Our national security depends on cyber security, and Russian hacking threatens those defenses. Every day that I come to work, I see an erosion of traditional power structures at the hands of increasing cyber threats. The hacking of Yahoo by Russian operatives and the DNC are two such examples that have potentially shifted the balance of power from our marketplace and political sphere into the hands of Vladimir Putin, Russian cyber criminals and anyone piggybacking on their technology. Now that Roger Stone, an administration advisor, has admitted to contact with the DNC hacker (Guccifer 2.0), the ties are too direct to ignore. But we shouldn’t be doing this for purely political reasons, we should be doing it to clear our President and his administration of wrongdoing so that they can go on about governing the country and implementing their vision.
Posts tagged "Cyber Security"
Whether data breach or insider leak, Panama Papers Cyber Security lessons still the same.
By now, you’ve heard about the leaked papers from a Panamanian law firm implicating world leaders, sports figures and celebrities alike in a scheme to shelter massive wealth in off-shore corporations (if not, see the NYTimes summary below for relevant links). At this point it is still unclear whether the 11.5 million records were obtained through hacking or leaked from someone inside of the Panamanian law firm.
But from a cyber security perspective, the lessons are nearly identical either way. At issue here is the massive centralization of data that makes either breach or leakage not only inevitable, but rather convenient. World leaders and executives alike must have a sense of deja vu from the leakage of the NSA documents by Edward Snowden several years ago. From a security perspective, it is baffling in both cases that one individual would have access to such a trove of data. This suggests that the records were not properly segmented, encrypted or subjected to user-level access permissions.
Ransomware: A Vital Course on the Next Big Cyber Threat
Ransomware is pretty much exactly what it sounds like: it holds your computer or mobile phone hostage and blackmails you into paying a ransom. It is a type of malware that prevents or limits users from accessing their system and forces its victims to pay the ransom through certain online payment methods in order to grant access to their systems or to get their data back.
It’s been around since about 2005, but earlier this year, the FBI issued an alert warning that all types of ransomware are on the rise. Individuals, businesses, government agencies, academic institutions, and even law enforcement agents have all been victims.
Apple vs FBI: Building a backdoor into the iPhone is like burning the haystack…
I’ve been asked almost 100 times since Apple rejected the FBI’s request to break into the iPhone of the San Bernadino killers on which side I support. I am a firm believer that the most complex problems (this is one of them) deserve the simplest explanations. Here is the simplest way that I can walk you through the argument:
- If your immediate response, like many, is to side with Apple – “Don’t hack into your own operating system, it set’s a bad precedent” – then you have a good strong natural reflex when it comes to privacy. But don’t stop your thinking after your first reaction or thought, as it might be incomplete, because…
When the finance chief of a London hedge fund got an urgent phone call about possible fraud on a Friday afternoon just as he was preparing to leave work, he honestly thought he was doing the right thing by giving the caller the information requested. Wouldn’t any decent CFO want to stop fraud if it was in his power to do so? That way, he could rest easy for the weekend, knowing he had saved the company from damage. Imagine the feeling in the pit of his stomach when he turned on his computer Monday morning to find that 742,668 pounds ($1.2 million) was missing!
That’s what happened to Thomas Meston of Fortelus Capital Management LLP in December of 2013. He received a phone call from someone claiming to be from Coutts, the London-based hedge fund’s bank, and the caller warned him there may have been fraudulent activity on the account. Meston was reluctant, but agreed to use the bank’s smart card security system to generate codes for the caller to cancel 15 suspicious payments.
Despite deluge of stolen PII, data breach experts see little change in corporate security behavior
The results of a Ponemon Institute survey commissioned by defense contractor Raytheon suggest that the massive attention generated by recent data breaches have failed “to move the needle” in changing behaviors and attitudes toward information security at many companies.
One of my most trusted sources of information about data breach is Larry Ponemon of the Ponemon Institute. Larry’s data is unbiased, no nonsense and reliable, even though his work is occasionally commissioned by interested parties (like Raytheon). And supported by studies from other data breach experts, we are all screaming at your organization to WAKE THE HELL UP! I rarely use statistics (and only occasional but fully-justified swearing) in my keynote presentations (because I don’t fancy sleeping audiences — or lawsuits), but today I’m going to BOMBARD you with them. Use whichever stat you think will best shock your “head-in-the-scorching-sand” executive out of the destructive malaise that might lead you into an Anthem-like, Sony-style, Target-worthy data breach:
Checks Unlimited • PO Box 19000 • Colorado Springs, CO 80935-9000
What does cybergeddon have to do with ebola?
In 2014 Ebola has claimed over 4,000 lives in Western Africa and caused ONE death (of a person who contracted the disease in Africa) in the United States. Many Americans are in a proper panic about it and it continues to be front page news. In typical fashion, we have found something to worry about while conveniently ignoring other, “less sensational” but more critical topics:
- According to the CDC, Influenza kills about 3,000 people in this country in a good year (1986-1987) and up to nearly 50,000 in a bad one (2003-2004). Yet during the 2013-2014 flu season, only 46 percent of Americans received vaccinations against influenza.
- Seat belts have saved an estimated 255,000 lives since 1975. Yet each year more than 50 percent of people killed in car crashes were not wearing a seat belt.
The original notice on GameOver Zeus appeared on the US-CERT site. If you’d like to go directly to the tests for the GameOver Zeus virus, scroll down.
Overview of GameOver Zeus
GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011,  uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control. The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), is releasing this Technical Alert to provide further information about the GameOver Zeus botnet.
Systems Affected by GameOver Zeus Virus
- Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8
- Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012
Impact of GameOver Zeus
A system infected with GOZ may be employed to send spam, participate in DDoS attacks, and harvest users’ credentials for online services, including banking services.