Author Topic: National CyberSecurity and Cyberhygiene starts with you  (Read 11506 times)

BridgeTroll

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 13362
  • The average person thinks he isnt
    • London Bridge Pub
National CyberSecurity and Cyberhygiene starts with you
« on: December 20, 2016, 08:05:34 AM »
http://www.seeker.com/heres-how-to-stop-russian-cyber-hacking-2149775375.html

Quote
TECH  Dec 16, 2016 07:04 AM ET
Here's How to Stop Russian Cyber-Hacking
The U.S. government, businesses and regular people need to step up to protect themselves against theft and political espionage.

BY ERIC NIILER

Yahoo. The Democratic National Committee. San Francisco's public transit system. Your home Internet router. It seems as though every day brings news of cyberattacks against U.S. institutions, companies and regular people. Experts say that there are ways to fight back, and that we need to do more — as individuals and a nation — to protect ourselves from cyber criminals and tech-savvy despots in the first place.

Some measures require Congress to appropriate taxpayer money, such as the $3.1 billion that President Obama requested earlier this year to upgrade the federal government's outdated computer systems with new hardware and software. It's just one aspect of a $19 billion cybersecurity overhaul across federal agencies that's part of the budget that Congress still hasn't approved.

Other initiatives are far simpler, such as educating people to not download unknown files, respond to unusual Facebook messages, or fall prey to deceptive "spear-phishing" emails that steal passwords and personal data.

"You have to teach people to wash their hands in cyberspace," said Herbert Lin, senior research scholar for cyber policy and security at Stanford University's Hoover Institution. "That's a hard thing to do. Saying: 'Don't use your technology for what it was designed to, or just don't use computers' — that's not useful."

Enforcing "cyber hygiene" would cut down on more than 80 percent of cyber attacks and cyber thefts, according to Lin. In fact, it was just that kind of mistake that a staffer at the Democratic National Committee made last year that allowed Russian hackers to infiltrate the DNC's servers in 2015, steal emails from Clinton aides, and then sow political mischief throughout the 2016 election, according to a recent New York Times report.

In October, malware embedded in residential internet routers and DVRs helped orchestrate a large-scale distributed denial of service (DDOS) attack on the East Coast that shut down Amazon, Netflix, Twitter and other major websites. The following month, a ransomware hack shut down San Francisco's public transit ticketing system for a few days after Thanksgiving.

As a member of President Obama's cybersecurity task force, Lin helped craft recommendations to prevent these kinds of attacks in a report released Dec. 1. These included a labeling system to help consumers assess the security of computer products and services, and potentially making companies liable for internet-connected devices that can be hacked and made to cause damage.

"There's no silver bullet," Lin said of the task force's work, which its members hope to present to President-elect Donald Trump's transition team.

The report states that the federal government needs to develop a roadmap for sharing information about threats with the tech industry and developing computer networks with better security, as well as imposing standards for internet-connected components in automobiles, houses, cameras and other devices that make up the "internet of things."

The task force spent eight months on the 100-page report, but with new allegations about Russia's intervention in the U.S. presidential election, some observers are wondering whether Trump or his team will even read the document. On Wednesday, intelligence officials told NBC News that Russian President Vladimir Putin was personally involved in the operation against Hillary Clinton's campaign in an attempt to help elect Trump.

Trump has repeatedly said that he doesn't believe the C.I.A.'s assessment that Russia's government hacked the Democratic National Committee to bolster Trump. The White House and members of Congress have pledged to investigate the matter.

"One thing we will have to see is whether Russia feels emboldened and hasn't suffered major consequences, at least in public," said Ben Buchanan, a postdoctoral fellow at Harvard University's Cyber Defense Project. "Maybe they will use that first round in the U.S. as a springboard for activities in Europe. That's why deterrence is such a key part. It's not just a question of defending, but establishing consequences if this kind of behavior continues."

The cybersecurity commission hopes to meet with Trump's transition team before Christmas, but no such meeting has yet been announced. In an interview with NPR that aired Friday, President Obama vowed retaliatory action against Russia for its meddling in the US presidential election.

Elections are scheduled in coming months in France, Germany, Sweden and the Netherlands and leaders there worry they could be the next target unless President Obama can make Putin stop.

"Given the audacity and the impact of the attack, it must cause a response from the United States," said Matthijs Veenendaal, strategy branch chief at NATO's Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia. "There are a lot of elections coming up, there is a lot of unrest in Europe and a lot of opportunities for causing mayhem."

The problem is how to respond to Russia without stirring up a cyber-war between Russia and the West.

"It is something we are grappling with as well, all western democracies," said Veenendaal, who formerly ran the Dutch military's cyberdefense program. "This is not something easy to defend against, and it's even harder to respond against."

Instead of trying to punish Putin in some kind of cyber-based counterattack, perhaps it might be better to push Russia off the world stage until it behaves. That's an idea floated by Scott Borg, director of the U.S. Cyber-Consequences Unit, a think tank that advises federal agencies and corporate partners about ways to protect computer systems.

"We don't bribe countries to make them behave in the markets, we don't punish countries by attacking them if they behave badly in the markets," said Borg, an economist. "The main thing that keeps international economics honest is that if you aren't playing by the rules, you get shut out."

Borg suggested that Western nations consider blocking Russia from taking part in international trade pacts, meetings or treaties.

"We need to change the game," Borg said. "Otherwise the problem will get worse."
In a boat at sea one of the men began to bore a hole in the bottom of the boat. On being remonstrating with, he answered, "I am only boring under my own seat." "Yes," said his companions, "but when the sea rushes in we shall all be drowned with you."

BridgeTroll

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 13362
  • The average person thinks he isnt
    • London Bridge Pub
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #1 on: December 20, 2016, 08:14:03 AM »
Here is another...

http://foreignpolicy.com/2016/10/12/how-to-win-the-cyber-war-against-russia/

Quote
VOICE
How to Win the Cyberwar Against Russia
Vladimir Putin’s brazen attack on U.S. democracy demands that the Obama administration respond with a firm hand.
BY JAMES STAVRIDIS OCTOBER 12, 2016

The basic facts about Russia’s election-year hacking of the American political system are clear. For more than a year, the Russian government has repeatedly infiltrated the computers of both parties’ presidential campaigns to steal data and emails to influence the outcome of the election. In response, the Obama administration has promised a “proportional” response against Russia.

What’s much less clear is what a “proportional” response could mean. This is an unprecedented situation for the American national security establishment — which means the Obama administration’s response will set a precedent for future foreign-directed cyber-plots.

The first thing the U.S. government will have to determine is whether the Russian actions rise to the level of an attack — something that would require a direct U.S. response. There are many examples of cyber-infiltration that fall short of that designation, qualifying rather as nuisance activities or even garden-variety espionage. The activities in question, however, cross an important political and operational threshold by attempting to influence the American public on behalf of one of the candidates for the presidency. Most egregiously, the release of internal Clinton campaign emails violates a wide variety of U.S. laws, and the potential release of material related to her email server investigation late in the campaign season could have extraordinary impact on the election.

These are actions that affect the heart of the U.S. democratic process. They may not exhibit physical damage of the sort that we saw in North Korea’s attack on Sony Pictures, which did millions of dollars of damage to hardware. But the political and symbolic meaning of Russia’s actions nonetheless elevate them to something requiring a response.

When an attack has been identified, the next step is to attribute it — to determine whom to hold responsible. U.S. intelligence officials seem to have already done this, at least to the satisfaction of the White House. But it’s worth remembering that attribution is especially challenging in the world of cyber-conflict. The Russians have managed to cling to a veneer of deniability, at least in public, by relying on a clever pattern of cut-out agents, ranging from Russian cyber-criminals to WikiLeaks founder Julian Assange. This is a version of the hybrid warfare we’ve seen used so effectively in the attacks in Ukraine and the annexation of Crimea — essentially using the cyber-equivalent of the unmarked soldiers (so-called little green men) that led the fight into Ukraine.

After attribution, the final step is to craft a response. The cybersphere is not immune to the universal legal norms that require a nation to respond to an attack in proportional fashion. In other words, you can’t destroy the Russian electric grid in response to email hacks. From a strategic perspective, the response should also be timely (although at a time and place of the responder’s choice) and distinctive — that is, it should bear a clear and specific relationship to the original attack that is recognizable to all.

With all this in mind, there are a variety of responses that the Obama administration should be considering against Russia.

The first response should be a definitive exposure of the Russian government’s presumably high-level involvement in the attacks. The U.S. case against Russia may be convincing, but the White House has chosen so far to keep parts of it classified.The U.S. case against Russia may be convincing, but the White House has chosen so far to keep parts of it classified. Revealing the names of the officials who authorized the cyberattacks against the United States would put Moscow in an extremely uncomfortable position. Ideally, the United States could reveal emails or conversations between Russian officials that demonstrated their intent to undermine the U.S. electoral process. Such revelations would likely lead to U.N. condemnations and further economic sanctions against Russia, inflicting additional damage to its economy. They would also potentially expose U.S. intelligence sources and methods, but there are ways to sanitize the material to minimize those risks.

Second, the United States could undermine the Russian government’s reliance on a wide variety of cyber-tools to censor the web within its own country by exposing them to the public. While not actively manipulating the Russian web, the National Security Agency could “out” the code and tool sets used by the Kremlin, thus permitting activists (and citizens) to avoid the manipulation and censorship more effectively. As a response to the Russian attacks on the U.S. democratic system, this would be both proportional and distinctive.

A third and more aggressive approach would be to use U.S. cyber-capabilities to expose the overseas banking accounts and financial resources of high-level Russian government officials, up to and including President Vladimir Putin, who is widely rumored to hold billions of dollars in offshore accounts shielded from his public. While Washington should refrain from destroying or manipulating financial records, which would be an escalation, simply exposing the level of corruption among the officials who authorized the political cyberattacks in the United States would be strategically and morally sound.

Fourth, the United States could use its own offensive cyber-tools to punish Russian hackers by knocking them off-line or even damaging their hardware. This response would be open to objections that it represents an unwarranted escalation. But under prevailing international law, if a nation has information of a nexus of offensive activity, has requested it to stop, and the offending nation declines to do so, that offensive center is liable for attack. The burden of proof for attribution would be higher in crafting such a response; it would be viable only if Washington had definitive information on the command and control centers that launched the hacking activity. But given the brazen level of Russian activity, this at least warrants a serious discussion by the U.S. government.

Fifth, and finally, the United States should think about how our allies can be helpful in this situation. NATO partners have significant capability and could be helpful in much of this. All democratic nations have a stake in pushing back against this blatant interference in the democratic political process.All democratic nations have a stake in pushing back against this blatant interference in the democratic political process.

All of this should be done in a very careful, measured fashion. The potential for miscalculation and escalation is high. But that potential pertains both to a possible overreaction as well as an under-reaction by the U.S. government. The president and his senior national security and economic teams will have to seriously (but, hopefully, swiftly) deliberate on a course of action. And the NSA and U.S. Cyber Command should prepare to carry out whatever actions they settle on. (Whatever else happens, these events have already proved why it’s to everyone’s benefit that Cyber Command will soon be elevated by the military to the status of a full combatant command.)

An old Russian saying is: “Probe with bayonets. If you encounter steel, withdraw. If you encounter mush, continue.” The bayonets of today are the bits of the cybersphere. The United States needs to show some steel or face much worse to come.
In a boat at sea one of the men began to bore a hole in the bottom of the boat. On being remonstrating with, he answered, "I am only boring under my own seat." "Yes," said his companions, "but when the sea rushes in we shall all be drowned with you."

BridgeTroll

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 13362
  • The average person thinks he isnt
    • London Bridge Pub
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #2 on: January 06, 2017, 08:53:51 AM »
http://www.csoonline.com/article/3146642/security/playing-cyber-defense-is-not-enough-to-win.html

Quote
Playing cyber defense is not enough to win
Sometimes offensive attacks are a necessary part of the game
By Kacy Zurkus 
Writer, CSO | DEC 7, 2016 5:00 AM PT

While the San Francisco 49ers are leading the NFL in defense, the New Orleans Saints currently hold the number one slot for total offense. In the overall league rankings, though, neither of those two teams rank in the top 10.

What's the takeaway? Winning isn't strictly about strong offense or impenetrable defense. NFL league leaders advance to the top because they know how to balance the two; they know how to play the game.

To address the growing number of attacks on the US government and private sector systems, President-elect Donald Trump's cybersecurity plan aims to, "Develop the offensive cyber capabilities we need to deter attacks by both state and non-state actors and, if necessary, to respond appropriately."

The proposition begs the question of whether the security industry needs to consider whether preemptive, offensive cyber attacks are the wave of the future.

Jeff Bardin, CIO of Treadstone 71, said that counterstriking is being done to some degree, though quietly. "In cybersecurity, if the team is only focused on defense, they will never be able to score. They can't win the game," said Bardin.

Those using offensive attacks do so quietly because, "The cyber laws are not clearly defined," Bardin said. "The government makes counterstrikes because they are defending the country under the laws of warfare, but they won't defend against civilian infrastructure."

Private citizens have the right to defend themselves and their homes against criminals, but "If a person tries to break into your 'cyber house', the law hasn't been clearly defined," said Bardin.

If, however, offensive attacks are viewed through a cyber/property perspective, rather than a legal perspective or even a capabilities perspective, it is reasonable to believe that offensive hacks fall within the confines of the wider idea of self defense.

In their 2011 research paper, "Mitigative Counterstriking: Self-defense and Deterrence in Cyberspace," arguing for the use of active defense, Professor Jay P. Keban and Carol M. Hayes, University of Illinois wrote, "Passive defense methods are not used consistently enough to have a perfect deterrent effect, and are all but useless against attacks utilizing zero-day exploits."

The problem with commercial offensive cyber attacks is that no private enterprise wants to talk about (or admit to using) the strategy for fear of legal liability issues. Keban and Hayes argued, "Mitigative counterstriking is also legally justifiable under several areas of domestic and international law, and can be made consistent with other areas of law by amending the law or by reinterpreting it."

Dave Aitel, CEO and owner, Immunity, agreed that while the law is pretty clear in most cases, there has traditionally been some flexibility with interpreting it. "We’ve been using prosecutorial discretion to make it not such a big deal for when big companies break the law for what we think are pretty good reasons," Aitel said.

When Google played a little tit for tat with the Chinese, they weren't prosecuted. "On its face, what Google did was illegal," said Aitel. It's entirely possible but far less plausible that Google is not alone in its decision to retaliate against a known attacker.

Perhaps it is time for the larger industry to have an open and honest conversation about the proper and necessary role of offensive security and to consider broader interpretations of the law?

In a recent blog post, Aitel proposed, "We want to have a chilling effect on cyber economic espionage while providing the beginnings of the ability to deal with wide ranging international systemic threats such as the Mirai worm, leveraging the deep bench of penetration testing talent and resources available in the private sector to do this without impacting our intelligence community missions."

Aitel's proposition, if it comes to fruition, could create an arm of law enforcement that would build a reliable partnership between the government and the private sector.  Short of that happening, though, should enterprises be engaging in offensive attacks?

"I do believe we should do it. I think people are doing it, and a lot of people are putting structure around that," said Bardin. Because security in the commercial sector is largely about passive defense, those teams that rank top in defense aren't leading in the league overall.

"It's not working," said Bardin, "this passive defensive model of sit, wait stop, limit data. Most people don't properly build their infrastructure, most developers don't build security in."

From his experiences in law enforcement, serving as a CSO, and working as a security consultant, Larry Johnson, CSO, Cybersponse said, "Offensive is the last resort."

One concern with counter striking is that there is nothing definitive, said Johnson, so they could end up in a game of whac-a-mole. "Yes, you could wipe them out, but they could pop up somewhere else. Nothing is ever 100 percent offensive."

What's more important is being able to gather intelligence, which is best done by involving law enforcement. "You could really end up starting a cyberstorm, so I recommend always involving law enforcement, particularly because of de-conflication," said Johnson.

Conflict resolution demands concession, and in most cases diplomacy wins over many other tactics. "Law enforcement will work with the company and shortly thereafter they can go offensive, but I'd never go offensive without law enforcement," Johnson said.

Because security functions in nearly equal parts proactive and active mode, the best way to minimize potential damage is by limiting the human error through security awareness.

When those processes and procedures are in place, and they have an incident response plan, they can test them which will lead to important conversations. "They can talk about offensive attacks to disrupt attacks in process so that you know you are in compliance and that you have the right to do this or that," Johnson said.

The bigger challenge to winning the game is not in offense or defense as much as it is in planning. Johnson said, "If you plan for it and everyone has looked at it and signed off, you don't have to worry, but a lot of companies don't plan for it."

Because there seems to be some ambiguity in interpreting the law, aggressively responding might not be the most prudent path. Dana Simberkoff, chief compliance and risk officer at AvePoint, said that outside of attacking their attackers, there are lots of things enterprises can do to be proactive.

"Understand the data that you hold, the more valuable, the more likely you are to be attacked," Simberkoff said. Companies that collect more data than they need and keep it forever in the hopes that it will someday be useful are putting their data at greater risk.

"It's counterintuitive to best security practices. Even Snowden was not particularly creative. That should have been able to have been prevented," said Simberkoff. The mistakes aren't necessarily in the technical part of defense, but in the human errors.

"I've worked with privacy and security teams that definitely believe that responding in an aggressive way is the approach they should take, but I still feel like most vulnerabilities can be addressed by education and good policies and procedures," Simberkoff said.

That's why the teams that are topping the ratings charts in the NFL aren't the ones who are ranking first in either offense or defense. They are the ones that are holistically playing a better game.
In a boat at sea one of the men began to bore a hole in the bottom of the boat. On being remonstrating with, he answered, "I am only boring under my own seat." "Yes," said his companions, "but when the sea rushes in we shall all be drowned with you."

BridgeTroll

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 13362
  • The average person thinks he isnt
    • London Bridge Pub
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #3 on: January 06, 2017, 08:56:06 AM »
In a boat at sea one of the men began to bore a hole in the bottom of the boat. On being remonstrating with, he answered, "I am only boring under my own seat." "Yes," said his companions, "but when the sea rushes in we shall all be drowned with you."

BridgeTroll

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 13362
  • The average person thinks he isnt
    • London Bridge Pub
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #4 on: January 06, 2017, 09:21:16 AM »
<a href="https://www.youtube.com/v/X5P-VYxPNrk?list=PLfaSGHp0IgDBzfD8dnJ3CpklC2vNkbtiD" target="_blank" class="new_win">https://www.youtube.com/v/X5P-VYxPNrk?list=PLfaSGHp0IgDBzfD8dnJ3CpklC2vNkbtiD</a>

In a boat at sea one of the men began to bore a hole in the bottom of the boat. On being remonstrating with, he answered, "I am only boring under my own seat." "Yes," said his companions, "but when the sea rushes in we shall all be drowned with you."

BridgeTroll

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 13362
  • The average person thinks he isnt
    • London Bridge Pub
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #5 on: January 09, 2017, 09:46:46 AM »
<a href="https://www.youtube.com/v/33R-W8foNlo" target="_blank" class="new_win">https://www.youtube.com/v/33R-W8foNlo</a>

In a boat at sea one of the men began to bore a hole in the bottom of the boat. On being remonstrating with, he answered, "I am only boring under my own seat." "Yes," said his companions, "but when the sea rushes in we shall all be drowned with you."

BridgeTroll

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 13362
  • The average person thinks he isnt
    • London Bridge Pub
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #6 on: January 12, 2017, 03:23:59 PM »
How to Stop Your Home From Being Hacked

Billions of new objects are being connected to the internet of things (IoT), and it’s going to change your life.

However, if you are not careful, this change may not be in the positive way that is expected.

As more home devices get connected to the internet, new doors get opened for hackers to potentially access your personal information. Any hacking of this data could have dire consequences to your personal life, career, or financial security.

Today’s infographic from RefiGuide gives context around IoT hacking, including the range of security concerns created by new IoT devices and suggestions on how you can protect yourself.

IOT HACKING ISN’T NEW

Did you know that former Vice President Dick Cheney had a Wi-Fi enabled pacemaker? His cardiologist disabled this feature in 2007 to ensure that hackers couldn’t control his heartbeat. While this seems like the plot from the TV series Homeland (it was), that doesn’t make it any less possible.

Internet security experts have been warning for years about the dangers of a more connected world. To date, we’ve seen the following examples of IoT hacks:

Jeep recalled 1.4 million vehicles after it was proven they could be hacked remotely
Same goes for a Ford Escape, using a physical connection and laptop
Over 100k IoT devices were used to block traffic to sites such as Twitter and Netflix in a DDoS attack
Samsung “smart fridges” were found to leave Gmail login credentials vulnerable to hackers
Despite thousands of new IoT devices hitting the market, the fact is that many lack sufficient encryption features. This makes them particularly vulnerable.

Further, connected devices provide multiple entrances for would-be hackers: the device, connected devices, data centers, and communication channels are all possible access points.

HOW TO PROTECT YOURSELF

Until manufacturers are able to guarantee that basic cybersecurity measures are in place for new IoT devices, there are a few ways you can protect yourself.

First, make strong passwords for your router and connected devices, and consider disabling them when you are away from home for extended periods of time. Don’t connect devices that you don’t need – consider holding off on your Wi-Fi connected “smart fridge” until it is something you truly need.

Next, create segmented networks at home for your IoT devices, PC and mobile, and guests. Give each of them different tiers of access, such that someone hacking the IoT network will not be able to tap into your personal data.

Lastly, keep your router firmware up-to-date. This is the programming it uses to function, and regularly updating firmware (either automatically or manually) means that it will be less vulnerable to hacks.

http://www.visualcapitalist.com/stop-home-iot-hacking/

In a boat at sea one of the men began to bore a hole in the bottom of the boat. On being remonstrating with, he answered, "I am only boring under my own seat." "Yes," said his companions, "but when the sea rushes in we shall all be drowned with you."

aldermanparklover

  • Sr. Member
  • ****
  • Posts: 289
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #7 on: January 12, 2017, 06:26:24 PM »
U want cyber security? STOP using closed source software.

NO MORE MICROSOFT, APPLE IOS, etc.

Go GNU

BridgeTroll

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 13362
  • The average person thinks he isnt
    • London Bridge Pub
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #8 on: January 19, 2017, 02:03:22 PM »
http://www.visualcapitalist.com/cybersecurity-threat-insiders-outsiders/

What is the Greatest Cybersecurity Threat: Insiders or Outsiders?
JEFF DESJARDINS   on January 16, 2017 at 12:28 pm

Quote
In a short two years, it is safe to say that the prospect of cybercrime has suddenly shifted to be a top concern for many decision makers around the world.

It started with the explosive hacks that rocked companies like Sony, JP Morgan, Target, and other well-known brands. More recently, it was the release of thousands of hacked emails from the DNC and John Podesta, along with the allegations of Russian hacking, that has led the news cycle.

As a result, it is not surprising that much of today’s narrative on cybercrime is centered around the devastating potential of external threats to countries or businesses. The reality is, however, that there is a whole other side of things to consider.

ARE INSIDERS OR OUTSIDERS THE GREATEST CYBERSECURITY THREAT?

While external threats like cybercriminals or hackers are an ongoing concern for organizations, it is actually malicious insider attacks that tend to cause the most damage on average (in terms of costs).

Today’s infographic from Digital Guardian explains the differences, methods, and typical costs associated with each kind of cybersecurity threat.


Quote
Is it insiders or outsiders that pose the greatest threat to organizations? The answer seems to be both, and for very different reasons.

INSIDERS OR OUTSIDERS?

Outside threats such as cybercriminals, nation state-sponsored attacks, competition-sponsored attacks, and hacktivists are certainly more sophisticated in their approaches, but they also lack the credentials and information that insiders may hold. For that reason, the most likely root cause of data breaches involve both insider and outsider threats together.

Strictly in terms of costs, it’s malicious insider attacks that pose the biggest cybersecurity threat to organizations. When weighted for attack frequency, the average annualized cost of such an attack is $144,542 per year according to the Ponemon Institute.

This puts it above DoS attacks, but by a relatively small margin:

Type of cyberattack           Avg. cost per attack, weighted by frequency

Malicious insiders                                      $144,542
Denial of services                                      $126,545
Web-based attacks                                     $96,424
Phishing & social engineering                        $85,959
Malicious code                                           $81,500
Stolen devices                                           $33,565
Malware                                                   $7,378
Viruses, worms, trojans                                $1,900
Botnets                                                    $1,075   

In a boat at sea one of the men began to bore a hole in the bottom of the boat. On being remonstrating with, he answered, "I am only boring under my own seat." "Yes," said his companions, "but when the sea rushes in we shall all be drowned with you."

aldermanparklover

  • Sr. Member
  • ****
  • Posts: 289
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #9 on: January 19, 2017, 04:09:52 PM »
Can we just go back to using only cash and checks now ... ?

carpnter

  • Hero Member
  • *****
  • Posts: 602
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #10 on: January 19, 2017, 06:36:09 PM »
U want cyber security? STOP using closed source software.

NO MORE MICROSOFT, APPLE IOS, etc.

Go GNU

Using Open Source software does not suddenly make you secure. 

BridgeTroll

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 13362
  • The average person thinks he isnt
    • London Bridge Pub
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #11 on: January 19, 2017, 07:19:59 PM »
True
In a boat at sea one of the men began to bore a hole in the bottom of the boat. On being remonstrating with, he answered, "I am only boring under my own seat." "Yes," said his companions, "but when the sea rushes in we shall all be drowned with you."

BridgeTroll

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 13362
  • The average person thinks he isnt
    • London Bridge Pub
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #12 on: January 25, 2017, 03:54:38 PM »
http://www.bbc.com/news/technology-38724082

Quote
Massive networks of fake accounts found on Twitter
24 January 2017

Massive collections of fake accounts are lying dormant on Twitter, suggests research.
The largest network ties together more than 350,000 accounts and further work suggests others may be even bigger.
UK researchers accidentally uncovered the lurking networks while probing Twitter to see how people use it.
Some of the accounts have been used to fake follower numbers, send spam and boost interest in trending topics.

Hidden purpose

On Twitter, bots are accounts that are run remotely by someone who automates the messages they send and activities they carry out. Some people pay to get bots to follow their account or to dilute chatter about controversial subjects.
"It is difficult to assess exactly how many Twitter users are bots," said graduate student Juan Echeverria, a computer scientist at UCL, who uncovered the massive networks.
Mr Echeverria's research began by combing through a sample of 1% of Twitter users in order to get a better understanding of how people use the social network.
However, analysis of the data revealed some strange results that, when probed further, seemed to reveal lots of linked accounts, suggesting one person or group is running the botnet. These accounts did not act like the bots other researchers had found but were clearly not being run by humans.
His research suggests earlier work to find bots has missed these types of networks because they act differently to the most obvious automated accounts.
The researchers are now asking the public via a website and a Twitter account to report bots they spot to help get a better idea of how prevalent they are. Many bots are obvious because they have been created recently, have few followers, have strange user names and little content in the messages.
The network of 350,000 bots stood out because all the accounts in it shared several subtle characteristics that revealed they were linked.

These included:

-tweets coming from places where nobody lives
-messages being posted only from Windows phones
-almost exclusively including quotes from Star Wars novels

It was "amazing and surprising" to discover the massive networks, said Dr Shi Zhou, a senior lecturer from UCL who oversaw Mr Echeverria's research.
"Considering all the efforts already there in detecting bots, it is amazing that we can still find so many bots, much more than previous research," Dr Zhou told the BBC.
Twitter deserved praise for its work on finding and eliminating bots, he added, but it was clear that skilled hackers had found ways to avoid official scrutiny and keep the bots ticking over.
The pair's most recent work had uncovered a bigger network of bots that seemed to include more than 500,000 accounts.

"Their potential threats are real and scary due to the sheer size of the botnet," he said.
It was hard to know who was behind the collections of fake accounts, said Dr Zhou, although there was evidence that a small percentage of the accounts had been sold or rented as they were now following Twitter users outside the main bot network.
"What is really surprising is our questioning on the whole effort of bot detection in the past years," said Dr Zhou. "Suddenly we feel vulnerable and don't know much: how many more are there? What do they want to do?"
A Twitter spokesman said the social network had clear policy on automation that was "strictly enforced".
Users were barred from writing programs that automatically followed or unfollowed accounts or which "favourited" tweets in bulk, he said.
Automated responses "degraded" the experience for other users and was prohibited, he added.
"While we have systems and tools to detect spam on Twitter, we also rely on our users to report spamming," he said.
In a boat at sea one of the men began to bore a hole in the bottom of the boat. On being remonstrating with, he answered, "I am only boring under my own seat." "Yes," said his companions, "but when the sea rushes in we shall all be drowned with you."

BridgeTroll

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 13362
  • The average person thinks he isnt
    • London Bridge Pub
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #13 on: February 24, 2017, 10:13:19 AM »
https://www.thecipherbrief.com/article/tech/cyber-proxies-central-tenet-russias-hybrid-warfare-1092?

Quote
Cyber Proxies: A Central Tenet of Russia’s Hybrid Warfare
FEBRUARY 24, 2017 | LEVI MAXEY

Cyber operations remain at the forefront of confrontations between the West and Moscow as relations between them continue to deteriorate. Russia initially asserted itself in 2007 with “patriotic hackers” launching a volley of distributed denial of service  (DDoS) attacks on Estonian systems. Then in 2008, cyber attacks preceded the Russo-Georgian war, and again in 2014 before Russian annexation of Crimea and large swaths of eastern Ukraine.

Throughout this period, Russian President Vladimir Putin and his Kremlin cohort have shown a capacity for hybrid warfare, a blend of conventional, irregular, and cyber warfare. The term describes a way of approaching geopolitical relations with subtle deception and information operations backed by military might. This is a modern twist on Soviet-era “active measures,” – intelligence agencies’ movement beyond mere collection into disinformation, subversion, and use of proxy organizations, political parties, and criminals to expand Russian influence. The term hybrid warfare can be so broadly applied that it almost becomes meaningless, but two of its central tenets – the use of proxies and cyber attacks for plausible deniability – are worth exploring in the Russian context.

So how does the Kremlin work through proxies in cyberspace, and what is the character of its relationships with those entities?

Sarah Geary, a senior analyst on FireEye’s Horizons team, argues “the Russian government itself is advanced in its cyber capabilities, but it also has access to Russian hackers, hacktivists, and the Russian media. These groups disseminate propaganda on behalf of Moscow, develop cyber tools for Russian intelligence agencies like the FSB and GRU, and hack into networks and databases in support of Russian security objectives.”

The involvement, according the U.S. intelligence, of state-sponsored proxies in last year’s Democratic National Committee breach is apparent in the sanctions placed on Russian individuals and institutions in December. Not only are two Russian intelligence agencies, the FSB and the GRU, and their leadership listed, so are two individuals, Alesksey Belan and Evgeniy Bogachev, as well as three private institutions, for providing technical assistance to Russian intelligence.

For example, code from the Zeus malware allegedly developed by Bogachev to steal banking credentials also appeared in a number of spear-phishing emails as part of Russia’s politicized hacking campaign. Known criminal infrastructure, such as King Servers, acted as a launch pad for numerous political hacks in the United States, including the DNC breach. In another instance, the Kremlin’s technology conglomerate, Rostek, contracted Alexander Vyarya, a programmer working at the time for the Russian cybersecurity firm Qrator, to amplify DDoS attacks, not to mitigate them. Once he witnessed the disruptive program tested on Ukraine’s Defense Ministry, Vyarya fled to Finland, seeking asylum.

Geary argues, “Russian-language hackers are the main proxy group working with Russian intelligence on cyber operations. The government usually allows cybercriminals to operate from Russia as long as the criminals do not go after Russian targets. This impunity gives the government leverage over hackers for their cooperation in developing malware or pursuing targets Russian government targets.” For example, Dmitry Dokuchayev, a former criminal hacker known as Forb, agreed to work for the FSB in order to avoid prosecution for credit card fraud.

However, it is not clear to what degree the Kremlin directs these proxies. Many of these examples are circumstantial – anyone can commandeer malware for their own use, hijack criminal infrastructure to launch attacks, or build an online persona to divert attention. These indicators do not, on their own, ascribe cyber operations to the Russian government, despite their use of proxies. Ed Cabrera, the Chief Cybersecurity Officer at Trend Micro and former Chief Information Security Officer at the Secret Service, argues “it is too much of a gray area and we get into a trap by saying all of these cybercriminals and all this activity is all state-sponsored.”

This inability to adequately differentiate between criminal and government activity in cyberspace may be the strategic environment the Kremlin actively seeks. Cabrera argues that “maybe they encourage this gray area because it creates a level of doubt for those that might be attacked by Russian cyber espionage groups. In other words, keeping their adversaries on their toes.”

“Ultimately,” Cabrera maintains, “asking who is working for whom is the better question. With the amount of money being made by these cybercriminal groups, it could be a corruption issue as well as a political and espionage issue.” The possibility of corrupt officials with specific skills moonlighting as cybercriminals for extra income is high in any country, let alone Russia, a country run through semi-official liaisons alongside burgeoning crime. Cabrera points out that “there have been proxies from a physical espionage perspective for years, either through companies, criminal groups, or other countries – it’s normal. It appears, however, to be a newer phenomenon to work with or through proxies in cyberspace.”

But while digital forensics are unable to adequately attribute proxies, both technical and traditional intelligence are capable of bridging the gap. Geary points out that “it is only by fleshing out the specific tactics, techniques, and procedures and cyber infrastructure of each proxy group, the relationships between the groups, and how the cyber operation fits in with their motivations that it becomes clearer who is ultimately behind a cyber incident.”

Ultimately, Geary maintains, “intelligence is key to attribution – particularly in this tangled web of Russian cyber proxies.”
In a boat at sea one of the men began to bore a hole in the bottom of the boat. On being remonstrating with, he answered, "I am only boring under my own seat." "Yes," said his companions, "but when the sea rushes in we shall all be drowned with you."

BridgeTroll

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 13362
  • The average person thinks he isnt
    • London Bridge Pub
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #14 on: March 01, 2017, 10:38:51 AM »
https://www.thecipherbrief.com/article/tech/tallinn-manual-20-stepping-out-fog-cyberspace-1092

Quote
Tallinn Manual 2.0: Stepping Out of the Fog in Cyberspace
MARCH 1, 2017 | LEVI MAXEY

Cyberspace is often portrayed as a new domain of international relations – a Wild West where there are no rules or guiding principles to govern the behavior of states. Such perceptions of anarchism have bred uncertainty over what is or is not acceptable activity among governments. This often leads to brash accusations of cyber attacks meeting the threshold of an act of war. At the same time, the blurred distinction between offensive and defensive capabilities in cyberspace creates a security dilemma, fueling a destabilizing cyber arms race.

Fortunately, there are hundreds of years of international law that can put norms surrounding cyberspace into motion. However, where does international law apply to countries’ operations in cyberspace, and what can states do to mitigate uncertainty surrounding cyber operations that lead to a potentially destabilizing cyber arms race?

The effort to place cyber activity firmly within international law first began after a series of denial of service attacks targeting Estonian sites in 2007, and then again in Georgia in 2008. Following these campaigns, primarily Euro-Atlantic countries congregated in Tallinn, Estonia, to establish the NATO Cooperative Cyber Defence Centre of Excellence, a multinational hub of cyber defense and international law expertise.

Led by Michael Schmitt, a Professor at the U.S. Navel War College, the Centre published the Tallinn Manual on the International Law Applicable to Cyber Warfare in 2013. Now known as Tallinn 1.0, the manual sought to create legal clarity over the use of cyber capabilities in war. While high-risk, such instances are ultimately unlikely, with the few potential exceptions of the Stuxnet worm discovered sabotaging Iran’s nuclear ambitions in 2010 and the disk-wiping malware destroying over 35,000 computers belonging to oil giant Saudi Aramco in 2012. Furthermore, having a manual that solely explored cyber activity during wartime could alone be destabilizing – hammers only see nails if the sole question is whether a cyber attack constitutes an act of war or not.

Therefore, Schmitt, and a more diverse group of international law experts, including some from countries such as China, Japan, and Thailand – as well as contributions from over 50 states through the Hague – endeavored to create Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations to explore the international legal landscape of cyber activity during peacetime – launched last month at the Atlantic Council in Washington. Wolff Heinstchel von Heinegg, the Chair of Public Law at the Europa-Universität Viadrina and one of the legal experts who worked on both Manuals, argues “the Tallinn Manual 2.0 is an honest effort aimed at identifying the legal principles and rules applicable to cyberspace, which is to provide political leaders, operators and others a basis for evaluation of the legality of their cyber operations.” Tallinn 2.0 finds that there is a robust body of language governing cyber operations already, providing 154 “black letter” rules governing activity in cyberspace.

However, while experts where able to unanimously agree on the wording of such rules, their interpretation and application remain contentious, as shown in the different views displayed in the manual’s commentary. Where disagreement emerges should signal a focus for states moving forward in establishing international norms in cyberspace. Under international law, for instance, states cannot direct attacks on “civilian objects,” as it would constitute a war crime, but is data considered an “object”? While the manual maintains that it is not – simultaneously asserting that “essential civilian functions” are off limits – it suggests that doing so opens the door for states to interpret the law of sovereignty differently, therefore creating a legal gray area.

For example, with the breach of the Democratic National Committee in the lead-up to last year’s U.S elections fresh in mind, some would argue that the attack constituted a coercive intervention into U.S. domestic affairs, as it manipulated the democratic process in ways it was not meant to be, and therefore breached the law of sovereignty. Others, however, would argue that the DNC hack and subsequent leaks do not constitute coercive intervention in U.S. domestic affairs as it was truthful information being provided to a liberal electorate.

While this legal gray zone is intentionally operated in by states, the United States should be wary of raising the standard of sovereignty in cyber operations, as doing so could restrict many U.S. actions in cyberspace. While espionage is not directly covered under international law, Rhea Siers, former Deputy Assistant Director for Policy at the National Security Agency, and Sharon Cardash, former Security Policy Advisor to Canada’s Minister of Foreign Affairs, note that expert opinions in Tallinn 2.0 “diverged on the question of remotely conducted computer network exploitation, which is the mainstay of intelligence organizations like the U.S. National Security Agency.”

“On this point, the manual notes that its participants ‘were incapable of achieving consensus as to whether remote cyber espionage reaching a particular threshold of severity violates international law,’” they say.

International law should not only be understood as restricting, but also clarifying avenues of response. The manual provides a framework in which states can react to cyber operations against them. Should an attack remain within the bounds of international law – for example, espionage operations such as the Office of Personnel Management breach – states can respond with retorsion, or an unfriendly yet legal action such as imposing sanctions. Should a state breach international law with a cyber attack, such as a sufficient infringement on sovereignty or targeting of critical infrastructure, the law of self-defense and proportionality kick in. For example, the United States could respond to an attack with countermeasures, or acts that would otherwise be unlawful, but are carried out in response to an unlawful act to return the original offender to a lawful course of action. This could include “hacking back,” such as responding to the Sony breach by targeting North Korea’s cyber infrastructure and proportionally disrupting their functions, or rather than responding in-kind with cyber, instead, block legal passage of North Korean sea vessels along American shorelines.

However, Heinstchel von Heinegg notes, “the problem with countermeasures in response to unlawful cyber attacks is attribution. Only if the cyber attack can be attributed to a given state with a strong level of certainty is it possible to resort to countermeasures against that state.” If attribution is wrong, the responding state will be in breach of international law and susceptible to countermeasures themselves.

The use of proxies to conduct cyber operations on behalf of states is important in this regard, as it blurs what is already a difficult process of attribution. Siers and Cardash note that “Tallinn 2.0 looks to the ways in which a state may or may not be "in effective control” of non-state actors, whereby “factors to consider include financing, equipping, and target selection.” Furthermore, should cyber attacks be launched from a third party, such as North Korea attacking U.S. systems from China, then the country being used as a launch-pad has a due diligence obligation – to the extent that is feasible – to halt serious attacks emanating from their territory. Should it not adequately fulfill this obligation, the third party – in this case China – could open itself up to countermeasures. Ultimately, the level of certainty in attribution demanded depends on the situation, while the policy response depends on the certainty of attribution.

So while establishing international norms in cyberspace – much like in any other domain – has proven challenging, the portrayal of cyberspace as an ungoverned domain, wholly outside the realm of established international law, is not only misleading, but undermines the very international norms states seek to establish. The more governments have a common understanding of how each other will operate in cyberspace, the less likely cyber operations will result in escalation.
In a boat at sea one of the men began to bore a hole in the bottom of the boat. On being remonstrating with, he answered, "I am only boring under my own seat." "Yes," said his companions, "but when the sea rushes in we shall all be drowned with you."