You Have The Power, Mostly
Just when you thought it was safe to go back in the water, Russian hacking resurfaces in waters beyond the political. Sure, it was devastating when we realized that Russia had wormed its way into our electoral and democratic process, but that was apparently just the beginning of the story. (more…)
The Future of Cyber- Part Two
During a recent talk at The Chautauqua Institution, Denise Zheng held forth on the nature of cyber conflict: past, present, and future. A Senior Fellow and the Director of Technology Policy at the Center for Strategic and International Studies, Zheng has some interesting perspectives on the nature of cyber threats going forward. The concept of deterrence, for example is complicated, at least on a national or global scale. “Deterrence requires attribution supported by evidence, further supported by classified information and practices,” Zheng suggests, and governments know that for every action there is a reaction, often deploying the same technology. So global resolution of cyber threat potential seems problematic.
The Future of Cyber- Part One
During a recent talk at The Chautauqua Institution, Denise Zheng held forth on the nature of cyber conflict: past, present, and future. A Senior Fellow and the Director of Technology Policy at the Center for Strategic and International Studies, Zheng has also worked as a senate staffer on the Homeland Security Committee, in the Computer Associates software engineering process, and, most recently, on cyber moonshots at DARPA. So her perspective on cyber reflects and informs those of consumers, governments, and leading edge developers. (more…)
The Smaller They Are, The Harder They Fall
No Such Thing As A Free Lunch
It’s A Family Affair
The Business Side Of Cyberthreats
When Cybersecurity Is Mainstream
Hacking Ain’t What it Used to Be
Do you remember 1986? The first class was inducted into the Rock and Roll Hall of Fame, the Challenger Space Shuttle disaster rocked our world, and Top Gun was the highest grossing film of the year. That year also brought us the Computer Fraud and Abuse Act (CFAA), a law that many have suggested hasn’t kept up with the rapid pace of technological innovation. After all, ARPANET was in its infancy in 1983, and the World Wide Web wouldn’t become a consumer reality until around 1990. Protecting isolated computers is a wildly different thing from keeping networked devices secure in the IOT world. (more…)
The Imperfect Storm
There’s a storm brewing, potential chaos lurking in the wings. And I’m not talking about politics. Though, if we’re being honest, there’s a storm brewing there, too. We can argue cause and effect, but the world is changing in palpable ways, probably more rapidly than we imagine. (more…)
When The Chips Are Down
Arraigned On The Planes Of Spain
Back when Julie Andrews was in her theatrical prime, there was more than just The Sound of Music in the hills. In My Fair Lady, she repeated “the rains in Spain stay mainly on the plains” in an effort to lose her cockney accent. One could argue that Eliza Doolittle was trying to escape her past and enjoy the liberty associated with a new identity, a new language, a new sense of freedom. The same might be said of Peter Yuryevich Levashov, a Russian hacker whose fingerprints are said to be found on such exploits as the Russian intrusion into our 2016 elections. (more…)
Who’s Baking Your Cookies?
So you say you’re not a Yahoo user, that the news of their latest breach is no concern of yours. That sound about right? Well, you may be right, but consider also that the exploit used in the latest breach (early February) has far-reaching implications for anyone who takes even the first step onto the Internet. (more…)
Who’s Watching The Watchers?
It’s been a strange month or two in the world, and that’s not simply a political statement. There is a very real sense that somebody’s watching, all of us, all the time, and that we should take that for granted. Increasingly, it seems, that voyeurism extends beyond our digital footprint and into our everyday physical spaces. While novelists and science fiction authors have been seizing on the approach of these days for decades, the Luddites are always the last to know. But, you might ask, who is watching the watchers? Apparently, that would be Wikileaks. (more…)
Now You See It, Now You Don’t
Stand against the wall. That’s the common advice given to tourists when they start to make calls on their smartphones in foreign lands. It’s not the roaming charges you have to look out for any longer. It’s now the roaming thieves who want to steal your phone in broad daylight and compound the pain by phishing your account information to unlock, wipe, and resell the phone. By standing against the wall, you limit the access and cover your blind side. Sadly, the stories are anything but rare. (more…)
Bundle Up To Avoid The Cold
With every passing week, it seems, cyberthreats and hacks inundate the news cycle and bring home the absolute insecurity that most of us experience (or should) when we take even the smallest of baby steps with our digital footprints. Of late, it’s the Russians who seem to take center stage, hacking our politics and manipulating our elections. Though we could debate the extent of the success, nobody seems to doubt the intent any longer. If those chilly diplomatic breezes seem to intimate a second cold war, will cyber be the weapon of choice? Is it already?
Somewhere Between Sliced Turkey and Santa Claus
Your organization has weathered some storms, am I right? The valleys between the peaks, when sales slow and payroll weighs heavy on the mind. You’ve hired through the good times and had to cut back in the lean times, but you’ve steadied the ship and there’s quite a bit to be thankful for as you try to recover from Aunt Eunice’s cornbread stuffing. And how about some steady quarterly earnings and revenue growth to go with that maize? That would be the best gift of all to slide down the chimney in a couple of weeks. (more…)
And In Other News
While the world has been watching the American political circus over the past several years, a recurring question put forth by all parties has been, “Can this or that person be trusted with the nuclear codes?” This is an important question, no doubt, but one that overshadows an even more significant question. Granted, the President is the single gatekeeper to the national arsenal, but enemies foreign and domestic seem to be making their own keys to nuclear infrastructure these days. (more…)
A closer look at recent chaotic events surrounding the DDoS attacks on Dyn DNS reveals some frightening things about our rapidly growing dependence on the Internet. A recent NY Times article does a great job of explicating the events in layman’s terms, including the warning, “And the threats will continue long after Election Day for a nation that increasingly keeps its data in the cloud and has oftentimes kept its head in the sand.” (more…)
Blue Skies and Fireflies
If you have flown lately, you might have noticed a new wrinkle in the use of cell phones in flight. In addition to limiting use to airplane mode on those devices so equipped, the crew currently prohibits the use of or charging of any Samsung Note 7 device at any point while aboard the plane. CNET offers a brief explanation here for why that message has been added to the mix with making sure your tables and seats are in the upright and locked position. (more…)
Jackware In The Box
Fans of this blog — and let’s be honest, who isn’t a fan? — will recall a recent post that detailed the carjacking of a Jeep Cherokee from several miles away. It was an effort to demonstrate the security vulnerability of cars equipped with wireless access points and other IoT equipment. And it worked. Cars were recalled, security issues were addressed, and we now have an additional lens through which to view rapidly advancing car technology. But what if the car is advancing beyond us, the drivers? (more…)
Open Says A Me
Passwords are the first line of defense for critical network infrastructure. Building an organizational expectation for strong password use in no longer seen as an option. It is now a requirement. If you can get your staff to deploy 8-12 characters randomly selected from all varieties available, that’s $uPer GrE@+. (more…)
Politics as Unusual
Regardless of your political affiliation or your favorite — or least unfavorite — candidate, the 2016 election cycle has been anything but predictable. If this were a circus, it would be a very good one. Instead, though, it is the pinnacle of the democratic mechanism by which we choose our leadership. That is a sobering reality that could make you reach for the bottle. (more…)
It’s Graduation Season
The waypoints on our life journeys are marked by ceremony. Weddings, funerals, births and Baptisms, and, from time to time, graduations. High school and college seem to be the major events, but the zealous have introduced kindergarten, grade school, middle school, and traffic school to the mix. So congratulations to those who wiped the points off their driving record with 8 hours of vehicular remediation, Your future is, indeed, bright. (more…)
Ransomware Exposed: Sextortion
Ransomware is not new. It’s been around for a while, and clever hackers have found ways to extort just the right amount of money to make it worth your while to settle. The balance is somewhere between what the data is worth and what it would cost you to recover it through normal machinations. Traditionally they’ve kept the number low enough that is was cheaper to pay up and walk away. An easy decision, perhaps, when the data is just that. Data. (more…)
Hackers Prove Patient But Swift
Breaching a global bank network is no smash and grab operation. As organizations focus and fund their cybersecurity resources with even greater alacrity, the bad guys have to continue to polish the edge of their sword, patiently waiting for the right opportunities to score bigger and bigger hits. Such is the case with the recent — and second — attack on Swift, the global messaging network banks use to move money around. If you think you’re covering all your bases and keeping your data out of harm’s way, you may be giving yesterday’s news and last week’s security protocols too much play. Hackers, in one small way, are like PGA Tour Pros: These Guys Are Good. (more…)
A Coppertone Moment
It’s the official beginning of summer, and hundreds of thousands of tourists from the far reaches of North America are making their way across the USA in a Chevrolet, migrating to the seasonal climes and exotic beverage offerings of coastal communities across the Southeast. Escaping the more — perhaps presumably — mundane and pedestrian challenges of their normal lives, many tourists engage in atypical behavior, casting inhibitions to the wind and embracing the larger world in various stages of sobriety and dress. It’s all umbrella drinks and beach reads, kids running amok and minivans loaded with folding chairs and inflatables. Now imagine your data sitting next to that family in Denny’s. You know the one. (more…)
Over the last holiday season, around the IT water cooler, the talk inevitably turned to the cool new gadgets that impressed the mortals and blew the minds of Luddites everywhere. That talk was all about Artificial Intelligence and the need to more efficiently sell shoes. IT folks are way too immersed in AI to get bogged down in practical application, but Marketing and Sales were all over it, both in search and point of sale. (more…)
Grab That High Voltage Line, Again
As thrilling as it might have been for the relatively few men and women who successfully navigated the Ashley Madison portal to extramarital affairs, nothing can compare to the thrill of seeing your name and vital statistics on view in the public square, again. But that is the ruling of a District Court Judge in Eastern Missouri, who determined that “embarrassment” was not sufficient cause for the plaintiffs to proceed as “John Does” in their suit against Avid Dating Life, Inc. for not protecting their sensitive data. This New York Times article will get you up to speed, if necessary. (more…)
60 Minutes of Cyberthreat
Bite from the Apple
Which interests outweigh the others? Should the U.S. Government be able to force Apple to assist in breaching the iPhone used by a terrorist? Or should consumers rest assured that, even when their feet are held to the fire, private companies can hold the line about their intellectual property and the security of their products? What was set to be a contentious and landmark legal battle has now been relegated to the moot court and debate team practice file. (more…)
Security Starts In The Home
Or maybe the home office, where the perception might exist that the greatest threat to network and data security is a rogue Russian hacker or a disenfranchised neckbeard living in his mother’s basement. But that perception is just the tip of the iceberg, and too many organizations spend too much time rearranging the deck chairs on the Titanic.
If you want to see the problem more clearly, take a look around the office, from Agnes in Accounting to Stan the Man in Sales. From Reggie in Receiving to Ruth in Reception. The people on your staff are wonderful, devoted, and talented members of your team. They are also the biggest threat to your security. (more…)
And The Award Goes To…
It’s awards season, our time of looking back to a previous year’s achievements across a variety of cultural disciplines. The Oscars, the Golden Globes, and the Peoples’ Choice Awards are just a few. As an IT professional, you’ve longed for more industry-specific recognition, and awards like “Best Pocket Protector in a Supporting Role” or “Best Line of Code in a Feature Length Composition” make your digital heart sing. (more…)
The Gifts That Keep On Giving
Isn’t it great to be back at work? The kids are back in school, the elf-on-the-shelf is back in the attic planning next year’s pranks, and all you’ve got left to look forward to are the credit card bills. Santa was a bit overzealous, perhaps, but the looks on their faces make it all worthwhile, am I right? (more…)
The Manhattan Project
The District Attorney for New York County and Manhattan is officially calling for smartphones to be equipped with a backdoor. Boing Boing reported last week that the DA’s efforts to ensure law enforcement access to stored data on all tablets and smartphones has the support of law enforcement officials in The UK and The Netherlands. So there’s that. But while the DA’s office goes to great lengths to affirm that access under search warrant would not violate human or civil rights, the report does not address the very real problem on the tech side. If you put a chink in the armor, it seems, wouldn’t you invite other, less hospitable elements to the party? (more…)
Ho Ho Hold On Just A Minute
As an IT professional, you are familiar with social engineering. You’ve probably even had specific training on social engineering and the ubiquitous threat it poses to your network. As a result, you look suspiciously at Melvin, the new facilities guy, as he makes small talk with Raynell at the front desk. Is that a thumb drive on his big key ring? (more…)
That Time Again Already?
It’s the beginning of the holiday season. The radio stations switched to Christmas carols around Halloween, Santa is ringing a bell over a red bucket on every street corner, and we haven’t even carved the first of the annual pair of turkeys, much less cleared the freezer of last year’s fruitcakes from Aunt Eunice. Our only consolation, apparently, is the conspicuous consumption masking itself as Black Friday.
Bet Your Bottom Bitcoin
Acting on CyberTerrorism
Hillary’s Email and National Security
As Republicans try to make political hay while the sun shines on Hillary’s private email server, another national security issue rears its ugly head from the latest batch of those released emails. The AP reported last month that Russian hackers tried to access Hillary’s private server at least five times while she was secretary of state. The attempts in 2011 were disguised as fake New York State traffic tickets and, if opened, would have embedded malware that would allow foreign nationals to control her server and access all of the information stored there. (more…)
Can’t Put Your Finger On It
You’re an IT professional, so the wonders of technology are not lost on you. If there’s an app for that, you want to know about it. And the emergence of biometric security features on phones and IoT devices is right in your wheelhouse. At first blush, you recognize the stellar, seemingly impenetrable fortress that is the fingerprint. And unlike passwords and social security numbers, we can’t change our fingerprints. That’s like the ultimate cryptology at your fingertips. But still, there is that nagging little voice that says even that can be hacked. (more…)
Government Contractors and APTs
The last several months have seen an increase in the reported breaches of government or related networks. The University of Virginia network was breached recently by Chinese hackers, mainly, it is thought, because of their connection to DoD, Intelligence, and other government contractors, programs, and facilities.
Government contractors seem especially vulnerable these days, particularly to APTs, so let’s take a look at this threat with fresh eyes. (more…)
An Affair to Remember
Imagine your life as a conservative, family values politician, or maybe even a minister, leading a flock of faithful men and women, your devoted wife at your side and pictures of the children on the desk behind you. That’s the “Before” picture, the one you see in your mind before the Ashley Madison hack and data dump, before the world connected your name and address and, in some cases, your most intimate details with the online presence designed to optimize invisibility. The “After” picture? Well, that one’s still in process, but the smiles evaporated quickly, and it’s an image that’s likely to stick with you for a long time. (more…)
Welcome to Fergus Falls!
The thumb drive sits on the edge of the table, carefully wrapped in cellophane and surrounded by the other promotional materials from the SWAG bag left by the Chamber of Commerce. It was a very nice gesture, and you’re giving serious thought to the guided tour of local brewpubs pictured in one of the brochures, but you eye the thumb drive with suspicion. And rightfully so. (more…)
If It Ends in Y, It Could Be A Monday
Think of today as Monday. Maybe you’re just back from a long holiday weekend. You’ve celebrated the birth of a nation, perhaps, and the chili dogs are still waging war, keeping the spirit of rest and relaxation alive and well. Now the battle takes a twist as you rattle down the list. These are the projects you face today, the fires that demand your immediate attention, like the chili dogs.
Follow the Money
Looking for a good business model with a market poised to explode in the next five years? No, it’s not the latest social media platform or even a cryptocurrency. It’s cybercrime, and your business is rapidly becoming their business. (more…)
Hacking the IRS History
April 15th lurks in the shadows of every year, as inescapable as the Grim Reaper and only slightly less popular. The IRS has conflict in its DNA, as our nation’s first revenue commission was established in 1862 to pay for the Civil War. Repealed ten years later and even ruled unconstitutional by the Supreme Court in 1895, the IRS began collecting income taxes in 1913, after the 16th Amendment was ratified, and the steady gathering of data began.
The Dire Straits of Cybersecurity
Money for Nothing
In late 2013, ATMs in Kiev began spitting out cash at random times, even if nobody was standing in front of them. Turns out, cash on the concrete was just the tip of the iceberg. By the time investigators got their forensics around the issue, over 100 financial institutions across over 30 nations had been breached in what might be the largest bank theft of all time. (more…)
Analysts from the far reaches of the cybersecurity empire remind us of the many challenges we face daily, and some of these will no doubt wreak havoc in 2015 because the threat evolves rapidly to exploit weaknesses we don’t even know exist yet. Other, more predictable threats use proven strategies to exploit known weak links in our organizations. Human links. These are a couple of their stories. (more…)