Espionage against the US Continues, Even After the Cold War

Published with Permission by:
Lint, James R., “Espionage against the US Continues, Even After the Cold War”, In Homeland Security, 21 July 2017, Web, https://inhomelandsecurity.com/espionage-against-the-us-continues-even-after-the-cold-war/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

This article is the first in a series on espionage.

There are still people who think of espionage as part of the old Cold War and in the past. The reality is that espionage is all around us.

It’s widely assumed that foreign espionage is focused solely on the U.S. military and State Department to gain insight on military actions and foreign policy. Sadly, that thinking is also incorrect.

Foreign espionage agents not only target the military’s current actions and future movements, but also military research and development (R&D) to learn what emerging technologies are a potential threat to their hostile countries. R&D information is stolen to protect or strengthen the countries that steal it.

Spying Is a Way to Understand Foreign Politics and Increase Wealth

Espionage is also a way for nation-states to understand the current geopolitical situation and to prevent wars. Some countries, however, commit economic espionage to increase their wealth by targeting information that can expose national or industrial intentions and capabilities.

The FBI reports that “as a result of a string of high-profile espionage arrests by the FBI and its partners, the press dubbed 1985 as the ‘Year of the Spy.’” With a string of apprehensions, hostile nations were put on notice that espionage against the United States would not be tolerated; spies who were caught would be sentenced to long prison terms or deported.

The string of arrests in 1985 was a blow to those hostile countries – mainly China and the Soviet Union – because the apprehensions shut down some of their intelligence gathering into U.S. intentions.

At the same time, it is often counterproductive to arrest espionage agents because U.S. intelligence agencies then have the always difficult task of identifying and capturing their replacements. It’s no wonder that U.S. counterintelligence agents often prefer to leave foreign agents in place and provide them with false intelligence or, even better, turn them against their own country.

The “Year of the Spy” was a good reminder to the public and to our enemies that we know espionage agents operate against the United States. The publicity surrounding the spies’ arrests helped educate the next generation of homeland security, military and intelligence professionals and provided memorable case histories for instructors to use as real-world espionage examples.

What Is the Current Espionage Situation in the US?

In a March 2016 speech to the conservative Heritage Foundation, Mike Rogers, former head of the House Intelligence Committee, stated that there are more spies in the United States today from foreign nation-states than at any time in our history — including the Cold War. “And they’re stealing everything. If it’s not bolted down, it’s gone,” Rogers said. “And if it’s bolted down, give them about an hour — they’ll figure out how to get that, too.”

In 2012, Foreign Policy magazine reported that several thousand foreign intelligence officers operate openly in Washington, D.C., from dozens of embassies and international organizations.

What few people realize is that we have little privacy or rights from foreign intelligence agencies. The Russians have targeted U.S. political and military intelligence organizations for many decades. Chinese spies target intellectual property in addition to political and military intelligence. While the Russians send skilled intelligence officers, China often relies on people untrained in espionage, but who have access to targeted information or to those who know how to gain that access.

Recent Successes in Hostile Espionage

The Chinese intelligence service created what is known in spycraft as a “honey trap” for 59-year-old Benjamin Bishop, a married defense contractor with a top-secret security clearance. Bishop was a retired lieutenant colonel working at the U.S. Pacific Command in Hawaii when he met a 27-year-old Chinese national in the U.S. on a student visa. Bishop provided her with numerous classified documents during their three-year affair.

“In court, Bishop’s attorney, Birney Bervar, characterized the couple’s exchange of secret information as an act of love, not espionage,” Foreign Policy reported.

But in 2014, a military court in Honolulu sentenced Bishop to more than seven years in prison “for passing national defense secrets to his Chinese girlfriend and illegally keeping numerous classified documents at his home,” according to the Reuters news agency.

Similarly, former NSA contractor Edward Snowden and U.S. Army soldier Chelsea Manning conducted espionage or participated in the loss and distribution of classified information to non-cleared actors, including foreign intelligence services. Distributing classified information to the public or anyone without proper security clearance is a crime. Some people call this action the “insider threat,” but it mostly falls under theft and espionage.

This article was adapted from my article, “The Espionage Threat Is Real: Strategies for the Next Insider Task Force.” That article placed second in the Military Writers Guild 2017 Competition.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

No Holiday Season Break for CES Tech Show Preparations

Published with Permission by:
Lint, James R., “No Holiday Season Break for CES Tech Show Preparations”, In Cyber Defense, 14 December 2017, Web, https://incyberdefense.com/featured/no-holiday-break-ces-preparations/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 InCyberDefense and Contributor, In Homeland Security

CES, the gathering convention for people thriving in the consumer technology business, begins in 30 days’ time in Las Vegas.

This annual trade show has been the proving ground for innovators and breakthrough technologies for 50 years. CES introduces next-generation innovations to the marketplace. Hosted by the Consumer Technology Association (CTA), CES collects the world’s business leaders and pioneering thinkers.

This year’s show starts on January 9, 2018, and runs for a full week. Last year, CES attracted 184,000 attendees from all over the world, including global technology industry leaders from 150 countries.

In 2017, CES drew a wide variety of attendees, including:

  • Fortune 500 company executives
  • Manufacturers
  • Retailers
  • Venture capitalists
  • Engineers
  • Government officials
  • Advertising and marketing executives
  • Media sources

Size of CES Requires Ample Preparation

You do not get 184,000 attendees into one convention center without a lot of preparation and planning. Tech firm exhibitors and event planners begin preparations long before the show opens because the logistics involved are extensive.

To assist participants get ready for the show, CES provides a checklist for exhibitors that includes pages of requirements that need to be met starting in October.

The Reach and Breadth of CES

CES is a platform for innovators to build their brands. Almost every major technology company participates in CES in some way — by exhibiting, speaking, sponsoring, attending or holding co-located events and business meetings.

Show Content Spotlights Diversity of Technology

At CES, content and learning opportunities are available regarding diverse elements of technology, including 3D printing, digital imaging/photography, robotics and drones. Attendees can also pick up new information on sensors, augmented and virtual reality, electronic gaming, smart homes, audio, fitness and sports.

There are booths and displays for startup companies, as well as for major manufacturers whose names have become household words. Visitors will see innovations in:

  • Communications infrastructure
  • Health and biotech
  • Vehicle technology
  • Computer hardware/software/services
  • Internet
  • Video
  • Content creation and distribution
  • Cybersecurity
  • Wireless and other devices

Cybersecurity Industry Expected to Provide More Employment Opportunities

As CES has grown, so too has the cyber defense industry. So today’s cyber defenders in government and industry must continue to learn. Some of the products at CES are newly created, first versions.

Cyber defenders are the ones looking for the problems that may occur. They must look at, assess and determine if there are vulnerabilities that will affect other systems. Frequently a program or app is created that has no security problems. But when it is combined with other systems unforeseen vulnerabilities might appear.

Talks and demonstrations at CES allow professionals to see new cyber devices. CES also is the global stage where startups can get funded, new partnerships formed, and new acquisitions mergers and acquisitions take place.

In the future, we will need more and smarter cyber defenders who can keep up with the rapid evolution of technology. A formal college education and a continuing situational awareness of changes and vulnerabilities in technology are standard requirements for most cyber defender positions today.

What is new this year will likely be redundant in the not-too distant future. Events like CES offer an opportunity to glimpse the future of our ever-changing world of technology and its needs.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 49th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 “Secrets to Getting a Federal Government Job.”

Kasparov Urges DEFCON Participants to Use AI More and Kaspersky Security Software Less

Published with Permission by:
Lint, James R., “Kasparov Urges DEFCON Participants to Use AI More and Kaspersky Security Software Less”, In Cyber Defense, 3 August 2017, Web, http://incyberdefense.com/james-lint/kasparov-urges-defcon-participants-use-ai-kaspersky-security-software-less/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

Between July 27 and July 30, the annual DEFCON Hacker Conference celebrated its 25th anniversary in Las Vegas.

DEFCON began in 1992, when Platinum Net, a Fido protocol-based hacking network, held a party in Las Vegas for members of Bulletin Board Systems (BBS) and their users. The party was organized by Jeff Moss, an American hacker, computer and Internet security expert.

Since then, the DEFCON community has grown to more than 20,000 attendees. The talks and skills of the presenters have grown over the years along with technology.

Featured Speaker Garry Kasparov Says AI’s Power Should Be Harnessed for Cybersecurity

Garry Kasparov, a chess Grand Master who was beaten at his own game by IBM’s Deep Blue supercomputer, spoke on the first day. He called for using artificial intelligence (AI) for cyber security. Kasparov’s new book, “Deep Thinking,” forecasts a bright future once we use the full power of computing and AI.

Kasparov acknowledged that machines and computers likely will eliminate some jobs in the future. However, technology also will create new jobs for people with an understanding of how to harness and expand AI.

He also called for banning Kaspersky Internet security software from U.S. government offices. Kasparov wants the new administration to ban the software because he believes Eugene Kaspersky is connected to Russian intelligence, a statement backed up by U.S. intelligence services and news reports.

Safe-Cracking Robots Discover Combinations in Less than One Hour

DEFCON also featured a 45-minute demonstration of how a robot could open a security container or safe. It was so successful that the exhibition ended early. The robot opened the secure container in about 30 minutes.

Originally, it took the robot three hours to break into the safe. But through applied mathematics, the robot’s creators, first-time DEFCON participants, solved the combination manipulation process. The demonstration also made the federal employees in the audience worry if government security systems could be defeated in such a short time.

25 Years of Continued Education

I’ve attended DEFCON since 2005 and I’ve found each year’s gathering was a learning event. Attendees return home smarter employees.

DEFCON is where you can see new threats to security and solutions to some security issues. The admission price is low, the networking is impressive and learning happens every year.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

Cyber Security Professionals Must Prevent Attacks or Be Terminated

Published with Permission by:
Lint, James R., “Cyber Security Professionals Must Prevent Attacks or Be Terminated”, In Cyber Defense, 14 June 2017, Web, http://incyberdefense.com/james-lint/cyber-security-professionals-must-prevent-attacks-terminated/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

My recent article, “Cyber Defenders Are Often Not Fired, When Others Would Be” stirred responses from many physical security professionals. The common theme was that there are standards in physical security, but the cyber security problem is too difficult to solve. Cyber defenders, however, know standards and solutions are available.

Cyber Defense Standards Can Be Found

The National Institute of Standards and Technology (NIST) has created a cyber security framework for private sector organizations to assess their ability to prevent, detect and respond to cyberattacks.

The “The Framework, which was created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure.”

Also, on May 11, 2017, the White House released a Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.

The United States Computer Emergency Readiness Team, a division of the Department of Homeland Security, (US-CERT) website states that US-CERT “strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world.”

The US-CERT website has numerous publications, alerts, tips, and resources. It is updated daily, and has many ways to be contacted.  Any cyber defenders who have not signed up for the alerts and tips email list are missing good professional development and also timely protection information for their organizations.

Comparisons of Physical Security and Cyber Security

Many physical security personnel are not trained in cyber security, just as many cyber security personnel are not trained in physical security. Training helps both.

Physical security specialists are trained for many different sectors such as government security, security for intelligence facilities, shopping centers, banks, and hospitals. No one is an expert in all of those sectors. The security standards for a Top Secret intelligence facility are much different from those of a hospital. In turn, a hospital security is different than that of a bank.  With all the knowledge needed in these sectors, why would some people think they can also be experts in cyber security/defense?

Cyber Defenders Must Install Updates

Companies that do not upgrade their software are as derelict as those companies that leave a door open to thieves.

On Friday, May 12, the BBC reported an international ransomware attack involving hackers using ransomware called WanaCrypt0r 2.0. As many as 74 countries, including the U.K., U.S., China, Russia, Spain, Italy and Taiwan, were affected. Thousands of computers were locked by a program that demanded $300 in Bitcoin for each hacked computer. But in March Microsoft had issued the first patch to prevent the WannaCry attack.

That means all those companies and officials who were affected by WannaCry Ransomware could have prevented the attack if they had installed Microsoft’s update and upgrades two months earlier.

Why are boards of directors not firing CIOs and senior IT managers who fail to take steps to prevent cyberattacks?  Why are they not firing CEOs who did not ensure that their CIOs and IT managers implemented the Microsoft update patches? Why do they treat cyber security personnel so cavalierly but do not reprimand or fire physical security personnel who make similar errors?

Visual Comparison of Security Physical Holes and Unpatched or Upgraded Networks

If a company does not repair a large hole in its building for two months, wouldn’t that be cause for termination of its security manager? Would that business’s insurance company continue to insure a firm with a large hole in its building?

If you don’t patch a hole in your fence, people will think you are incompetent or lazy. If you leave a large hole in your building you should be fired for cause. Why do we not hold CIOs to the same standard of responsibility? It really is that simple. There will be new innovative hacks in the future. But any security professional who does not deal with existing vulnerabilities should be fired.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

Ransomware Is Everywhere, So Protect All of Your Electronic Devices

Published with Permission by:
Lint, James R. & Kim, Dr. Yoohwan, “Ransomware Is Everywhere, So Protect All of Your Electronic Devices”, In Cyber Defense, 23 Mar. 2017, Web, http://incyberdefense.com/news/ransomware-everywhere-protect-electronic-devices/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

Co-Authored by Yoohwan Kim, Ph.D. 
CISSP, CISA, CEH, CPT Associate Professor Computer Science Department University of Nevada Las Vegas

This is the third in a series of articles on ransomware.

Ransomware attacks have been on the rise in recent years. In 2016, these attacks increased 6,000% over 2015.

“Ransomware targeting Android users has increased by over 50 percent in just a year, as cybercriminals increasingly take aim at what they view as an easy ecosystem to penetrate,” ZDNet reports. Author Danny Palmer says the increase “comes as users increasingly turn to mobiles as their primary devices, storing more and more valuable data on them.”

Increased use of cloud storage also contributes to the explosive growth of ransomware attacks. As InfoSec Institute notes, “Cloud storage ransomware usually self-propagates after being installed on cloud servers. Virlock is a typical example of cloud storage ransomware. It impersonates FBI authorities and requests victims to pay the fine of $250 due to alleged misconduct on behalf of the victims.”

Many ransomware programs impersonate the FBI in an attempt to make their demands for payment look legitimate. However, no police department or federal investigative organization will ever request payment, especially via the Internet.

Ransomware and the Internet of Things = Jackware?

Between 2015 and 2016, there were at least 15 major industrial incidents involving ransomware attacks, according to a Booz Allen Hamilton Industrial Cyber Security Threat Briefing. These incidents included the following:

  • In April 2016, cybercriminals delivered ransomware via phishing to the corporate network of Board of Water & Light (BWL), a Michigan-based public electric and water utility. Administrators shut down the corporate network to isolate the ransomware and prevent it from potentially moving into the operations-technology environment.
  • In June 2015, a cybercriminal advertised the sale of SCADA access credentials on a Dark Web forum dedicated to selling stolen data. The post included a screenshot of a SCADA graphical user interface, IP addresses and virtual network computing passwords for a SCADA system managing a hydroelectric generator.

Also in 2015, hackers demonstrated that they could control a Jeep Cherokee from 10 miles away. They were able to cut the Cherokee’s engine and apply the brakes, sending the Jeep into a spin.

Future Ransomware Targets Could Include Household Devices

There are also many potential targets that could be exploited in the future. Think of the electronic devices in a smart home, part of the Internet of Things (IoT). Lights, alarms, music systems and even electric coffeemakers offer hackers potential targets.

Because all manner of IoT devices are linked to the Web, your lights could be turned on at 1:30 in the morning, followed by music from your iTunes collection. If you were asked for a small payment of, say, $30 by 2:30 a.m. that same day, would you pay? What if the payment demands were to increase each hour?

What if your home security system was turned off remotely and you were susceptible to an increased risk of theft or home invasion? How much would you be willing to pay to restore your peace of mind and security?

The future could include the destruction of data from wearable devices (such as Fitbits) or the sale of tracking data. Hostile attackers could turn on your electric coffeemaker while you are away and perhaps cause a house fire if you do not meet their demands for payment.

Protect Yourself from Ransomware by Increasing Your Electronic Security

One way to increase your personal security is to protect the electronic devices that run your life. Your computer serves as your IoT central control and your smartphone is often synchronized with your computer files, so both devices need protection from ransomware.

First, update your antivirus software on your computer, tablets and mobile devices. All devices have patches for your operating system. And be sure to check for updates on any mobile devices.

Second, make your passwords long and difficult to decipher. The days of the eight-character password are gone. The 12- or 14-character password is now the way to help protect your devices and data. Use a hard-to-guess password with numbers, uppercase and lowercase letters, and special characters.

Third, back up your files often. Keep those backups separate from your system, so they will not be compromised if your devices are attacked.

Fourth, always be aware of what you download. Downloading programs from unknown sites is risky. Always use only the sites you know or trust.

Similarly, opening attachments in emails or clicking on URLs in email increases your system’s vulnerability to attack. These practices can permit the downloading of ransomware.

Carefully examine unexpected emails from known or unknown senders. If you know the sender, check with him or her about the email and its attachment before you open it. Also, hover your cursor above a URL in an email to see if it actually goes to a legitimate source and double-check the sender’s email address for accuracy.

Future Protection Against Ransomware

The hope is that future new technology will have better security built into it. Currently, that hope is not realized. The potential for hostile actors to disrupt our life is increasing. It is our job to look for ways to make disruption a bit harder and hope attackers move to an easier target.

[Related: Ransomware Targets Continue to Pay Hackers and Ransomware: Its History and Evolution]

About the Authors

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.

Dr. Yoohwan Kim is an Associate Professor in the Department of Computer Science at the University of Nevada Las Vegas (UNLV). He received his Ph.D. degree from Case Western Reserve University in 2003 in the area of network security (DDoS attack mitigation). His research expertise includes secure network protocols, unmanned aircraft systems (UAS) communications and cyber-physical system (CPS) security. He has published over 90 papers in peer-reviewed journals and conferences, and has six patents granted or pending. His research has been sponsored by Microsoft Research, the U.S. Air Force, Naval Air Warfare Center, Oak Ridge National Laboratory, National Security Technologies and the National Science Foundation. Before joining UNLV, he had broad experience in the IT industry as a management information system consultant at Andersen Consulting (now Accenture), a database programmer at Cleveland Clinic Foundation, a software engineer at Lucent Technologies, and his own start-up company.