrow explains http://blogs.govinfosecurity.com/posts.php?po that there have been revisions to the U.S. stID=283 Information and Communications Enhancement Act which shifts much responsibility for
CYBERSPACE – DEPARTMENT OF DEFENSE (DOD)
New Flash Drives Arrive on Market for DoD information assurance security requirements. BY: KATHLEEN HICKEY, DEFENSE SYSTEMS One example, the Kanguru Defender Elite, 08/17/2009 boasts “military-grade, 256-bit Advanced Following the Defense Department’s ban of Encryption Standard hardware; antivirus and flash dries and removable media devices, many malware protection; tamper and brute-force companies are developing and releasing more resistance; limited number of invalid login secure devices which will meet the Army’s attempts; physical write-protect switch and is
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 14
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
built to FIPS 140-2 standards.” The new flash attacks with cyberattacks that aim to “cripple drives can also be managed remotely from a the country and weaken it before a physical central location via an encrypted TLS Internet attack.” Foreign governments could be able to communication tunnel. This means that shut down our power grid and fuel pipelines or administrators can delete drives that have been cripple the air traffic control infrastructure lost or stolen; set master passwords or easily if the right protection is not put in place. permissions; and locate drives by IP address or Clawson writes that the average American domain. should understand that there is not currently a http://www.defensesystems.com/Articles/2009 “centralized authority” that can develop /08/17/Flash-drives-DOD.aspx defenses against these attacks, much less develop offensive cyber capabilities. Clawson Collaboration Key to Success in Cyber recommends creating a “fifth arm” of the Operations military that would handle both offensive and BY: SCOTT KNUTESON, U.S. AIR FORCE defensive IT capabilities. 08/25/2009 http://blog.lumension.com/?p=2066 Collaboration emerged as a key theme during the 26th Air Force Information Technology DoD Likely to Adopt Limited Social Conference. Professionals from across the Networking government and private sectors gathered for BY: DOUG BEIZER, DEFENSE SYSTEMS three days to collaborate and share on the 08/21/2009 latest technology and its benefits for the Air Robert Carey, the Navy’s chief information Force and the Department of Defense. officer, says that the Defense Department will Conference attendees had the opportunity to likely deploy social networking tools only on the hear keynote speakers, including Gen. James military domain, while they will be cut off from Cartwright, vice chairman of the Joint Chiefs; the public Internet. Carey also says that DoD Gen. Norton Schwartz, Air Force chief of staff; officials will decide where it is appropriate for Lt. Gen. William Lord, chief of warfighting information on the Nonsecure Internet Protocol integration and chief information officer for the Router Network to be shared with social Air Force; and Lt. Gen. Carroll Pollett, director of networking tools on the public Internet. Carey the Defense Information System Agency and added that reports that the Marine Corps commander, Joint Task Force-Global, Network banned social networking on all of its Operations. computers and networks are false. Whether http://www.af.mil/news/story.asp?id=1231647 and how social networking companies will 71 provide their services for the DoD’s private use has not yet been decided. Breaking Down the Military Fiefdoms by http://defensesystems.com/articles/2009/08/2 Building a ‘Fifth Arm’ to Combat Cyber 0/navy-social-networking.aspx Security BY: PAT CLAWSON, LUMENSION BLOG Signs of Support for DoD 2.0 08/04/2009 BY: J. NICHOLAS HOOVER, INFORMATION WEEK On the Lumension blog, author Pat Clawson 08/12/2009 discusses the need for cybersecurity leadership The Department of Defense has created an within the military. Clawson writes that our online forum to promote discussion about the aggressive adversaries will likely pair all future use of social media by the U.S. military and to
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 15
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
assist in the development of a social networking announced that it has embraced social media as tool for soldiers and their families. Nearly 200 the new way of communicating. Jack Harrison, comments garnered by the site reveal wide the National Guard Bureau’s director of public agreement by soldiers and their families on the affairs and strategic communication, says that value of social media in helping to keep families Gen. Craig McKinley encourages the use of together during long deployments. However, social media for enhancing collaboration, Deputy Defense Secretary William Lynn recently coordination and communication. Harrison also wrote "...with any Internet-based capabilities explained that the National Guard aims to learn there are implementation challenges and how to utilize social media while still being operations risks that must be understood and mindful of their audience, their objective and mitigated.” Defense Department policies. The National http://www.informationweek.com/news/gover Guard is currently active on social media sites nment/policy/showArticle.jhtml?articleID=2192 Facebook, Twitter, Flickr and YouTube. Since 00206 the National Guard opened their social media accounts, first time visits to www.ng.mil have National Guard Embraces Social Media doubled, and public affairs officers believe that BY: STAFF SGT. JIM GREENHILL, DVIDS the increase is due largely to the Guard’s social 08/11/2009 media presence. While the Defense Department is still struggling http://www.dvidshub.net/?script=news/news_s with finding a “balance between the need for how.php&id=37412 operational, information and network security and transparency,” the National Guard has
CISCO Cisco (NASDAQ: CSCO) enables people to make powerful connections-whether in business, education, philanthropy, or creativity. Cisco hardware, software, and service offerings are used to create the Internet solutions that make networks possible-providing easy access to information anywhere, at any time. Cisco was founded in 1984 by a small group of computer scientists from Stanford University. Since the company's inception, Cisco engineers have been leaders in the development of Internet Protocol (IP)-based networking technologies. Today, with more than 65,225 employees worldwide, this tradition of innovation continues with industry-leading products and solutions in the company's core development areas of routing and switching, as well as in advanced technologies such as: Application Networking, Data Center, Digital Media, Radio over IP, Mobility, Security, Storage Networking, TelePresence, Unified Communications, Video and Virtualization. For additional information: www.cisco.com
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 16
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
Butler Tapped for Cyber/Space Policy Slot focus on network defense and online warfare. BY: BOB BREWIN, NEXTGOV The Air Force has now announced a new, 08/11/2009 “greatly reduced cyber-warfare organization,” The Defense Department has announced the the 24th Air Force at Lackland Air Force Base in appointment of Robert Butler as the new Texas, which will work to provide “combat- deputy assistant secretary of defense for cyber ready forces trained and equipped to conduct and space policy. Butler previously ran sustained cyber operations, fully integrated Computer Science Corp’s military intelligence in with air and space operations.” The new San Antonio, Texas, and has extensive Numbered Air Force will defend Air Force experience from his career with the Air Force, networks from intrusion and protect networks where he served as the associate director of the in war zones, although there has not been any Joint Information’s Warfare Command at mention of an offensive component. The 24th Lackland Air Force Base. The cyber and space will also oversee network training for recruits policy job was created in the Defense and officer candidates. Department’s re-organization last month, and is http://www.wired.com/dangerroom/2009/08/a part of the Under Secretary of Defense for ir-force-establishes-new-reduced-cyber-war- Policy shop. command/ http://whatsbrewin.nextgov.com/2009/08/butl er_tapped_for_cyberspace_p.php Leaders Issue Joint Message, Define Cyber Mission 24th Air Force Activated, 2 Units Realign in U.S. AIR FORCE Joint Ceremony 08/21/2009 U.S. AIR FORCE In a joint Letter to airmen, Air Force Secretary 08/18/2009 Michael B. Donley and Air Force Chief of Staff Air Force officials recently activated the newest Gen. Norton Schwartz “focus on the alignment Numbered Air Force in a joint ceremony at of the service’s cyberspace mission.” The letter Lackland Air Force Base in San Antonio, Texas, said that the Air Force aims to “provide a full Aug. 18. The activation of the 24th Air Force is a spectrum of cyberspace capabilities to joint “major milestone in the combination of space force commanders whenever and wherever and cyberspace operations within one needed.” Air Force top leaders recently outlined command.” Maj. Gen. Richard Webber will be the mission responsibilities for the new 24th Air the first commander of the Numbered Air Force Force, which will be the service component for that will be dedicated to cyberspace operations the Department of Defense’s U.S. Cyber and will provide combat-ready forced trained to Command to enable cyberspace operations. conduct sustained cyber operations. http://www.af.mil/news/story.asp?id=1231643 http://www.af.mil/news/story.asp?id=1231638 88 31 Northrop Grumman’s Cybersecurity Team Air Force Establishes New, ‘Reduced’ Receives Army Information Operations Cyber-War Command Award Potentially Worth $430 Million BY: DAVID AXE, WIRED.COM DANGER ROOM GLOBE NEWSWIRE 08/18/2009 08/24/2009 Last year, the Air Force suspended its plans to A contract awarded by the Army's Intelligence set up a new “Cyber Command” that would and Security Command at Fort Belvoir, Va., will
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 17
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
allow Northrop Grumman Corporation to http://whatsbrewin.nextgov.com/2009/08/the_ continue providing full spectrum information three_star_navy_cyber_comm.php?oref=latest operations and computer networks operations _posts to the 1st Information Operations Command and its regional Computer Emergency Response Navy CIO Says Cybersecurity is an Urgent Teams. The single award is valued at $430 National Issue million over five years if all options are BY: AMBER CORRIN, FEDERAL COMPUTER WEEK exercised. 08/12/2009 http://www.globenewswire.com/newsroom/ne In a recent Virtual FOSE keynote presentation, ws.html?d=171908 Navy Chief Information Officer Robert Carey said that the United States must improve The Three-Star Navy Cyber Command cybersecurity and protection for critical BY: BOB BREWIN, NEXTGOV.COM infrastructure from exploitation, disruption and 08/24/2009 destruction. Carey believes that a new model The Chief of Naval Operations will sign off on for secure data-sharing is needed for the Navy the creation of a new Fleet Cyber Command by and other organizations to “continue successful the end of August, reports Bob Brewin. Further, operations” and utilize the “network as a it will have a three-star boss while the Air Force command and control system.” Carey says that and Army cyberwar outfits only have two-star investment in cybersecurity is necessary for commanders. This will result in the Navy having meeting the data-sharing needs of the U.S. two three-star cyber admirals, as the Naval military, and that there needs to be greater Network Warfare Command headquartered at understanding of cybersecurity to help the the Naval Amphibious Base in Little Creek, Va., military better allocate their resources. is headed by Vice Adm. Denby Starling II. http://fcw.com/articles/2009/08/12/fose-don- cio-talks-cybersecurity.aspx
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 18
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
CYBERSPACE – DEPARTMENT OF HOMELAND SECURITY (DHS)
Agencies Struggling Over Control of National Cyber Security Center (NCSC) and six Cybersecurity Overblown, say DHS Officials other federal cybersecurity centers will use the BY: JILL R. AITORO, NEXTGOV wiki as a collaboration tool and to develop 08/12/2009 improved situation awareness, communication Phil Reitinger, deputy undersecretary for the and information sharing. DHS spokeswoman National Protection and Programs Directorate, Amy Kudwa says that the new wiki will provide says that although there are some arguments near-real-time information sharing and among agencies involved in cybersecurity collaboration on cybersecurity incidents and efforts, the level of collaboration and joint work can also serve as a repository of technical is “amazing.” Recent reports claim that there is information. a lot of tension over who should manage the http://gcn.com/articles/2009/08/17/web- federal government’s overall cybersecurity cyber-ops-wiki.aspx efforts, especially between DHS and the National Security Agency. Bruce McConnell, an DHS Plans Cybersecurity Wiki advisor to Reitinger on strategic and policy BY: BEN BAIN, FEDERAL COMPUTER WEEK matters, explains that many people do not 08/13/2009 understand the complexity of the cybersecurity The Homeland Security Department plans to mission, which allows for different agencies to develop a collaboration tool that will help take on different cyber efforts. The article also agencies and cybersecurity centers coordinate discusses DHS’ efforts to recruit and keep efforts and develop improved situational workers with “significant expertise and real awareness, communication and information commitment and passion around the area of sharing, DHS said in a notice published Aug. 11 cyber,” which would also improve the cyber on the Federal Business Opportunities Web site. mission over time. The new cyber operations wiki “will provide a http://www.nextgov.com/nextgov/ng_2009081 capability for near-real-time information 2_8505.php sharing and collaboration on cyber security incidents, as well as be a repository of technical DHS Plans Wiki for Agencies, Cybersecurity information," Amy Kudwa, a DHS spokeswoman Centers to Coordinate Efforts said. DHS intends to negotiate and award a BY: BEN BAIN, GOVERNMENT COMPUTER NEWS sole-source contract with a company named 08/17/2009 WiiKnoInc, based in Austin, Texas, to work on The Homeland Security Department has the project. announced that it is developing a “cyber ops http://fcw.com/articles/2009/08/13/web- wiki” for agencies that will improve cyber-ops-wiki.aspx collaboration on cybersecurity efforts. DHS’
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 19
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
CYBERSPACE – INTERNATIONAL
Waging War on Gangsters Who Stalk the The Twitter Fiasco: A Bungled Caper by Internet Russian Intelligence BY: CIARA O’BRIEN, IRISH TIMES BY: JOE RIBAKOFF, THE EXAMINER 08/21/2009 08/12/2009 There have been an increasing number of This article discusses the attempts by Russian attacks involving Russian hackers in recent hackers to silence pro-Georgian blogger, weeks. Most recently, Albert Gonzalez, a former Cyxymu. The blogger, an ethnic Georgian, is a U.S. government informant was accused of refugee from Sukhumi and was forced to flee stealing 130 million credit and debit card along with 250,000 other Georgians because of numbers. IT security expert Andy Harbison has ethnic cleansing. The blogger first began warned that attacks, such as the one Gonzales speaking out against Russian aggression on is accused of, may become increasingly LiveJournal, but his account was quickly shut frequent. Harbison, a director and IT forensic down due to attacks and pressure from Russian specialist, said Russia has a formidable intelligence. After his second blog on reputation in the hacking field although there is Wordpress was shut down because of Russian no evidence recently that there is any pressure, Cyxymu moved to Twitter, Google connection to the country’s government. Blog and YouTube, and also started a second http://www.irishtimes.com/newspaper/finance account on LiveJournal. Cyxymu posted a /2009/0821/1224253016024.html timeline of the Russian invasion last week on the anniversary of the war between Russia and Citizen Soldiers Wage Cyberwar Georgia, causing Russian hackers to attack and BY: COLIN CLARK, DOD BUZZ shut down the Twitter Web site. 08/21/2009 http://www.examiner.com/x-15391-LA- A recent report from the U.S. Cyber Eurasian-Affairs-Examiner~y2009m8d12-The- Consequences Unit found that citizens became Twitter-fiasco-A-bungled-caper-by-Russian- “cyber warriors” when Russia began attacking intelligence Georgia last year. The attacks were reportedly carried out by civilians without much direct Georgian Blogger Says Will Not Be Silenced involvement by the Russian government or THE NEW YORK TIMES military, and Ukrainian and Latvian citizens also 08/12/2009 participated. The article includes a piece from Georgy Jakhaia, the 34-year old economics Aviation Week & Space Technology that says professor better known as pro-Georgian hacker that hackers collaborated on Twitter, Facebook Cyxymu, says that he will not be silenced by and other social networking sites to coordinate Russian hackers that attacked Twitter, Facebook attacks on Georgian digital-based targets. The and LiveJournal in an attempt to stop him from paper said that the cyberattack was well blogging. The attack first started on the first coordinated with the actions of Russian troops anniversary of the five-day war between Russia on the ground, and the “sophisticated planning and Georgia. Georgy says that he is thankful for at different levels of cyberwarfare” was the media attention since the attacks because surprising to the U.S. Defense Department. he will be able to make “some positive PR for http://www.dodbuzz.com/2009/08/21/citizens- Georgia” and he also plans on making an soldiers-wage-cyberwar/ English-language blog. The DDoS attacks were 110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 20
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
able to shut Twitter down, and also caused allowing citizens living in China, Vietnam, Iran delays for Facebook users. and other countries to bypass government- http://www.nytimes.com/reuters/2009/08/12/ regulated Internet censorship. The system, technology/tech-us-georgia- called “feed over e-mail” (FOE), will be tested in blogger.html?_r=2&partner=rss&emc=rss China and Iran during its next phase of testing. The announcement about FOE comes just as U.S. Tests Censorship Circumvention Tool; Internet censorship seems to be all over the Chinese Shrug news—China and Malaysia recently scaled back BY: JACQUI CHENG, ARS TECHNICA their plans to mandate more filtering, while 08/17/2009 Vietnam added an additional layer. A U.S.-based agency, Broadcasting Board of http://arstechnica.com/web/news/2009/08/us- Governors, recently announced it is working on tests-censorship-circumvention-tool-chinese- a new system that would use e-mail to carry shrug.ars encrypted data to and from the recipient,
China Scales Back Censorship Plans and public Internet cafes, but will not be BY: JOHN OATES, THE REGISTER required on individual PCs. Yizhong also said 08/13/2009 that the filtering software was only meant for China’s minister of industry, information and blocking violent and pornographic content and technology Li Yizhong recently announced that protecting children on the Internet, and calls the controversial Green Dam Filtering software claims that the Chinese government would use will now be included on all computers in schools the software to spy on users “irresponsible and 110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 21
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
not in line with reality.” In addition to blocking appropriately to any potential dangers, not a violent and pornographic sites, the software bunch of amateurs." reportedly also blocked access to sites relating http://www.networkworld.com/newsletters/se to Tibetan self-government and Falun Gong. c/2009/081009sec2.html http://www.theregister.co.uk/2009/08/13/chin a_green_dam_voluntary/ Management Plan Drawn for Meeting Crisis Out of Cyber Attacks British Government Puts a Foot in It BY: NOOR KHAN, SAMAY LIVE BY: M.E. KABAY, NETWORK WORLD 08/19/2009 08/12/2009 Dr. R. Chidambaram, principal scientific adviser The British government's recent announcement to the Australian government, says that the that it is planning to recruit "clever young Centre has developed a new management plan people" to fight cyberwars has caused quite a for dealing with cyber attacks. The plan has stir and is causing some to question why been given to all Ministries and Departments as amateurs would be considered over well as state government, Chidambaram professionally-trained security experts. Rob announced in his inaugural address at the Indo- Cotton, writing in ComputerWeekly.com, U.S. Science and Technology forum workshop recently wrote “I am sure that some hackers are on “Cyber Security – Challenges and Response.” skilled in breaking through government The Australian government will also look at defenses but this doesn’t automatically equate setting up centres that will develop and certify to the same level of skill the other way round. It critical IT hardware components. might sound boring but a national cyber http://www.samaylive.com/news/management security outfit should be made up of -plan-drawn-for-meeting-crisis-out-of-cyber- professionals who spend their days researching attacks/648717.html and dealing with real threats and can respond
CYBERSPACE RESEARCH
Botmaster: It’s All About Infecting, Selling The researchers report that some botmasters Big Batches of Bots only sell infected machines and do not BY: KELLY JACKSON HIGGINS, DARK READING personally exploit vulnerabilities that are found 08/20/2009 on infected machines. The researchers also say Cisco researchers recently went undercover and that botmasters use botnet forums that offer were able to communicate with an actual discussions, source code, botnet supplies, botmaster who controlled a botnet that packers, password lists and password stealers. infected dozens of machines at a Cisco A report from the researchers concluded that customer site. The botmaster said that his job anyone with basic computer experience could was to compromise machines and then sell run a botnet, and that it is not necessary to them in bulk, and that he makes between 10 understand code or networking. cents and 25 cents for infected machines that http://www.darkreading.com/security/client/sh he sells. The Cisco researchers say that they owArticle.jhtml?articleID=219400902 were able to receive a lot of valuable information from their undercover operation. 110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 22
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
Millions of E-mail Viruses Bypass Major driven identify theft criminals were targeting e- Anti-Virus Engines commerce Web sites.” SECURITY PARK http://www.redorbit.com/news/technology/17 08/19/2009 39118/social_sites_being_targeted_more_by_c Several malware outbreaks have caused a spike riminals/index.html?source=r_technology in malware that was not detected by major anti-virus engines, according to the Internet Botnets Go Public By Tweeting on Twitter Threat Trends Report from Commtouch. The TECHNOLOGY REVIEW quarterly trend report analyzed more than 2 08/17/2009 billion e-mail messages and Internet This article discusses how botnet operators are transactions in the company’s cloud-based using the Twitter social networking service to global detection centers. The report also found tweet updates and “push their command-and- that spammers and malware distributers are control channels back into the public eye.” Jose using current events, like the Swine Flu Nazario, manager of security research for Arbor outbreak or the death of Michael Jackson, to Networks, says that some botmasters are using spread their infected messages. “Business” was the blogging service to communicate with their the site category found to be most infected compromised computers. Nazario also warns with malware, and 376,000 zombies are newly that the operators are posting scrambled status activated on an average day for the purpose of updates on the site, which are actually links to a malicious activity. The report goes on to say malicious software update where a compressed that spam levels average 80 percent of all e- file is downloaded onto the victims’ machines. mail traffic through the quarter, and malware The article also says that because shortened distributers are introducing new malware URLs are common on Twitter, some services will variants that are immune to generic signatures have trouble scanning the destination of every that help anti-virus engines detect malware. link, making it more difficult to defend against http://www.securitypark.co.uk/security_article the use of Twitter as a communication medium 263492.html for botnets. http://www.technologyreview.com/blog/unsaf Social Sites Being Targeted More by ebits/23991/ Criminals RED ORBIT Criminals Increase Attacks on Social 08/18/2009 Networking Sites Ryan Barnett, director of application security SECURITY PARK research for Breach Security says that any Web 08/14/2009 site with a large user following, such as social The Sophos Security Threat Report examines networking sites, is attracting hackers. One existing and emerging security trends and has social network, Facebook, now has more than identified that criminals have increased the 250 million members. According to the Web focus of attacks on social networking sites. The Hacking Incidents Database Bi-Annual Report, firm's new research reveals that IT teams are social networking was the most popular worried that employees share too much “vertical market” for hackers over the first six personal information via social networking months of this year. Barnett explains that the sites, putting their corporate infrastructure – same reports from 2007 and 2008 show “profit- and the sensitive data stored on it – at risk. The findings also indicate that many organizations
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 23
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
have been exposed to malware attacks via sites that could hook a victim browser using a Web such as Twitter, Facebook, LinkedIn and browser hacking framework that allows the MySpace. hackers to exploit and remote control Web http://www.securitypark.co.uk/security_article browsers. 263453.html http://www.darkreading.com/blog/archives/20 09/08/social_zombies.html Survey: Social Networks Increasingly Blocked Insider Risk Problem Revealed BY: CHUCK MILLER, SC MAGAZINE BY: MAGGIE SHIELS, BBC NEWS 08/19/2009 08/25/2009 According to a new survey from ScanSafe, there A recent survey by security vendor RSA included has been a 20 percent increase in the number more than 400 firms from the United States, of companies that are blocking access to social United Kingdom, France and Germany and networking sites over the past six months. A found that the majority of corporate data total of 76 percent of companies are now breaches are caused by employees blocking social networking services. Mark unintentionally. Although 52 percent of data Guntrip, senior product marketing manager at breaches are unintentional, the survey also ScanSafe, says that the study involved more found that 19 percent of corporate data than 1 billion web requests processed by the breaches are deliberately caused by “malicious company, and that access is changing with the insiders.” The study by RSA and IT analysts IDC trends of Web usage. Companies are worried considered 11 categories of risk including about social networking sites’ effect on malware, spyware, excessive access to systems productivity, although Gruntrip points out that and unintentional data loss, as well as malicious social networking could help some companies acts for personal gain. The survey said that data in some areas, such as enhancing customer breaches cost companies money through recognition. “regulatory actions, failed audits, litigation, http://www.scmagazineus.com/Survey-Social- public ridicule and competitive fallout,” and the networks-increasingly-blocked/article/146833/ Ponemon Institute says that the expenses from data breaches continues to increase by 38 Social Zombies Out for Your Network, Not percent between 2004 and 2008. Brains http://news.bbc.co.uk/2/hi/technology/821546 BY: JOHN SAWYER, DARK READING 7.stm 08/10/2009 This article summarizes the “Social Zombies” Virus Arms Race Primes Malware Numbers talk from the DEFCON17 conference by Kevin Surge Johnson, a senior security analyst at BY: JOHN LEYDEN, THE REGISTER InGuardians, and Tom Eston of spylogic.net. The 08/13/2009 researchers talked about how hackers can use Security firm Panda Security detects social networking sites to gather information approximately 37,000 new viruses, worms, for password attacks or set up fake malicious Trojans and other threats per day, and recently accounts. The talk also discussed how hackers completed a study which found that 52 percent are using social networking sites as command of all new malware strains last for 24 hours or and control channels for attacks. Johnson also less. The study suggests that the short-lived showed a Facebook app that he had created variants aim to overload security firms so that
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 24
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
more dangerous malware strains can stay Laboratories’ Thunderbird supercomputer. This undetected for longer. Panda Security explains project will monitor and help to better that it is common for virus writers to review understand how botnets operate. Researchers detection rates and change their viral code after have difficulty studying botnets “in the wild” 24 hours. Security vendors including Panda because botnets can include thousands to Security, Trend and McAfee are adopting cloud- millions of machines that are geographically based architectures to help with the problem of dispersed. The researchers say that they also increasing malware production rates. hope to gain a better understanding of how http://www.theregister.co.uk/2009/08/13/mal large systems work in general. Minnich explains ware_arms_race/ that supercomputers that contain such large numbers of CPUs must include a “highly Sandia to Boot Behemoth Botnet automated self-maintaining system” and that BY: JOAB JACKSON, GOVERNMENT COMPUTER this research will help with developing future NEWS supercomputers which will have 100 million 08/10/2009 CPUs or more. Beginning in October, researchers Ron Minnich http://gcn.com/Articles/2009/08/10/Sandia- and Don Rudish will run 1 million virtual Botnet.aspx?Page=1 machines that include botnet client software on the Energy Department’s Sandia National
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 25
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
CYBERSPACE HACKS AND ATTACKS
Attacks on U.S., Korean Web Sites Leave a including the U.S. Secret Service, the Federal Winding Trail Trade Commission and the South Korean BY: JEREMY KIRK, NETWORK WORLD Defense Ministry. Pescatore explains that the 08/11/2009 attack was not sophisticated, and that the Security experts say that the DDoS attacks hacker used a form of malicious code that is against Web sites in South Korea and the United more than five years old. Jose Nazario, manager States last month had a few “interesting of security research with Arbor Networks, says characteristics,” and many experts disagree that the attacks were not large enough to about the skill level of the hackers. The botnet cripple sites such as Yahoo, CNN or other includes approximately 180,000 computers and business and public sector organizations’ sites, was reportedly located almost entirely in South which indicates that the July attacks could have Korea. Experts explain that most large-size been avoided had the agencies safeguarded botnets are rarely so localized, and wonder how themselves properly. the hackers were able to infect such a large http://esj.com/articles/2009/08/04/ddos- number of computers in South Korea. Analysts contained.aspx have also said that the victim PCs were infected with a version of MyDoom that appears to be Denial-of-Service Attacks Hard to Kill “amateurish.” The article also discusses how BY: KELLY JACKSON HIGGINS, DARK READING law enforcement can find the IP addresses of 08/10/2009 the criminals, but cannot determine a The distributed denial-of-service attacks last machine’s precise location or who was carrying week against Twitter, Facebook and LiveJournal out the attack. Max Becker, CTO of Ultrascan were only a few of the 770 different DDoS Knowledge Process Outsourcing, says that attacks on the Web Aug. 6. Jose Nazario, following IP addresses usually does not help manager of security research for Arbor find criminals. Becker recommends looking for Networks, says that DDoS attacks are not financial transactions that are usually a part of usually sophisticated or stealthy, and DDoS attacks, and following the money back to researchers say that DDoS attacks have not the criminals. changed much in the past couple of years. Large http://www.networkworld.com/news/2009/08 botnets that include 100,000 to 300,000 1109-attacks-on-us-korea-web.html machines are usually used for spamming and malware campaigns, and experts say that a July DDoS Damage Could Have Been DDoS attack with a botnet that large could Contained cause significantly more damage than the BY: STEPHEN SWOYER, ENTERPRISE SYSTEMS hundreds of smaller daily DDoS attacks. 08/04/2009 Researchers say that typical DDoS attacks are Gartner Inc. analyst John Pescatore says that only meant to disrupt service to a site usually the DDoS attacks in July against U.S. and South for protest purposes or extortion, and experts Korean Web sites were similar to the hundreds believe that DDoS attacks aren’t going away and of daily DDoS attacks on the Web, except that that most sites can’t protect themselves from the sites targeted included prominent agencies them. in the United States and South Korea that had http://www.darkreading.com/security/perimet not taken measures to protect themselves, er/showArticle.jhtml?articleID=219100668 110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 26
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
Twitter’s Biz Stone: Lessons Learned from KRvW Associates LLC says that Twitter is Crippling DDoS Attack strengthening its defenses through “bigger and BY: SHARON GAUDIN, COMPUTERWORLD faster network pipes, redundant geographic 08/13/2009 data centers, load balancing and other massive In an interview, Twitter co-founder Biz Stone undertakings,” and that these changes take talks about the lessons learned from recent time. Van Wyk also explains that Twitter has DDoS attacks that shut the site down for two grown extremely quickly, and that the site may hours. Stone says that Twitter was struggling in not have included adequate DDoS protection in 2008 just to deal with the site’s quickly their start-ups. increasing popularity, and that they need to http://www.computerworld.com/s/article/9136 focus now on making sure the site is stable and 600/Twitter_withstands_second_DDoS_attack_ able to withstand attacks in the future. Stone in_a_week also says that Twitter is working with Google and other companies to figure out how to best Forensic Analysis Reveals Twitter Attack deal with attacks. The article goes on to discuss Details Stone’s future plans for Twitter and how TECHNOLOGY REVIEW businesses can utilize the site. 08/11/2009 http://www.computerworld.com/s/article/9136 Although some experts claim that the recent 609/Twitter_s_Biz_Stone_Lessons_learned_fro attack that took down social networking site m_crippling_DDoS_attack Twitter was because of a “widely distributed e- mail containing links” to a Georgian blogger’s Twitter Withstands Second DDoS Attack in profile, networking services vendor Arbor a Week Networks says that the DDoS attack could not BY: SHARON GAUDIN, COMPUTERWORLD have been from spam traffic alone. Arbor 08/12/2009 Networks claims that the attack traffic included Twitter was attacked again Aug. 11, but the SYN floods and UDP floods, two common types most recent attacks only shut Twitter down for of packet floods in DDOS attacks. The article about 30 minutes – 90 minutes less than the explains that Twitter saw a decrease in traffic week before. Security experts are not sure yet if during the attacks, but if the attacks had been the most recent distributed denial of service caused by links from an e-mail message, Twitter attacks on Twitter were related to the first should have seen an increase in traffic. attack, which many believe were aimed at pro- http://www.technologyreview.com/blog/unsaf Georgian blogger, Cyxymu. Ken van Wyk, ebits/23967/?a=f principal consultant at security consultancy High Tech Problem Solvers www.gtri.gatech.edu From accredited DoD enterprise systems to exploits for heterogeneous networks, GTRI is on the cutting edge of cyberspace technology. Transferring knowledge from research activities with the Georgia Tech Information Security Center, GTRI is able to bring together the best technologies, finding real-world solutions for complex problems facing government and industry.
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 27
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
The Fake Facebook Friend: ‘Please Help viruses, which can give the criminals access to Me’ the companies’ passwords and account BY: SUZANNE CHONEY, MSNBC information. 08/12/2009 http://www.washingtonpost.com/wp- This article discusses how phishing attacks are dyn/content/article/2009/08/24/AR200908240 becoming more popular on the Facebook social 2272.html?wprss=rss_technology network site. In these attacks, hackers gain access to Facebook accounts, lock out the real 57,000 Web sites Compromised in Mass user and then send messages to the victim’s Attack, ScanSafe Reports friends, asking for help or money. Experts say BY: BRIAN PRINCE, EWEEK.COM that these attacks usually work well because 08/24/2009 users believe that messages come from the real Security firm ScanSafe has uncovered a person since they know them. Facebook has campaign that has compromised Web sites in a offered some security suggestions for its users bid to dump gallons of malware on users’ which include keeping Web browsers updated, computers. The compromise impacted 57,000 using a different password than for other sites, legitimate sites and was installed silently during making a complex password, and running a visit to an infected Web page. It is currently antivirus software. Facebook has also released directed at Windows PCs only. According to information about a new scam where Facebook ScanSafe, the sites are being infected with a users receive an e-mail with attachments that malicious iFrame via SQL injection. The iFrame request financial information. Facebook warns loads what ScanSafe Senior Security Researcher users that those e-mails are fake and should not Mary Landesman described as a “potent Trojan be opened. cocktail consisting of backdoors, password http://www.msnbc.msn.com/id/32380454/ns/t stealers and downloader” on the compromised echnology_and_science-security/ Web pages. http://www.eweek.com/c/a/Security/57000- European Cyber-Gangs Target Small U.S. Web-sites-Compromised-in-Mass-Attack- Firms, Group Says ScanSafe-Reports-864534/ BY: BRIAN KREBS, THE WASHINGTON POST 08/25/2009 Could Google be Tricked Into Talking to A recent alert from a task force representing Botnets? the financial industry warns about cyber-gangs BY: KATHLEEN LAU, COMPUTERWORLD in Eastern Europe that are increasingly targeting 08/21/2009 small and mid-size companies in the United Security expert Vaclav Vincalek, president of States, leading to an increase in fund transfer Pacific Coast Information Systems Ltd., says that fraud. The alert was sent to members of the cybercriminals could use search engines such as Financial Services Information Sharing and Google to spread malicious code each time a Analysis Center which shares information with specific keyword is searched for. Vincalek the financial sector and is operated by financial explains that the search engine would not only firms such as American Express, Bank of serve a part in infected machines for botnets, America and Citigroup. The advisory explains they could also transport code or instructions to that most of the frauds involve an e-mail sent to the botnet. Symantec Corp. recently identified the small or mid-size companies’ controller or the malware Downloader.Sninfs that actually treasurer that contains attachments or links to uses micro-blogging tool Twitter as a command-
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 28
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
and-control structure to distribute malware and account security at Dwelling House for years. In steal passwords through a phishing site. The late 2008, federal auditors discovered that attacks did not actually use Twitter, but instead around $3 million had been electronically used the site to communicate with the botnet drained from the S&L’s capital account, about controllers, which means that the malware had 22 percent of the S&L’s deposit assets. The bank already been executed on people’ PCs. claims that cyber criminals were behind the http://www.networkworld.com/news/2009/08 heist, and used electronic bank transfers to 2109-could-google-be-tricked- remove money from the Dwelling House into.html?hpg1=bn account. Kevin Coleman writes that this could be just one example in the growing trend of Are Software Houses Infecting Their cyber bank heists. Customers http://www.defensetech.org/archives/004983. BY: TIM WILSON, DARK READING html 08/19/2009 Researchers at security vendor Sophos report Hackers and Malware Developers are that a new virus – W32/Induc-A – could infect Turning Their Attentions to the software before it has even been distributed. Smartphone The virus is able to inject itself into the source SECURITY PARK code of Delphi programs that it finds on an 08/12/2009 infected computer, and then compiles itself into The Symbian Foundation has said that it has a finished executable. Sophos explains that any allowed a botnet-building Trojan past its digital computer running programs written in Delphi is signing procedures, a “serious failure in the at risk. SophosLabs also says that they have foundation’s audit procedures.” Fortify received enough unique infected samples to Software says that problems with mobile phone suggest that the malware has been active for security could get worse since their processing some time, and that a “number of software capability is increasing so rapidly. Richard Kirk house specializing in Delphi apps must have of Fortify Software explains that the power of been affected.” smart phones is increasing exponentially, but http://www.darkreading.com/security/antivirus that the technology and security practices /showArticle.jhtml?articleID=219400679 behind smart phones is not close to that on desktop/laptop platforms. Hackers can gain Cyber Heist Crushes Bank access to home and corporate networks BY: KEVIN COLEMAN, DEFENSE TECH through smart phones that constantly switch 08/17/2009 between GSM, 3G and WiFi connections. Dwelling House Savings and Loan was shut http://www.securitypark.co.uk/security_article down by federal regulators earlier this month 263445.html who say that they have been concerned about
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 29
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
CYBERSPACE TACTICS AND DEFENSE
Microsoft Working to Eliminate Internet IT Regulation Will Weed out Bad Anonymity Technology BY: JABULANI LEFFALL, GOVERNMENT COMPUTER BY: RICHARD HUNTER, COMPUTERWEEKLY NEWS 08/13/2009 08/19/2009 In mid-2006, Gartner predicted that This article discusses a new anti-hacking catastrophe resulting from IT failure, or an concept introduced by Microsoft researchers ongoing history of lower-level failures, would that could track hackers or malicious content to provoke governmental or industry self- origin servers. The Host Tracker Program will regulation of IT products and services. The help to “de-anonymize the Internet by predictions are proving to be correct, as in identifying host servers with 99 percent recent months the early indicators for IT accuracy. The researchers hope that their new regulation have increased. Suppliers of user IT program will help with defending against organizations that make software with potential “server-bound online attacks, spam campaigns, to harm public health, welfare or finances will adware and other malware that is dependent likely be required to specify known limitations on HTML code to execute.” This article also and recommended uses of their products and provides a link to the PDF of the study. services in detailed, accurate terms. http://gcn.com/articles/2009/08/19/microsoft- http://www.computerweekly.com/Articles/200 internet-anonymity.aspx 9/08/13/237321/it-regulation-will-weed-out- bad-technology.htm IEEE Program Brings Security Vendors Together Microsoft Team Traces Malicious Users BY: ELLEN MESSMER, NETWORK WORLD BY: ROBERT LEMOS, TECHNOLOGY REVIEW 08/17/2009 08/13/2009 Jim Wendorf, a technology standards consultant Three researchers from Microsoft’s research for IEEE, discusses the group’s new Industry center in Mountain View, Calif., will present at Connections Program, which aims to “bring the upcoming SIGCOMM 2009 conference in together security vendors to collaborate on Barcelona, Spain. The researchers will discuss a early-stage technologies in a fast and effective new software tool that could identify machines manner.” The IEEE program will rely on virtual responsible for malicious activity, even if the meetings attended by registered participants host’s IP address changes frequently. One and could result in the development of new member of the team, Yinglian Xie, says that standards. Jeff Green, senior vice president at Microsoft is not interested in tracking those McAfee’s Avert Labs division, says that McAfee who are identified through the new technology, is one of several security firms that will but rather identify who is involved with a participate in the program. Green explains that particular host. The prototype system, called anti-malware vendors currently share huge HostTracker, should help with defending against amounts of virus samples; this has helped the online attacks and spam campaigns. The industry approve malware detection, but also researchers were able to trace the origin of e- takes a lot of time. mail messages by reconstructing relationships http://www.networkworld.com/news/2009/08 between account IDs and hosts from which the 1709-ieee-connections-program.html users connected to an e-mail service. The 110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 30
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
software is also able to automatically blacklist distributed denial-of-service attacks and spam traffic from a specific host. Gunter Ollmann, campaigns. vice president of research and development at http://www.technologyreview.com/computing/ Damballa, says that the new sotware could 23224/?a=f refine the current way of defending against
CYBERSPACE - LEGAL
Health Care Breach Notification Mandated more efficient and improving the quality of BY: ANGELA MOSCARITOLO, SC MAGAZINE medical care, but also acknowledges the 08/21/2009 security and privacy concerns that stem from The American Recovery and Reinvestment Act the move to digital health care records. of 2009, signed into law by President Barack http://www.scmagazineus.com/Health-care- Obama in February, now requires health care breach-notification-mandated/article/146976/ organizations and entities that interact with personal health records to issue notifications Three Indicted for Hack Attacks on following a data breach. A new rule from the Heartland, Hannaford U.S. Department of Health and Human Services BY: SHARON GAUDIN, COMPUTERWORLD (HHS) also requires health care organizations to 08/17/2009 notify individuals whose information has been A Miami man and two Russians have been breached, but only when the breach has indicted by a grand jury in New Jersey on affected more than 500 individuals. A separate charges of conspiring to commit some of the rule from the Federal Trade Commission largest data breaches in U.S. history. Each of the requires Web-based businesses that collect three criminals faces up to 35 years in federal consumers’ health information to issue prison and a fine of $1.25 million. The data notifications when a breach occurs. HHS breach conspiracy led to the theft of 130 million Secretary Kathleen Sebelius has said that credit and debit card numbers along with electronic health records are important for personal-identifying information from five reducing medical errors and making health care companies.
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 31
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
http://www.computerworld.com/s/article/9136 comply could result in a sentence of up to five 737/Three_indicted_for_hack_attacks_on_Hear years jail time. Police forces must apply to the tland_Hannaford National Technical Assistance Centre, a part of the Home Office’s Office of Security and Two Convicted for Refusal to Decrypt Data Counter Terrorism, to obtain a Section 49 BY: CHRIS WILLIAMS, THE REGISTER Notice. Sir Christopher Rose reports that 15 08/11/2009 Section 49 Notices were served in the last year, The United Kingdom government’s Chief and that 11 of the individuals served did not Surveillance Commissioner recently announced comply with the notice. Of those 11, seven that two people have been successfully were charged and only two convicted. The 15 prosecuted for refusing to give their encryption Section 49 Notices were for crimes including keys to law enforcement, although the two counter terrorism, child indecency and people were not necessarily suspects in the domestic extremism. cases that were involved. The power to force http://www.theregister.co.uk/2009/08/11/ripa people to provide encryption keys was first _iii_figures/ granted to law enforcement authorities in the United Kingdom in October 2007, and failure to
Raytheon Aspiring to be the most admired defense and aerospace systems supplier through world-class people and technology Raytheon is a technology leader specializing in defense, homeland security, and other government markets throughout the world. With a history of innovation spanning more than 80 years, Raytheon provides state-of-the-art electronics, mission systems integration, and other capabilities in the areas of sensing; effects; command, control, communications and intelligence systems, as well as a broad range of mission support services.
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 32
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
CYBERSPACE-RELATED CONFERENCES
Note: Dates and events change often. Please visit web site for details. Please provide additions, updates, and/or suggestions for the CYBER calendar of events here.
31 Aug – 4 Sep 6th International Conference on Trust, Privacy & Security in Digital Business, Linz, Austria, 2009 http://www.icsd.aegean.gr/trustbus2009/ 9 – 11 Sep 2009 Cyber Conflict Legal and Policy Conference 2009, Tallinn, Estonia, http://www.ccdcoe.org/legalconference/3.html 13 – 16 Sep 2009 ArcSight Protect 2009, Washington DC; http://www.arcsight.com/protect09 20 – 25 Sep 2009 Hacker Halted USA 2009, Miami, FL; http://www.hackerhalted.com/Conference/tabid/67/Default.aspx 29 – 30 Sep 2009 Detroit SecureWorld Expo; Detroit, MI; http://secureworldexpo.com/events/index.php?id=257 6 Oct 2009 Cyber Security Conference – A Shared Responsibility, John Hopkins APL - Kossiakoff Conference and Education Center, Maryland, https://www.fbcinc.com/csc/default.aspx 28 – 29 Oct 2009 Seattle SecureWorld Expo; Seattle, WA; http://secureworldexpo.com/events/index.php?id=249 4 – 5 Nov 2009 Dallas SecureWorld Expo; Dallas, TX; http://secureworldexpo.com/events/index.php?id=250 18 – 20 Nov 2009 MINES 2009 International Conference on Multimedia Information Networking and Security, Wuhan, China; http://liss.whu.edu.cn/mines2009/
CYBERSPACE-RELATED TRAINING COURSES
Note: Dates and events change often. Please visit web site for details. Please provide additions, updates, and/or suggestions for the CYBER calendar of events here.
Certified Ethical Hacker Global Knowledge, Dates and Locations: http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=104 63&catid=191&country=United+States Certified Secure Programmer EC-Council, Online, http://www.eccouncil.org/Course-Outline/ECSP.htm (ECSP) Certified VoIP Professional EC-Council, Online, http://www.eccouncil.org/Course-Outline/ECVP.htm CISA Prep Course Global Knowledge, Dates and Locations: http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=941 6&catid=191&country=United+States CISM Prep Course Global Knowledge, Dates and Locations: http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=987 7&catid=191&country=United+States CISSP Prep Course Global Knowledge, Dates and Locations: http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=802 9&catid=191&country=United+States
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 33
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
Computer Hacking Forensic EC-Council, Online, http://www.eccouncil.org/Course- Investigator Outline/CHFI%20Course.htm Contingency Planning Global Knowledge, Dates and Locations: http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=119 19&catid=191&country=United+States Cyber Law EC-Council, Online, http://www.eccouncil.org/Course- Outline/CyberLaw%20Course.htm Defending Windows Networks Global Knowledge, Dates and Locations: http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=108 36&catid=191&country=United+States DIACAP – Certification and Global Knowledge, Dates and Locations: Accreditation Process http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=117 76&catid=191&country=United+States DIACAP – Certification and Global Knowledge, Dates and Locations: Accreditation Process, http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=117 Executive Overview 78&catid=191&country=United+States Disaster Recovery EC-Council, Online, http://www.eccouncil.org/Course- Outline/Disaster%20Recovery%20Course.htm E-Business Security EC-Council, Online, http://www.eccouncil.org/Course-Outline/e- Security%20Course.htm E-Commerce Architect EC-Council, Online, http://www.eccouncil.org/Course-Outline/E- Commerce%20Architect%20Course.htm ESCA/LPT EC-Council, Online, http://www.eccouncil.org/Course-Outline/ECSA-LPT- Course.htm Ethical Hacking and EC-Council, Online, http://www.eccouncil.org/Course- Countermeasures Outline/Ethical%20Hacking%20and%20Countermeasures%20Course.htm Foundstone Ultimate Hacking Global Knowledge, Dates and Locations: http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=978 &catid=191&country=United+States Foundstone Ultimate Hacking Global Knowledge, Dates and Locations: Expert http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=793 8&catid=191&country=United+States Foundstone Ultimate Web Global Knowledge, Dates and Locations: Hacking http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=979 &catid=191&country=United+States INFOSEC Certification and Global Knowledge, Dates and Locations: Accreditation Basics http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=119 05&catid=191&country=United+States INFOSEC Forensics Global Knowledge, Dates and Locations: http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=119 43&catid=191&country=United+States INFOSEC Strategic Planning Global Knowledge, Dates and Locations: http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=119 33&catid=191&country=United+States Linux Security EC-Council, Online, http://www.eccouncil.org/Course- Outline/Linux%20Security%20Course.htm
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 34
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
Network Management Global Knowledge, Dates and Locations: http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=119 37&catid=191&country=United+States Network Security EC-Council, Online, http://www.eccouncil.org/Course-Outline/ENSA.htm Administrator (ENSA) Network Vulnerability Global Knowledge, Dates and Locations: Assessment Tools http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=117 84&catid=191&country=United+States NIST 800-37 - Security Global Knowledge, Dates and Locations: Certification and Accreditation http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=117 of Federal Information 80&catid=191&country=United+States Systems NIST 800-37 - Security Global Knowledge, Dates and Locations: Certification and Accreditation http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=117 of Federal Information 82&catid=191&country=United+States Systems - Executive Overview Policy and Procedure Global Knowledge, Dates and Locations: Development http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=119 23&catid=191&country=United+States Project Management in IT EC-Council, Online, http://www.eccouncil.org/Course- Security Outline/Project%20Management%20in%20IT%20Security%20Course%20Outline /Project%20Management%20in%20IT%20Security%20Course%20Outline.html Red Hat Enterprise Security: Global Knowledge, Dates and Locations: Network Services http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=797 2&catid=191&country=United+States Risk Analysis and Management Global Knowledge, Dates and Locations: http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=119 13&catid=191&country=United+States Security Certified Network Security Certified Program, Self-Study, Architect http://www.securitycertified.net/getdoc/ac8d836b-cb21-4a87-8a34- 4837e69900c6/SCNA.aspx Security Certified Network Security Certified Program, Self-Study, Professional http://www.securitycertified.net/getdoc/6e1aea03-2b53-487e-bab6- 86e3321cb5bc/SNCP.aspx Security Certified Network Security Certified Program, Self-Study, Specialist http://www.securitycertified.net/getdoc/f6d07ac4-abc2-4306-a541- 19f050f32683/SCNS.aspx Security for Non-security Global Knowledge, Dates and Locations: Professionals http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=846 1&catid=191&country=United+States SSCP Prep Course Global Knowledge, Dates and Locations: http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=987 6&catid=191&country=United+States Vulnerability Management Global Knowledge, Dates and Locations: http://www.globalknowledge.com/training/course.asp?pageid=9&courseid=119 41&catid=191&country=United+States
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 35
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
CYBER BUSINESS DEVELOPMENT OPPORTUNITIES
Note: Dates and events change often. Please visit web site for details. Please provide additions, updates, and/or suggestions for the CYBER calendar of events here.
Office Title Link DLA Acquisition Information Technology (IT) Information https://www.fbo.gov/spg/DLA/J3/DDC/SP3300- Locations Assurance Support and Management 09-R-0046/listing.html Services, Defense Distribution Center (DDC) Procurement DoD DMZ Engineering Support https://www.fbo.gov/spg/DISA/D4AD/DITCO/RF Directorate ICBest/listing.html Procurement DISA Implementation of Web Audit Log https://www.fbo.gov/spg/DISA/D4AD/DITCO/DI Directorate Collection and Analysis Tools SAWEBAUDIT/listing.html
PEO STRICOM D--Threat Computer Network Operation https://www.fbo.gov/index?s=opportunity&mo (CNO) Teams for Test and Evaluation events de=form&id=d713ee539a271238c8580dd60427 31ea&tab=core&_cview=0 Department of A+, Network+, Security+ Training and https://www.fbo.gov/spg/USAF/ACC/99CONS/F the Air Force Certification 3G3FA9167AC02/listing.html Air Force Integrated Cyber Defense & Support https://www.fbo.gov/index?s=opportunity&mo Materiel Technologies de=form&id=cd045a392c920683ccb0b03df09bb Command 134&tab=core&_cview=1 Air Force Cyber Command and Control (C2) https://www.fbo.gov/spg/USAF/AFMC/AFRLRRS Materiel Technologies /BAA0809-RIKA/listing.html Command Air Force USAF Electronic Warfare Battle https://www.fbo.gov/spg/USAF/AFMC/ASC/US Materiel Management Technology CRFI AF_Electronic_Warfare_Battle_Management_T Command echnology/listing.html Air Force CompTIA Security+ Training https://www.fbo.gov/spg/USAF/AFMC/88CONS Materiel /FA8601-09-T-0049/listing.html Command Air Force Military Communications and Surveillance https://www.fbo.gov/spg/USAF/AFMC/AFRLRRS Materiel Technologies and Techniques /BAA-09-09-RIKA/listing.html Command Air Force CyberSoft VFind Security Tool Kit https://www.fbo.gov/spg/USAF/AFMC/AFRLRRS Materiel Maintenance & Support /FA8751-09-Q-0379/listing.html Command Air Force Provide Information Awareness (IA) training https://www.fbo.gov/spg/USAF/AFMC/75/F2DC Materiel CR9180A001/listing.html Command Air Force D – NETCENTS-2 Netops and Infrastructure https://www.fbo.gov/spg/USAF/AFMC/ESC/FA8 Materiel Solutions 771-09-R-0018/listing.html Command Air Force D – NETCENTS-2 NETOPS and Infrastructure https://www.fbo.gov/spg/USAF/AFMC/ESC/FA8 Materiel Solutions (Small Business Companion) 771-09-R-0019/listing.html Command
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 36
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
Air Force Security Certificate & Accreditation Services https://www.fbo.gov/spg/USAF/AFMC/75/FA82 Materiel for Information Systems 01-09-R-0088/listing.html Command United States R--Internet Monitoring Services https://www.fbo.gov/spg/DON/USMC/M67004 Marine Corps /M6700409T0108/listing.html Bureau of International Competitive Bidding (ICB): https://www.fbo.gov/spg/DOC/BIS/comp99/IFB Industry & Implementation and Support of NATO -CO-12870-NEDS/listing.html Security Enterprise Department of D--Information Assurance, Engineering https://www.fbo.gov/spg/USA/DABL/DABL01/ the Army System Solutions Development, Testing, W91QUZ-09-0000/listing.html Deployment and Life Cycle Support Business Sources sought or request for information https://www.fbo.gov/spg/ODA/BTA/BTA- Transformation (RFI), DoD Information Assurance (IA) BMD/HQ0566-09- Agency Controls (For Information Purposes Only) InformationAssurance/listing.html
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 37
Volume 2, Edition 17 CyberPro August 27, 2009
Keeping Cyberspace Professionals Informed
EMPLOYMENT OPPORTUNITIES WITH NSCI
Job Title Location Operational Deterrence Analyst NE, VA Defensive Cyber Ops Analyst NE, VA, CO Cyber SME NE, VA, TX, CO Geospatial Analyst NE Logistics All-Source Intelligence Analyst NE SIGINT Analyst NE, CO Cyber Operations SME NE Website Maintainer NE Cyberspace Specialists NE Cyberspace Manning IPT NE
CYBERPRO CONTENT/DISTRIBUTION
Officers The articles and information appearing herein are intended for educational purposes to President promote discussion in the public interest and to keep subscribers who are involved in the Larry K. McKee, Jr. development of Cyber-related concepts and initiatives informed on items of common interest. The newsletter and the information contained therein are not intended to Chief Operations provide a competitive advantage for any commercial firm. Any misuse or unauthorized Officer use of the newsletter and its contents will result in removal from the distribution list Jim Ed Crouch and/or possible administrative, civil, and/or criminal action.
------The views, opinions, and/or findings and recommendations contained in this summary are CyberPro those of the authors and should not be construed as an official position, policy, or Editor-in-Chief decision of the United States Government, U.S. Department of Defense, or National Lindsay Trimble Security Cyberspace Institute.
CyberPro Research Analyst Kathryn Stephens
CyberPro Archive
To subscribe or unsubscribe to this newsletter click here CyberPro News Subscription.
Please contact Lindsay Trimble regarding CyberPro subscription, sponsorship, and/or advertisement.
All rights reserved. CyberPro may not be published, broadcast, rewritten or redistributed without prior NSCI consent.
110 Royal Aberdeen Smithfield, VA 23430 ph. (757) 871 - 3578
CyberPro National Security Cyberspace Institute P a g e | 38