Author Topic: National CyberSecurity and Cyberhygiene starts with you  (Read 11508 times)

BridgeTroll

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 13364
  • The average person thinks he isnt
    • London Bridge Pub
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #15 on: May 04, 2017, 09:29:24 AM »
http://www.realcleardefense.com/articles/2017/05/04/cyber_wars_terror_trinity_means_motive_and_opportunity_111312.html

Quote
Cyber War’s Terror Trinity: Means, Motive, and Opportunity
By Ian Fairchild May 04, 2017

In March of 2003, I commanded an EC-130 Compass Call, an aircraft configured to perform tactical command, control, and communications countermeasures, over the skies of Iraq. My crew’s mission was to jam enemy communications and help allied forces preserve Iraq’s oil infrastructure. During these missions, we positioned ourselves some distance from the intended target, while an electronic warfare officer controlled jamming functions using a keyboard located in the back of the aircraft.

While this mission demonstrates how developments in cyber technology can be used to further US security interests, a little more than a decade later a young man named Junaid “TriCk” Hussain aligned himself with the Islamic State of Iraq and al-Sham (ISIS), and undertook his own form of electronic warfare. Sitting comfortably away from his targets, like my orbiting EC-130, he used a keyboard to launch attacks through cyberspace. Specifically, Hussain built “kill lists” of US military personnel and published them online. He leveraged the increasing power and reach of social media to call for terror attacks against Western interests. These brash moves quickly attracted the attention of the US government. Ultimately, an airstrike from an unmanned aircraft killed TriCk in 2015.

The most alarming piece of Hussain’s terrorism journey is not hacking Gmail accounts, helping lead the CyberCaliphate, or even publishing a kill list. Rather, it is his willingness to undertake the actions in the first place, and the ease with which he could do so. Hackers like TriCk, and those under his tutelage, seek to combine means, motive, and opportunity to exact harm. They operate free from the legal tethering of a nation state, obfuscate their computer code to hide their origin, and have utter disregard for human life. Put simply, Hussain’s actions prove a single keystroke can turn the unfathomable into reality. While Hussain is gone, many others like him threaten US security through cyber terrorism.

The means to conduct such an attack used to reside solely inside the minds of especially talented computer scientists, elite hackers, and well-resourced intelligence agencies. Today, the means are downloadable and online, lowering the barrier to entry. Search engines like Shodan, a platform for seeking out Internet-connected devices, facilitate the process of finding vulnerable infrastructure, including those within hospitals and utility companies. Once found, an attacker need only couple his or her discoveries with software such as Metasploit to launch a successful attack with relatively little skill.

Motivations are shifting. too. Terrorists no longer seek to negotiate, as might have been assumed prior to the attacks on September 11, 2001, when passengers on hijacked aircraft would likely comply with demands, under the longstanding presumption hijackers’ motives were not to destroy the plane, but rather to land and conduct a ground negotiation. On that day, nineteen terrorists, motivated by the intent to kill civilians and terrorize the United States, shattered this long-held paradigm.

US medical and transportation sectors still do not approach security from the point of view which assumes malevolent actors intend to exploit vulnerabilities and cause harm. Technology and distance emboldens criminals like Hussain to engage in previously unimaginable conduct, such as live-streaming rape and broadcasting murder. Yet somehow the notion of a sustained attack, via cyberspace, against patients in a large US hospital remains all but inconceivable. In fact, despite citing unsecure medical devices as a serious threat, less than 25 percent of respondents in a recent Ponemon Institute study crafted a strategy to address the issue.

The reality is, means and motivation will eventually unite with opportunity. Opportunity for attack abounds within especially vulnerable US medical and transportation sectors. One dismaying statistic: nine out of ten hospitals still use Windows XP, an antiquated operating system that Microsoft no longer supports, and that contains well-documented vulnerabilities. Likewise, security researchers have demonstrated automobile flaws which allow remote access to acceleration and brakes. Hackers have locked medical professionals out of critical hospital systems and demanded ransom, and attacked San Francisco’s Muni transportation system using similar tactics. 

For those who still think terrorists will not try to kill citizens in hospitals and transportation systems via cyberspace, Hussain’s activity should dispel these falsehoods and prompt all relevant stakeholders to action. Several organizations have responded accordingly. Last year, the Food and Drug Administration www.fda.gov/ucm/groups/fdagov-public/@fdagov-meddev-gen/documents/document/ucm482022.pdf">issued guidance for complying with post-market medical device regulations, the Presidential Commission on Enhancing National Cybersecurity met with a distinguished panel of advisers to discuss cybersecurity in healthcare and the protection of connected medical devices, and the Department of Health and Human Services formed a task force to address the same issue. Social media companies have also endeavored to temper hateful speech.

While laudable, these efforts are insufficient. They come to fruition in industries where incentives to secure infrastructure are misaligned or do not exist, and in settings lacking the resources to hire cybersecurity professionals. Overcoming these challenges and defending US citizens against the next Hussain will require collaborative partnerships between government and the private sector, a fundamental adjustment in existing healthcare and transportation structures, and a realization despicable tweets will likely give way to more motivated individuals conducting deliberate attacks.

Boundary-pushing ideas like software liability to hold manufacturers liable for software flaws and consumer device “nutrition labels” to help the public make informed choices on cybersecure products have the potential to propel stagnant industries towards addressing cybersecurity vulnerabilities. Still, it will take increased engagement between the private and public sectors to affect real change, in the same way such efforts to make seatbelts mandatory helped reduce fatalities on dangerous highways.

Hussain’s unbridled motivation completed the triumvirate required to take life via cyberspace. Undoubtedly, others will follow, almost certainly with more sinister goals. The means for attack are low-cost, easily obtainable, and will persist. The remaining task is to make the United States the land without opportunity.
In a boat at sea one of the men began to bore a hole in the bottom of the boat. On being remonstrating with, he answered, "I am only boring under my own seat." "Yes," said his companions, "but when the sea rushes in we shall all be drowned with you."

BridgeTroll

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 13364
  • The average person thinks he isnt
    • London Bridge Pub
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #16 on: May 12, 2017, 10:00:36 AM »
http://www.reuters.com/article/us-usa-trump-cyber-idUSKBN1872L9

Quote
Trump signs order aimed at upgrading government cyber defenses
By Dustin Volz | WASHINGTON

U.S. President Donald Trump signed an executive order on Thursday to bolster the government's cyber security and protect critical infrastructure from cyber attacks, marking his first significant action to address what he has called a top priority.

The order seeks to improve the often-maligned network security of U.S. government agencies, from which foreign governments and other hackers have pilfered millions of personal records and other forms of sensitive data in recent years.

The White House said the order also aimed to enhance protection of infrastructure such as the energy grid and financial sector from sophisticated attacks that officials have warned could pose a national security threat or cripple parts of the economy.

The directive, which drew largely favorable reviews from cyber experts and industry groups, also lays out goals to develop a more robust cyber deterrence strategy, in part by forging strong cooperation with U.S. allies in cyberspace.

White House homeland security adviser Tom Bossert said the order sought to build on efforts undertaken by the former Obama administration.

Among the notable changes, heads of federal agencies must use a framework developed by the National Institute of Standards and Technology to assess and manage cyber risk, and prepare a report within 90 days documenting how they will implement it.

'PRACTICE WHAT THEY PREACH'

The Obama administration had encouraged the private sector to adopt the voluntary NIST framework. But it did not require government agencies to do so, which opened it up to criticism as it frequently scrambled to respond to major hacks, such as the theft of more than 20 million personnel records from the Office of Personnel Management.

Government agencies would now "practice what they preach," Bossert told reporters during a White House briefing. "A lot of progress was made in the last administration, but not nearly enough."

Michael Daniel, who served as White House cyber security coordinator under former Democratic President Barack Obama, generally praised the order but said it was largely "a plan for a plan."

Trump, a Republican, has also asked agencies to review their federal workforce's cyber talent, an area where the government has faced a growing shortfall of qualified personnel in recent years.

The order calls for an examination of the impact of moving agencies toward a shared information technology environment, such as through cloud computing services. It also urges voluntary cooperation with the private sector to develop better strategies to fend off and reduce attacks from botnets, or networks of infected devices.

Before taking office, Trump said he intended to make cyber security a priority of his administration. But he has raised alarm among cyber security experts by frequently using a personal Twitter that could be hacked by an adversary. His skepticism of the conclusion by U.S. intelligence agencies that Russia hacked Democratic emails during the election to help him win has drawn criticism.

Russia has repeatedly denied assertions it used cyber means to meddle in the U.S. election.

Bossert said Russia's alleged hacks were not a motivation for the order, adding that "the Russians are not our only adversary on the internet."
In a boat at sea one of the men began to bore a hole in the bottom of the boat. On being remonstrating with, he answered, "I am only boring under my own seat." "Yes," said his companions, "but when the sea rushes in we shall all be drowned with you."

BridgeTroll

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 13364
  • The average person thinks he isnt
    • London Bridge Pub
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #17 on: May 12, 2017, 10:17:06 AM »
https://jamestown.org/program/russian-cyber-troops-weapon-aggression/

Quote
Russian ‘Cyber Troops’: A Weapon of Aggression
Publication: Eurasia Daily Monitor Volume: 14 Issue: 63
By: Sergey Sukhankin
May 11, 2017 06:03 PM Age: 15 hours

Speaking to the Russian parliament (Duma) last February, Russian Minister of Defense Sergei Shoigu announced the creation of “information operations troops” (“cyber troops”) within the Armed Forces. He emphasized that state “propaganda should be smart, accurate and effective” and that that these new formations “will be much more efficient than the ‘counter-propaganda’ department that operated during the Soviet period” (TASS, February 22). It is dubious, however, that the responsibilities of “cyber troops” will be reduced solely to “propaganda.” Rather, it seems that this unit is to become the main tool of Russia’s offensive cyber operations as a part of “information warfare.”

The official history of the Russian cyber troops goes back to 2012, when Dmitry Rogozin (at the time heading the Russian Foundation for Advanced Research Projects in the Defense Industry) addressed the issue publicly for the first time. In 2013, an anonymous source confided that formations of this kind had been established under the umbrella of the Russian Armed Forces (RBC, February 22), but at the time there was no solid evidence available. Then, in April 2015, the official state news agency TASS reported that a unit of Russian “information operations forces” were deployed to the territory of the Crimean Peninsula (TASS, April 17, 2015). Nonetheless, in the meantime, the Russian side continued to deny the existence of cyber troops. For instance, in January 2017, the first deputy director of the Russian Duma Defense Committee, Alexander Sherin, claimed that “Russia does not have such formations.” Similar statements were made by top-ranking Russian officials related to security and mass communications, such as Viktor Ozerov and Alexey Volin (Interfax, January 16). This silence was interrupted only by Defense Minister Shoigu’s official announcement in February.

Commenting on the main tasks of the cyber troops, Franz Klintsevych, a high-ranking member of the Russian Federation Council (upper house of parliament), identified the disclosure of subversive activities by foreign intelligence services in electronic, paper and TV media outlets. He suggested that the cyber troops would deal with such hacker attacks as their main responsibility. But this assessment fails to fully reflect the true essence and tasks of the new unit. According to Yaakov Kedmi—who used to head Nativ, the former Israeli intelligence service charged with facilitating the immigration of Jews from the Soviet Bloc—“cyber troops” exist in “all serious armies” and are subordinated to their respective defense ministries. Their main tasks are “propagandist” (propaganda and counter-propaganda) and “operational” (activities designed to distract the adversary by providing false information). Yet, he also highlighted that so-called “political propaganda” falls outside the range of responsibilities for such formations (Kommersant, February 22).

Another revealing bit of information on the secretive cyber troops can be found in research conducted by Zecurion Analytics, a Russian software company established in 2001. According to a report the firm published several months ago, Russia may be placed in the top five countries with the “most powerful” cyber troop units, in terms of the number of personnel employed (which Zecurion Analytics estimates at approximately 1,000) and financial expenditures (around $300 million per annum). The company’s head, Vladimir Ylianov, has stated that the main tasks of Russian “cyber troops” include espionage, cyber attacks, and informational warfare (Kommersant, January 1). This assessment, however, also may underestimate the real capabilities of these cyber forces. Thanks to introduction of so-called “research units,” Russian cyber defense is inseparable from the Armed Forces and its resources, which exponentially increases its offensive potential (see EDM, November 30, 2016).

A somewhat different opinion was expressed by pro-Kremlin cyber security specialist Igor Panarin. He hopes that the creation of the cyber troops will allow Russia to overcome its inferiority in the cyber domain compared to other countries, like the United States, and beef up its offensive capabilities. According to the expert, the 2008 Russian-Georgian War in fact demonstrated that Russian failed to act efficiently when it came to offense, and it instead relied on “defense and containment” in its cyber operations. Panarin suggested that unlike the Department of Information and Mass Communication, which was created under the umbrella of the Ministry of Defense in 2016 and tasked with defensive activities, the cyber troops—which could and should act in concert with the Federal Security Service (FSB) and the Foreign Intelligence Service (SVR)—will be specifically charged with conducting offensive operations in the “cyber sphere” (kiber prostranstvo) (Militarynews.ru, February 22). If accurate, this demonstrates Russia’s continuing development of offensive cyber capabilities and a delineation between “cyber” and “information” operations.

Panarin also outlined a number of supplementary steps Russia needs to take, which included the following elements (Vz.ru, February 28, 2017):

The establishment of a State Council (that is to include various governmental structures, public diplomacy organizations, media sources, representatives of business, political parties and non-governmental organizations) tasked with issues related to “information confrontation” (informatsionnoye protivoborstvo—understood as a struggle in the information sphere with the broad aim of achieving information dominance over one’s opponent);
The establishment of a position of a “Presidential Advisor” on information operations, tasked with the coordination of informational-analytical units connected with the “cyber troops,” the Ministry of Defense, FSB, Federal Protective Service (FSO), SVR and other key ministries;
The creation of a media holding—based on existing media resources of Russian TV Channel One, All-Russia State Television and Radio Broadcasting Company (VGTRK), RT and others—subordinated to the Ministry of Foreign Affairs of the Russian Federation. It is imperative to copy the US experience while implementing this initiative, Panarin alleged; and finally
The formation of separate centers of information operations pertaining to the FSB, FSO and SVR.
Panarin’s suggested program should be seen as an extremely ambitious and far-reaching strategy, fully complying with the steps and activities already conducted by the Russian side in the domain of cyber security and information operations. Within this development of the country’s cyber capabilities, the Russian cyber troops should be seen mainly as an offensive operations force, and not as a defensive mechanism.
In a boat at sea one of the men began to bore a hole in the bottom of the boat. On being remonstrating with, he answered, "I am only boring under my own seat." "Yes," said his companions, "but when the sea rushes in we shall all be drowned with you."

BridgeTroll

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 13364
  • The average person thinks he isnt
    • London Bridge Pub
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #18 on: May 15, 2017, 06:45:46 AM »
If you see this... you are infected...




Quote
12
MAY 17
U.K. Hospitals Hit in Widespread Ransomware Attack

At least 16 hospitals in the United Kingdom are being forced to divert emergency patients today after computer systems there were infected with ransomware, a type of malicious software that encrypts a victim’s documents, images, music and other files unless the victim pays for a key to unlock them.

It remains unclear exactly how this ransomware strain is being disseminated and why it appears to have spread so quickly, but there are indications the malware may be spreading to vulnerable systems through a security hole in Windows that was recently patched by Microsoft.

In a statement, the U.K.’s National Health Service (NHS) said a number of NHS organizations had suffered ransomware attacks.

“This attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors,” the NHS said. “At this stage we do not have any evidence that patient data has been accessed.”

According to Reuters, hospitals across England are diverting patients requiring emergency treatment away from the affected hospitals, and the public is being advised to seek medical care only for acute medical conditions.

NHS said the investigation is at an early stage but the ransomware that hit at least 16 NHS facilities is a variant of Wana Decryptor (a.k.a. “WannaCry“), a ransomware strain that surfaced roughly two weeks ago.

Lawrence Abrams, owner of the tech-help forum BleepingComputer, said Wana Decryptor wasn’t a big player in the ransomware space until the past 24 hours, when something caused it to be spread far and wide very quickly.

“It’s been out for almost two weeks now, and until very recently it’s just been sitting there,” Abrams said. “Today, it just went nuts. This is by far the biggest outbreak we have seen to date.”

For example, the same ransomware strain apparently today also hit Telefonica, one of Spain’s largest telecommunications companies. According to an article on BleepingComputer, Telefonica has responded by “desperately telling employees to shut down computers and VPN connections in order to limit the ransomware’s reach.”

An alert published by Spain’s national computer emergency response team (CCN-CERT) suggested that the reason for the rapid spread of Wana Decryptor is that it is leveraging a software vulnerability in Windows computers that Microsoft patched in March.

According to CCN-CERT, that flaw is MS17-010, a vulnerability in the Windows Server Message Block (SMB) service, which Windows computers rely upon to share files and printers across a local network. Malware that exploits SMB flaws could be extremely dangerous inside of corporate networks because the file-sharing component may help the ransomware spread rapidly from one infected machine to another.

That SMB flaw has enabled Wana Decryptor to spread to more than 36,000 Windows computers so far, according to Jakub Kroustek, a malware researcher with Avast, a security firm based in the Czech Republic.

“So far, Russia, Ukraine, and Taiwan leading,” the world in new infections, Kroustek wrote in a tweet. “This is huge.”

Abrams said Wana Decryptor — like many ransomware strains — encrypts victim computer files with extremely strong encryption, but the malware itself is not hard to remove from infected computers. Unfortunately, removing the infection does nothing to restore one’s files to their original, unencrypted state.

“It’s not difficult to remove, but it also doesn’t seem to be decryptable,” Abrams said. “It also seems to be very persistent. Every time you make a new file [on an infected PC], it encrypts that new file too.”

Experts may yet find a weakness in Wana that allows them to way to decode the ransomware strain without paying the ransom. For now, however, victims who don’t have backups of their files have one option: Pay the $300 Bitcoin ransom being demanded by the program.

Wana Decryptor is one of hundreds of strains of ransomware. Victims who are struggling with ransomware should pay a visit to BleepingComputer’s ransomware help forum, which often has tutorials on how to remove the malware and in some cases unlock encrypted files without paying the ransom. In addition, the No More Ransom Project also includes an online tool that enables ransomware victims to learn if a free decryptor is available by uploading a single encrypted file.

Update, May 13, 9:33 a.m.: Microsoft today took the unusual step of releasing security updates to fix the SMB flaw in unsupported versions of Windows, including Windows XP, Windows 8, and Windows Server 2003. See this post for more details.
In a boat at sea one of the men began to bore a hole in the bottom of the boat. On being remonstrating with, he answered, "I am only boring under my own seat." "Yes," said his companions, "but when the sea rushes in we shall all be drowned with you."

spuwho

  • Hero Member
  • *****
  • Posts: 5104
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #19 on: May 15, 2017, 08:28:55 AM »
As we used to say in the 1990's;

"Protect your floppy, before you copy"

BridgeTroll

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 13364
  • The average person thinks he isnt
    • London Bridge Pub
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #20 on: May 16, 2017, 08:24:05 AM »
https://motherboard.vice.com/en_us/article/dont-draw-the-wrong-conclusions-from-the-wannacry-ransomware-outbreak

Quote
The damage done was due to a cultural failure of corporate and government IT departments to deploy available security patches. In some measure that failure was driven by a lack of resources, driven in turn by a lack of understanding of the importance of computer and embedded systems security by management and politicians alike.
In a boat at sea one of the men began to bore a hole in the bottom of the boat. On being remonstrating with, he answered, "I am only boring under my own seat." "Yes," said his companions, "but when the sea rushes in we shall all be drowned with you."

Jason

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 4299
  • I am the man in the box...
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #21 on: May 16, 2017, 09:03:03 AM »
Perhaps this question is rhetorical but "Why can't we catch the *expletive deleted* that are collecting the money from these ransomware viruses?"

Some of these people have what appear to be official call centers to offer support and service to their "customers"!  Where are the tomahawk missles!?  :-)

BridgeTroll

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 13364
  • The average person thinks he isnt
    • London Bridge Pub
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #22 on: May 16, 2017, 09:53:34 AM »
I am sure we and others are trying.  Pseudo state sponsored criminals are hard to arrest... many countries do not have the resources.  Following the bitcoin isn't as easy as follow the money??
In a boat at sea one of the men began to bore a hole in the bottom of the boat. On being remonstrating with, he answered, "I am only boring under my own seat." "Yes," said his companions, "but when the sea rushes in we shall all be drowned with you."

BridgeTroll

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 13364
  • The average person thinks he isnt
    • London Bridge Pub
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #23 on: June 06, 2017, 10:30:02 AM »
http://nypost.com/2017/06/05/top-secret-nsa-doc-details-russian-election-hacking-effort-report/

Quote
Federal worker busted for leaking top-secret NSA docs on Russian hacking
By Chris Perez June 5, 2017 | 5:14pm



A 25-year-old Federal contractor was charged Monday with leaking a top secret NSA report — detailing how Russian military hackers targeted US voting systems just days before the election.

The highly classified intelligence document, published Monday by The Intercept, describes how Russia managed to infiltrate America’s voting infrastructure using a spear-phishing email scheme that targeted local government officials and employees.

It claims the calculated cyberattack may have even been more far-reaching and devious than previously thought.

The report is believed to be the most detailed US government account of Russia’s interference to date.

It was allegedly provided to the Intercept by 25-year-old Reality Leigh Winner, of Augusta, who appeared in court Monday after being arrested at her home over the weekend.

She was charged with removing and mailing classified materials to a news outlet, DOJ officials said.

“Releasing classified material without authorization threatens our nation’s security and undermines public faith in government,” Deputy Attorney General Rod J. Rosenstein explained in a statement. “People who are trusted with classified information and pledge to protect it must be held accountable when they violate that obligation.”

Winner, who works as contractor at Pluribus International Corporation, allegedly leaked the report in early May. A federal official told NBC News that she had, in fact, given it to the Intercept.

According to the document, it was the Russian military intelligence that conducted the cyber attacks last year.

Specifically, operatives from the Russian General Staff Main Intelligence Directorate, or GRU, are said to have targeted employees at a US election software company last August and then again in October.

While the name of the company is unclear, the report refers to an undisclosed product made by VR Systems — an electronic voting services and equipment vendor in Florida that has contracts in eight states, including New York.

The hackers were given a “cyber espionage mandate specifically directed at U.S. and foreign elections,” the report says.

On August 24, 2016, the group sent the employees fake emails, which were disguised as messages from Google. At least one of the workers was believed to be compromised.

In late October, the group established an “operational” Gmail account and posed as an employee from VR Systems — using previously obtained documents to launch another spear-phishing attack “targeting US local government organizations,” the report says.

According to the NSA, the hackers struck on either October 31 or November 1, sending spear-fishing emails to at least 122 different email addresses “associated with named local government organizations.”

They were also likely sent to officials “involved in the management of voter registration systems,” the report says.

The emails were said to have contained weaponized Microsoft Word attachments, which were set up to appear as unharmful documentation for the VR Systems’ EViD voter database — but were actually embedded with automated software commands that are secretly turned on as soon as the user opens the document.

The hack ultimately gave the Russians a back door and the ability to deliver any sort of malware or malicious software they wanted, the report says.

In addition, the NSA document also describes two other incidents of Russian meddling prior to the election.

In one, the hackers posed as a different voting company, referred to as “US company 2,” from which they sent phony test emails — offering “election-related products and services.”

The other operation was said to be conducted by the same group of operatives, and involved sending emails to addresses at the American Samoa Election Office, in the attempt to uncover more existing accounts before striking again.

It is ultimately unclear what came of the cyberattack, but the NSA report firmly states that the Russians had been intent on “mimicking a legitimate absentee ballot-related service provider.”

“It is unknown, whether the aforementioned spear-phishing deployment successfully compromised the intended victims, and what potential data could have been accessed by the cyber actor,” the NSA states of the result of the hacking.

While the government employees were only hit with simple login-stealing tactics, experts told the Intercept that such operations could prove even more dangerous than malware attacks in some instances.

VR Systems doesn’t sell voting machines, but holds contracts in New York, California, Florida, Illinois, Indiana, North Carolina, Virginia, and West Virginia — making it a prime target for those who want to disrupt the vote and cause chaos come election day.

“If someone has access to a state voter database, they can take malicious action by modifying or removing information,” Pamela Smith, president of election integrity watchdog Verified Voting, told the Intercept.

“This could affect whether someone has the ability to cast a regular ballot, or be required to cast a ‘provisional’ ballot — which would mean it has to be checked for their eligibility before it is included in the vote,” she said. “And it may mean the voter has to jump through certain hoops such as proving their information to the election official before their eligibility is affirmed.”

At least one US intelligence official admitted to the Intercept that the Russian hackers described in the NSA report could have disrupted the voting process on November 8, by specifically targeting locations where VR Systems’ products were in use. They cited the simple possibility of compromising an election poll book system, which could cause widespread damage in certain places.

“You could even do that preferentially in areas for voters that are likely to vote for a certain candidate and thereby have a partisan effect,” explained Alex Halderman, director of the University of Michigan Center for Computer Security and Society.

In response to the report, VR Systems’ Chief Operating Officer Ben Martin told the Intercept: “Phishing and spear-phishing are not uncommon in our industry. We regularly participate in cyber alliances with state officials and members of the law enforcement community in an effort to address these types of threats. We have policies and procedures in effect to protect our customers and our company.”
In a boat at sea one of the men began to bore a hole in the bottom of the boat. On being remonstrating with, he answered, "I am only boring under my own seat." "Yes," said his companions, "but when the sea rushes in we shall all be drowned with you."

BridgeTroll

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 13364
  • The average person thinks he isnt
    • London Bridge Pub
Re: National CyberSecurity and Cyberhygiene starts with you
« Reply #24 on: July 18, 2018, 02:57:22 PM »
In light of recent news... this is very On Target...  8)

https://thestrategybridge.org/the-bridge/2018/7/18/social-engineering-as-a-threat-to-societies-the-cambridge-analytica-case

SOCIAL ENGINEERING IS A THREAT TO POLITICAL STABILITY AND FREE, INDEPENDENT DISCOURSE.
In a boat at sea one of the men began to bore a hole in the bottom of the boat. On being remonstrating with, he answered, "I am only boring under my own seat." "Yes," said his companions, "but when the sea rushes in we shall all be drowned with you."