NSA Speaker Rob Joyce Offers Cybersecurity Insights at DEF CON 26

Published with Permission by:
Lint, James R., “NSA Speaker Rob Joyce Offers Cybersecurity Insights at DEF CON 26”, In Cyber Defense, 17 August 2018, Web, https://incyberdefense.com/exclusive/nsa-speaker-rob-joyce-offers-cybersecurity-insights-def-con-26/

By James Lint
Senior Editor forInCyberDefense and Contributor, In Homeland Security

Rob Joyce, the Senior Advisor for Cybersecurity Strategy at the National Security Agency (NSA), was an interesting kickoff speaker for DEF CON 26. He has attended this hacker’s convention for many years. Joyce attended this year’s conference not only to give his talk but also for recruitment purposes.

Information Technology Is a Worldwide Game Changer, Joyce Says

Information technology is a worldwide game changer and is increasing the number of people online, according to Joyce. In 2017, 4.16 billion people (54% of the global population) were online.

While social media sites such as Facebook and Twitter encouraged the development of online communities, the growth of Bitcoin and other cryptocurrencies, the Internet of Things (IoT) and cloud computing have accelerated the evolution and increased online communities. Consequently, there have been more cybersecurity hacking incidents.

Major cybersecurity incidents have included:

  • The Office of Personnel Management database hack between 2014-15 by Chinese actors
  • The attack on Ukraine’s electrical grid in 2016
  • The WannaCry ransomware attack from North Korea that knocked out computers in 150 countries in 24 hours in 2017
  • The Russian cyber attack on the 2018 Winter Olympics, which took Internet and Wi-Fi access and the Olympics website down for 12 hours

Joyce Reviews Today’s Cyber Threats

Joyce discussed the current threats that are affecting the U.S. and cyber security domains. He noted that high-end cyber threat activity continues to become more sophisticated, while the level of expertise required for hacking has decreased.

This change is due to new Internet tools that have become easier for hackers to use. Joyce noted that hacking has clearly moved from mere exploitation to active disruption of operations and organizations.

Many of the Chinese hacks were not attacks to destroy or even disrupt systems. Instead, Joyce observed, the Chinese hacks were intended as cyberespionage.

An interesting area that Joyce examined was the growing use of information operations using cyber intrusions to spread misinformation. Cyber intrusions into social media platforms have been used to create additional followers or fake accounts. This practice allows threat actors to push a storyline or create malicious propaganda campaigns, as we’ve seen during election cycles.

Joyce Offered Prediction on Where Cybersecurity Is Going in the Future

As a result of Joyce’s speech, some attendees explored career opportunities with NSA. This agency is continuing to incorporate innovative technology in cyber defense, such as analytics tools and the knowledge gained from them.

NSA also collaborates with the Department of Homeland Security to pass along cyber threats to the affected industries. In the future, Joyce predicted, there will be more communication between agencies and other organizations to stop cyber threats to the United States.

Conferences Such As DEF CON 26 Provide Unique Window into Government Agencies

Normally, you do not encounter NSA personnel unless you reside in the Washington, D.C., metro area. However, DEF CON 26, provides a unique opportunity to talk to, ask questions of and learn from senior government officials, including those from NSA.

About the Author

James R. Lint retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 51st scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

Cybersecurity Conference Season Starts Soon in Las Vegas

Published with Permission by:
Lint, James R., “Cybersecurity Conference Season Starts Soon in Las Vegas”, In Cyber Defense, 15 June 2018, Web, https://incyberdefense.com/featured/cybersecurity-conference-season-starts-soon-las-vegas/

By James Lint
Senior Editor for InCyberDefense and Contributor, In Homeland Security

The cybersecurity conference season is just a couple of months away. Soon, your organization’s cyber professionals will head for Las Vegas, the nation’s epicenter for these technology events, to improve their skills and experience the latest in state-of-the-art cyber defenses.

Four of the most interesting conferences will take place between August and September. These conferences are Black Hat, BSides Las Vegas, DEFCON 26 and Global Security Exchange (formerly known as ASIS).

Black Hat USA – August 4-9

The Black Hat USA conference, now in its 21st year, features recent research, development and trends. Black Hat is often the show where some of the most controversial vulnerability research in the field of information technology is unveiled.

Four days of training are followed by a two-day conference with briefings that are often newsworthy. This conference brings together industry and federal employees.

Black Hat’s environment is professional with many corporations paying for attendees. It is also a great networking event for high-level cybersecurity employees.

BSides Las Vegas Conference – August 7-8

BSides is 10 years old this year. Over the past decade, this Las Vegas conference has become a movement to increase information security awareness with low-to-no-cost education. The conference now has over 300 events in 100 cities in 26 countries.

The goal is to initiate conversations and foster community and collaboration on information security. BSides also has a complete track on employment – including getting a job and practice interviews with hiring managers. Many leading cyber companies are present, including companies that survive on cyber defense, such as Amazon.

DEFCON26 Conference – August 9-12

DEFCON began in 1993 as a party of hackers and soon grew into a conference. DEFCON attendees rarely wear suits or ties; shorts are seen much more often.

The crowd ranges from people new to hacking or security research to professionals with beards older than DEFCON’s younger members. The conference features interesting thought leadership and future security research.

Global Security Exchange – September 23-27

The American Society for Industrial Security’s annual seminar and exhibits changed its name this year to Global Security Exchange (GSX). This conference moves to different locations each year, but it will be held in Las Vegas this year. GSX will be in the same format as in the past with security education programs and an exhibit area.

Also, InfraGard will hold its annual event during the GSX conference. InfraGard, a partnership between the FBI and the private sector, informs vetted members of the industry on topics that affect American business.

Commonality and Innovation of the Conferences

All of these conferences have a similar format regarding education and exhibits. There is a charge for some classes, but not at BSides and InfraGard.

The exhibits give attendees a chance to view a vast number of products as well as many hands-on opportunities to explore capabilities. Many times, industry exhibitors will showcase a new product or upgrade, which gives security professionals an opportunity to see new products and make suggestions to manufacturers. These suggestions often turn up in the following year’s innovation displays.

About the Author

James R. Lint retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 51st scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

2017 Cybersecurity Conferences Offer Information and Job Possibilities

Published with Permission by:
Lint, James R., “2017 Cybersecurity Conferences Offer Information and Job Possibilities”, In Homeland Security, 21 July 2017, Web, https://inhomelandsecurity.com/cyber-conferences-offer-information-job-possibilities/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

There are many places to find professional development conferences to increase your cybersecurity expertise. In the last week of July, Las Vegas will host three cybersecurity events available to the public at various prices; all three events offer multiple educational programs.

Black Hat Conference

Black Hat 2017, a world-class information security event, will hold four days of technical training courses from July 22 to 25. These courses will be followed by two days of briefings and discussions on topics such as cryptography, data forensics, incident response, exploit development, malware, network defense and platform security. Another current topic is smart grid/industrial security.

Smart grid and industrial security is particularly important to the Department of Homeland Security’s Critical Infrastructure Sectors. These sectors affect all aspects of industrial security that protect our nation’s critical infrastructure.

Black Hat is the most expensive of these three events. The cost for registration for the briefings only is $2,395. Prices for the training courses are based on the type and length of the class. You will often find corporate employees receiving training via Black Hat.

BSidesLV Conference

BSides Las Vegas will take place from July 25 to 26. According to its website, “BsidesLV is a non-profit educational organization designed to advance the body of information security knowledge, by providing an annual, two day, open forum for discussion and debate for security engineers and their affiliates. We produce a conference that is a source of education, collaboration, and continued conversation for information technologists and those associated with this field.”

BSidesLV is free, but a donation is accepted. The lines for conference badges and the event are smaller than at Black Hat and DEF CON events.

One of BSidesLV’s tag lines is “Our presenters do not talk at you, they converse with you.” Attendees average around 2,500 per year.

In addition to its tracks and information security topics, the company also has a track called Hire Ground. BSidesLV provides resume reviews and career planning services, with recruiters and hiring managers on hand from companies such as Amazon and ClearedJobs.

DEF CON 25

DEF CON is an annual hacker convention that takes place immediately after Black Hat. The number of attendees ranges between 15,000 and 19,000.

DEF CON has many of the same speakers as the other conferences, but at a lower price for the “new to the business” learners. There is a vast spread in the skill set of attendees from well-known hackers to new script kiddies. DEF CON offers speakers and multiple tracks during all four days, with entertainment in the evenings.

But beware — the show does not take checks or credit cards at registration. Cash is the only form of payment because many of the attendees are hackers. DEF CON does not want to be the target of a state or federal legal probe to identify hackers.

“The presence of federal agents at Def Con, declared or otherwise, is nothing new,” wrote The Verge website in 2012. “But on its 20th anniversary, the world-famous hacker conference experienced an interesting first: a keynote speech from the director of a major U.S. intelligence agency.

“Gen. Keith Alexander, head of the National Security Agency and U.S. Cyber Command, addressed thousands of security professionals, hardware hackers and other brilliant computer miscreants during the annual gathering at the Rio hotel in Las Vegas. His mission was obvious: to diffuse long-held tensions, illustrate the common ground between hackers and the government, and ultimately persuade members of the community to use their skills in service to Big Brother.”

What Are the Differences among These 3 Events?

The dress code at Black Hat is more formal, ranging from a sports coat to polo shirts. BSidesLV is often polo shirts to event T-shirts.

Conversely, you can wear anything you want to DEF CON. You will be very comfortable in a T-shirt and jeans, but you would look out of place in a suit.

All three events offer opportunities for job seekers. Many companies meet and hire people at these events.

If You Can’t Attend, Only Some DEF CON Events Will Be Published Online

While there is pay per view on your TV cable provider for some sports and boxing events, there is no pay per view of cyber conventions. In fact, the media is told to not shoot face shots unless they have permission from all faces. This rule is due to the people who operate on the border of legality, in addition to many undercover federal agents and employees who would appreciate not having their photos taken.

Often a few months after the conference, some of DEF CON’s events will show up on YouTube and on the DEF CON webpage.

The bottom line is you do need to attend to get the full impact of the speakers, vendors and other attendees. The networking opportunities at these events are endless. On top of all the great education and networking, it is Las Vegas and everyone has a great time.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013 “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

Iranian Hackers Charged with Hacks of 144 U.S. Universities

Published with Permission by:
Lint, James R., “Iranian Hackers Charged with Hacks of 144 US Universities”, In Cyber Defense, 28 March 2018, Web, https://incyberdefense.com/featured/iranian-hackers-charged-hacks-144-us-universities/

By James Lint
Senior Editor for InCyberDefense and Contributor, In Homeland Security

Many cyber defenders watch for Chinese and Russian hackers. However, we must not forget that smaller countries are also in the cyber attack game.

The U.S. Department of Justice and the Department of the Treasury’s Office of Foreign Assets Control determined that nine Iranians hacked the computer systems of 144 American universities, ZDNet reported.

The Iranian hackers worked in cooperation with the Islamic Revolutionary Guard Corps, the Mabna Institute (an Iranian hacker network) and the Iranian government to steal 31.5 terabytes of valuable data.

“In all, 320 universities around the world were attacked along with several U.S. government entities, including the Department of Labor, [the] United Nations, and the Federal Energy Regulatory Commission,” ZDNet added.

Wide-Ranging Impact of Iranian Hackers

The “massive and brazen cyber assault” was “one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice,” U.S. Attorney Geoffrey Berman of the Southern District of New York told a news conference on March 23.

According to the indictment cited by Sciencemag.org, “3,768 of the hacked professors were at 144 U.S. universities, and the attackers stole data that cost these institutions about $3.4 billion to ‘procure and access.’” Data stolen by the Iranian hackers includes scientific research, dissertations and journals.

The hack was intended to help Iranian universities gain access to foreign scientific resources. The indictment notes that the stolen data will also assist scientific and research organizations in Iran.

The FBI website reported that “the hackers stole more than 30 terabytes of academic data and intellectual property—roughly three times the amount of data in the print collection of the Library of Congress.”

Iranian Hackers Used Password Spray Attacks to Penetrate Other Computer Systems

According to the FBI investigation, a group of malicious cyber actors working for the Iran-based Mabna Institute conducted coordinated and broadly targeted password spray attacks against organizations in the United States and abroad. Victims of Mabna attacks often lack multi-factor authentication (MFA) and preventative network activity alerts. The lack of security measures allowed the Iranian hackers to easily guess passwords such as “Winter2018” and “Password123!”

Unlike a brute force attack, in which a would-be penetrator will obtain a single email account’s password by trying all possible combinations in sequence, spray attacks search for accounts with the easiest passwords. This attack method does not trip safety lockouts because the hacker tries only a few simple passwords before moving on to someone else’s account.

An FBI alert offers a good description of spray attacks: “During a password spray attack, a malicious actor attempts a single password against a population of accounts before moving on to attempt a second password against the accounts, and so on.” In other words, a spray attack searches multiple accounts for simple passwords.

Defendants Cannot Leave Iran without Fear of Capture and Extradition to US

The nine defendants in the U.S. university hack scheme are believed to be in Iran. “These defendants are no longer free to travel outside of Iran without the fear of being arrested and extradited to the United States. The only way they can see the rest of the world is through their computer screen, but not stripped of their greatest asset, anonymity,” Berman said.

Tips on Improving Your Cyber Defense

  • Review password policies to ensure they align with the latest NIST guidelines. Never use easy-to-guess passwords, which is the key to defense against this type of cyber attack.
  • Review IT Helpdesk password management of initial passwords, password resets for user lockouts and shared accounts. IT Helpdesk password procedures may not align with company policy, creating a security gap that hackers can exploit.

Cyber Defenders Need to Constantly Learn about New Cyber Attack Methods

Cyber defenders should stay current about new attack methods and older techniques. By keeping your end users informed, you can prevent simple cyber attacks from happening.

In addition, cyber defenders should use government resources to keep their knowledge up to date. One key tool could be Infragard, which is run by the FBI and has chapters in all 50 states. Your local FBI Liaison can help you access the Infragard portal.

Another good resource is US-CERT.gov. This site does not require a signup, but it does hold various events for cyber defenders. Its current activities and announcements show both system vulnerabilities and announcements on system threats.

Cyber defenders who stay current on various cyber threats are force multipliers for their organizations. They are much less likely to be surprised by people targeting their computer systems.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 49th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

Social Media Security: Follow Basic Safety Rules to Protect Your Home from Intruders

Published with Permission by:
Lint, James R., “Social Media Security: Follow Basic Safety Rules to Protect Your Home from Intruders”, In Cyber Defense, 22 February 2018, Web, https://incyberdefense.com/james-lint/social-media-security-basic-safety/

By James Lint
Senior Editor for InCyberDefense and Contributor, In Homeland Security

Although it’s fun to post pictures and messages on social media about trips you take, you are also vulnerable to household theft at the same time. For example, imagine that you take your family on a week-long trip.

Your kids post a message on Facebook that they are happy to be on vacation. Your wife takes an interesting picture at a rest stop and posts it to her Instagram account. Also, you send out a tweet upon arrival that you are at the convention hotel and plan to see your work friends tonight.

Unfortunately, all of this information tells a social media-savvy thief that your house is empty. As a result, you might receive a late-night text from your home security company that your home alarm went off, but you missed the text because you were away.

Social Media Gives Thieves Good Data about Houses to Target

We give social media a lot of information. We tell thieves when we are not home. We tell thieves when we leave, when we hit rest stops, when we go to airports and when we go to parties.

But we need to maintain some privacy to prevent others from misusing social media information. Consider the following questions:

  • Do you know your current privacy settings on each of your social media accounts?
  • Do you know the last time each of your social media sites changed its privacy settings?
  • Do you know if your privacy setting really did port over to your new phone?
  • Are you sure that no unintended visitors are looking at your sites and content?

Compromise between Social Media Security and Entertainment

It takes work to maintain a balance between your privacy and the public nature of social media. Here are some potential solutions:

Solution #1: Wait Until You’re Back Home

Take your pictures, write your content, and place the written content in a Word doc or Google Docs file. Then, post the images and written content AFTER you get home. While some people will say this defeats the purpose of social media, it is a safer way to protect your home and belongings.

Another possible option is to post only if you’re a short distance from home. For example, if you’re only out for the day and it’s a quick 20-minute drive to get home, it might be an acceptable risk to post from your location just before you leave.

Solution #2: Use a Social Media Management Tool such as Hootsuite or Buffer

There are online tools such as Hootsuite and Buffer that allow you to schedule social media posts at times you prefer. Both of these tools have free plans for individuals. Also, both tools are available as mobile apps.

Solution #3: Ask Social Media Companies to Add in a ‘Send Later’ Feature to Personal Accounts

Ideally, social media companies should build in a “send later” feature into their platforms. This feature does not currently exist for personal accounts (although Facebook administrators can pre-schedule posts to appear on pages for an organization).

The ability to send posts at a later time would be a useful social media security feature for personal accounts. In addition, it would be a proactive measure that would provide security even if your privacy settings had not been recently updated.

Consider sending a message to your social media companies’ feedback email or “contact us” pages. This information could be easily found through a Google search.

Stay secure!

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 49th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

No Holiday Season Break for CES Tech Show Preparations

Published with Permission by:
Lint, James R., “No Holiday Season Break for CES Tech Show Preparations”, In Cyber Defense, 14 December 2017, Web, https://incyberdefense.com/featured/no-holiday-break-ces-preparations/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 InCyberDefense and Contributor, In Homeland Security

CES, the gathering convention for people thriving in the consumer technology business, begins in 30 days’ time in Las Vegas.

This annual trade show has been the proving ground for innovators and breakthrough technologies for 50 years. CES introduces next-generation innovations to the marketplace. Hosted by the Consumer Technology Association (CTA), CES collects the world’s business leaders and pioneering thinkers.

This year’s show starts on January 9, 2018, and runs for a full week. Last year, CES attracted 184,000 attendees from all over the world, including global technology industry leaders from 150 countries.

In 2017, CES drew a wide variety of attendees, including:

  • Fortune 500 company executives
  • Manufacturers
  • Retailers
  • Venture capitalists
  • Engineers
  • Government officials
  • Advertising and marketing executives
  • Media sources

Size of CES Requires Ample Preparation

You do not get 184,000 attendees into one convention center without a lot of preparation and planning. Tech firm exhibitors and event planners begin preparations long before the show opens because the logistics involved are extensive.

To assist participants get ready for the show, CES provides a checklist for exhibitors that includes pages of requirements that need to be met starting in October.

The Reach and Breadth of CES

CES is a platform for innovators to build their brands. Almost every major technology company participates in CES in some way — by exhibiting, speaking, sponsoring, attending or holding co-located events and business meetings.

Show Content Spotlights Diversity of Technology

At CES, content and learning opportunities are available regarding diverse elements of technology, including 3D printing, digital imaging/photography, robotics and drones. Attendees can also pick up new information on sensors, augmented and virtual reality, electronic gaming, smart homes, audio, fitness and sports.

There are booths and displays for startup companies, as well as for major manufacturers whose names have become household words. Visitors will see innovations in:

  • Communications infrastructure
  • Health and biotech
  • Vehicle technology
  • Computer hardware/software/services
  • Internet
  • Video
  • Content creation and distribution
  • Cybersecurity
  • Wireless and other devices

Cybersecurity Industry Expected to Provide More Employment Opportunities

As CES has grown, so too has the cyber defense industry. So today’s cyber defenders in government and industry must continue to learn. Some of the products at CES are newly created, first versions.

Cyber defenders are the ones looking for the problems that may occur. They must look at, assess and determine if there are vulnerabilities that will affect other systems. Frequently a program or app is created that has no security problems. But when it is combined with other systems unforeseen vulnerabilities might appear.

Talks and demonstrations at CES allow professionals to see new cyber devices. CES also is the global stage where startups can get funded, new partnerships formed, and new acquisitions mergers and acquisitions take place.

In the future, we will need more and smarter cyber defenders who can keep up with the rapid evolution of technology. A formal college education and a continuing situational awareness of changes and vulnerabilities in technology are standard requirements for most cyber defender positions today.

What is new this year will likely be redundant in the not-too distant future. Events like CES offer an opportunity to glimpse the future of our ever-changing world of technology and its needs.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 49th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 “Secrets to Getting a Federal Government Job.”

A New Trojan Horse: The Kaspersky Software Hack of US Intelligence

Published with Permission by:
Lint, James R., “A New Trojan Horse: The Kaspersky Software Hack of US Intelligence”, In Cyber Defense, 18 October 2017, Web, https://incyberdefense.com/james-lint/kaspersky-hack-us-intelligence/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
InCyberDefense and Contributor, In Homeland Security

According to legend, when the warring Greeks were unable to pierce the defenses of the city of Troy, they presented Troy with a gift — a huge, hollow wooden horse known as the “Trojan Horse.” Since then, the term “Trojan horse” has come to refer to subversion or sabotage from within.

Beginning in the late 20th century, the term was applied to deceptive computer codes that seemed like legitimate applications. However, this software was actually written to deliberately damage or disrupt a computer’s programming or to steal information from it.

If Software Seems Too Good To Be True, It Is When it’s Made in Russia

Sometimes when something looks too good or is priced too low, it usually is too good to be true. So imagine a large nation-state that was the West’s main foe during the Cold War creating software to help the West. Would you buy its software to protect your systems?

Can Antivirus Software Be an Espionage Tool?

Amazingly, U.S. government agencies and others did just that; they bought expensive enterprise packages of Kaspersky Lab’s antivirus cyber security software from Russia. According to US-CERT, “anti-virus software scans files or your computer’s memory for certain patterns that may indicate the presence of malicious software.”

Now, as the result of new revelations, buying Russian-made software is reminiscent of the Trojans taking their equine gift inside their city walls. Of course, that did not work out so well for the people of Troy. That night, Greek soldiers hidden inside the Trojan horse got out, opened the city gates and allowed their army to take the city.

A recent New York Times article revealed how the Israelis hacked into Kaspersky Lab’s own network and alerted the National Security Agency (NSA) to the Russian intrusion into U.S. government computer systems.

“The Russian operation was known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, on which Kaspersky’s antivirus software was installed,” the Times story said. “What additional American secrets the Russian hackers may have gleaned from multiple agencies, by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known.”

Who Paid Kaspersky for This Russian Espionage?

The revelation exposed how easily Russia was able to target American individuals and government organizations for espionage. The irony here is that Americans paid Kaspersky Lab for the privilege of using its antivirus software that sucked out their information and sent it to Russia. Russia ran an espionage operation against the U.S. sponsored by a Russian business and possibly by the Russian government.

As the Times reported: “For years, there has been speculation that Kaspersky’s popular antivirus software might provide a back door for Russian intelligence. More than 60 percent, or $374 million, of the company’s $633 million in annual sales come from customers in the United States and Western Europe. Among them have been nearly two dozen American government agencies — including the State Department, the Department of Defense, Department of Energy, Justice Department, Treasury Department and the Army, Navy and Air Force.”

The Greeks gave Troy the Trojan Horse for free; the Russians did the Greeks one better. They made the West pay millions of dollars for their digital Trojan horse.

Kaspersky’s business was a wonderful way to help boost the Russian economy and add jobs at a time when oil prices had dropped. It was also a brilliant espionage operation, which could bring further income to Russia from the theft of Western research and development (R&D) information and economic espionage.

Although Their Espionage Succeeded, Russian Creators Won’t Receive Public Recognition

When you look at the U.S. government agencies that used the Kaspersky Lab software, you see a textbook list of targets for a hostile nation-state or competitor. You rarely see, however, this group of espionage targets paying a foreign power to take their information, intelligence and research and development materials.

The Russians who thought up and perpetrated this Trojan horse operation probably received a wonderful reward from a very grateful Russian government. As is common in the intelligence field, the creators probably will never be able to talk about or share their award outside the Kaspersky offices or the Kremlin walls. After all, they do not want a foreign power learning their secrets.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016, “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017, Secrets to Getting a Federal Government Job.”

Regular Software Patches Could Have Prevented Equifax Breach

Published with Permission by:
Lint, James R., “Regular Software Patches Could Have Prevented Equifax Breach”, In Cyber Defense, 3 October 2017, Web, http://incyberdefense.com/james-lint/regular-software-patches-prevented-equifax-breach/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

We often think of Equifax as a company that can be trusted to securely save and control our personal information. But as CNN Money’s Kaya Yurieff reported in September, “A huge security breach at credit reporting company Equifax has exposed sensitive information, such as Social Security numbers and addresses, of up to 143 million Americans.”

It seems that some rookie mistakes were made. However, this breach provides good lessons that can be used to protect future victims.

Splitting Up Your Security May Make for a Weaker Brand

Wired Magazine reported that Equifax started directing potential victims of the breach to a new, quickly constructed website called “equifaxsecurity2017.com.” However, “quickly” often does not mean securely built. Bugs were found in the new site, which was ostensibly designed to discuss protection from breaches.

This revelation is not a confidence builder for Equifax victims. It would have been logical to put the information on the website Equifax.com, which was already online and branded. Using the existing Equifax website would have given customers more confidence that they were getting the correct information.

One possible reason for this change to a new website might have been that Equifax did not trust its own security on its branded website. Yes, Equifax was hacked, but it was the databases containing personal information that were hacked. Normally, the main website could be secured again quickly from a backup disk.

The new website asked people to input the last six digits of their Social Security number to check if their information was compromised in the breach of Equifax servers. But the website asking for this information also had bugs.

Again, that was not a confidence builder for Equifax. Future organizations in Equifax’s situation will probably try to remain on their branded sites.

Using an Established Branded Website versus a Non-Branded Website

Nick Sweeting, a web developer, thought it strange for Equifax to set up a non-branded website. He set up “securityequifax2017.com” (note: the fake site’s name was a simple transposition of two words) to show how traffic could be driven to a wrong or malicious website. Sweeting created the site not to cause harm, but to show the potential damage a non-branded website could do.

Sweeting set up the bogus phishing site to expose vulnerabilities that existed in Equifax’s response page. “I made the site because Equifax made a huge mistake by using a domain that doesn’t have any trust attached to it [as opposed to hosting it on equifax.com],” Sweeting told The Verge.

Compounding the confusion for Equifax victims, customers were sent to Sweeting’s website when they called the Equifax help desk. One Equifax employee even tweeted Sweeting’s fake website four times. Luckily, the alternate URL was not malicious.

“A day after the breach and launch of the legitimate help website, scammers had created 194 phishing websites that shared similar addresses with equifaxsecurity2017.com,” USA Today reported on September 21.

Equifax Acknowledged that It Failed to Ensure Software Patches Were Properly Installed

According to a September 24 Wired article by Lily Hay Newman, “The fact that attackers got into Equifax’s systems through a known vulnerability with a patch available galls security analysts. But the company also acknowledged that it knew about the patch when it was first released, and had actually attempted to apply it to all its systems.”

The fact that the company failed to ensure that the patches were properly installed and tested does not bode well for any future court actions against Equifax.

Newman also quoted Michael Borohovski of Tinfoil Security, who commented on Equifax’s mistake of tweeting out the wrong website for victims of the hack: “When your social media profile is tweeting out a phishing link, that’s bad news bears.”

We like to believe that large companies holding the credit history of over 100 million Americans is incredibly strong. Sometimes, that is an illusion.

In this case, just as in the WannaCry ransomware attacks, the Equifax security breach could have been prevented if the company had installed updates on all of its systems. However, this did not happen and Equifax became the latest victim of a preventable hack.

Former Equifax CEO to Face the Senate Committee on Banking, Housing and Urban Affairs on October 4

Equifax’s former CEO, Richard Smith, is scheduled to talk with a Senate committee on October 4. Their discussions will cover Equifax’s security lapses and the Equifax executives who sold stock before this breach was discovered. Currently, there is no proof of insider trading on privileged information, but the appearance of wrongdoing is there.

One of the worst management mistakes made by Equifax in the handling of this incident was stated in CNN Money. Journalist Jackie Wattles noted that “Equifax initially asked affected customers to give up their right to sue the company in exchange for credit monitoring services.”

The concept of breaking even or making a profit during a crisis breach is unusual. Many victims viewed it as outrageous that Equifax wanted to charge fees for doing credit freezes to protect themselves from Equifax’s errors.

Additionally, the idea of giving up the ability to sue for damages in exchange of protection created a public relations nightmare. The company stock has rapidly fallen by 32%. This shows that crisis management and cyber defense failures are costly to executives who are often paid bonuses based on stock prices.

Did State-Sponsored Espionage Play a Role in the Equifax Hack?

While investigations are still continuing, the hackers who penetrated Equifax used techniques that are similar to the techniques used by nation-state hackers. Bloomberg reported, “One person briefed on the probe being conducted by the Federal Bureau of Investigation and U.S. intelligence agencies said that there is evidence that a nation-state may have played a role, but that it doesn’t point to China. The person declined to name the country involved because the details are classified.”

Later, the same article showed that “One of the tools used by the hackers — China Chopper — has a Chinese-language interface, but is also in use outside China.” Most espionage hacks have layers to hide the true identity of the nation-state doing the hack. It will take a few more months to hopefully work towards the attribution of a nation-state identity.

The Golden Rule of Cybersecurity: Patch Now, Patch Often

If this were a humorous article, it might be worth mentioning that in Argentina, Equifax had a system running on weak credentials. Both the login and the password were “admin.”

Of course, this is not a humorous article. The havoc caused by the Equifax breach will last for years. And it could all have been avoided by simply updating the system with the new software patches.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

Kasparov Urges DEFCON Participants to Use AI More and Kaspersky Security Software Less

Published with Permission by:
Lint, James R., “Kasparov Urges DEFCON Participants to Use AI More and Kaspersky Security Software Less”, In Cyber Defense, 3 August 2017, Web, http://incyberdefense.com/james-lint/kasparov-urges-defcon-participants-use-ai-kaspersky-security-software-less/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

Between July 27 and July 30, the annual DEFCON Hacker Conference celebrated its 25th anniversary in Las Vegas.

DEFCON began in 1992, when Platinum Net, a Fido protocol-based hacking network, held a party in Las Vegas for members of Bulletin Board Systems (BBS) and their users. The party was organized by Jeff Moss, an American hacker, computer and Internet security expert.

Since then, the DEFCON community has grown to more than 20,000 attendees. The talks and skills of the presenters have grown over the years along with technology.

Featured Speaker Garry Kasparov Says AI’s Power Should Be Harnessed for Cybersecurity

Garry Kasparov, a chess Grand Master who was beaten at his own game by IBM’s Deep Blue supercomputer, spoke on the first day. He called for using artificial intelligence (AI) for cyber security. Kasparov’s new book, “Deep Thinking,” forecasts a bright future once we use the full power of computing and AI.

Kasparov acknowledged that machines and computers likely will eliminate some jobs in the future. However, technology also will create new jobs for people with an understanding of how to harness and expand AI.

He also called for banning Kaspersky Internet security software from U.S. government offices. Kasparov wants the new administration to ban the software because he believes Eugene Kaspersky is connected to Russian intelligence, a statement backed up by U.S. intelligence services and news reports.

Safe-Cracking Robots Discover Combinations in Less than One Hour

DEFCON also featured a 45-minute demonstration of how a robot could open a security container or safe. It was so successful that the exhibition ended early. The robot opened the secure container in about 30 minutes.

Originally, it took the robot three hours to break into the safe. But through applied mathematics, the robot’s creators, first-time DEFCON participants, solved the combination manipulation process. The demonstration also made the federal employees in the audience worry if government security systems could be defeated in such a short time.

25 Years of Continued Education

I’ve attended DEFCON since 2005 and I’ve found each year’s gathering was a learning event. Attendees return home smarter employees.

DEFCON is where you can see new threats to security and solutions to some security issues. The admission price is low, the networking is impressive and learning happens every year.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

DEFCON Hacking Conference Features Diversity as Its Mission

Published with Permission by:
Lint, James R., “DEFCON Hacking Conference Features Diversity as Its Mission”, In Cyber Defense, 3 August 2017, Web, http://incyberdefense.com/news/defcon-hacking-conference-features-diversity-mission/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

The DEFCON Hacker Conference in Las Vegas celebrated its 25th anniversary on July 28-30, 2017, in Las Vegas.

People keep coming back to DEFCON because of the unique quality of the conference presentations. They are often on topics that most organizations would not want to publicize: computer hacking, robots hacking safes, implanting passwords and cognitive memory. The speakers are all experienced in the hobby and profession of hacking into computers.

Yesterday’s ‘Hackers’ Are Today’s ‘Security Researchers’

DEFCON attendees who stroll DEFCON’s villages for information and new security ideas are sometimes called “hackers.” Many of the old “hackers” now have titles like information technology “researchers” as industries fight to hire those who can think outside the box and discover computer vulnerabilities before they become problems. Brilliant people discovering problems to be solved are important, but how they label their “hobby” is no longer important.

Multiple ‘Villages’ Are Devoted to Diverse Topics

DEFCON’s mission of diversity is fostered by “villages,” a series of conference areas devoted to specific topics. For example, the Biohacking Village website describes it as “a biotechnology conference focused on breakthrough DIY, grinder, transhumanist, medical technology, and information security along with its related communities in the open source ecosystem.”

Cars Hacking Village Offers Information to Correct Auto Industry Vulnerabilities

The Car Hacking Village, now in its third year at DEFCON, has been helpful to the auto industry in exposing vulnerabilities before a crisis. The wireless interfaces built into today’s vehicles make them virtual computers on wheels.

Computers have been hacked for decades, so why would anyone expect cars not to be hacked? One of the talks this year, “That’s no car. It’s a network!” explained how auto manufacturers try to discover software and network vulnerabilities from improperly written software code before there is a fatal crash.

Crypto and Privacy Village Provides Platform for Discussing Privacy Maintenance

The Crypto and Privacy Village provides little information online, which says something about its focus. One of the scheduled talks, “Privacy is Not An Add-On: Designing for Privacy from the Ground Up,” described different ways to maintain privacy using a variety of tools.

Hardware Hacking Village Discusses VoIP, Reverse Engineering and Sustainability

Discussions in the Hardware Hacking Village ranged from VoIP (Voice over Internet Protocol) phone hacking to reverse engineering. An unusual workshop explained component desoldering and recovery, which are useful techniques as landfills are filling up with technology waste.

Internet of Things (IoT) Village Promotes Security Advancements

According to its website , “IoT Village delivers advocacy for and expertise on security advancements in Internet of Things devices.” This is one area that has many people in business worried about security being an afterthought. Over the years, the DEFCON IoT Village has displayed and discovered 113 new vulnerabilities in connected devices that were reported to manufacturers so they can make their devices safer and more secure.

Packet Hacking Village Pinpoints Security Vulnerabilities

The Packet Hacking Village featured talks and hands-on workshops. It also had an interesting presentation schedule that included its “Wall of Sheep” display, highlighting vulnerable systems that are ready “for slaughter.” Visitors were able to have a free security assessment to ensure that their system was not listed on the Wall of Sheep.

Other Villages Offer Additional Topics of Interest to Attendees

Other villages included social engineering (also known as human hacking), wireless, lock picking, Industrial Controls Systems and the Packet Hacking Village. To show the ability of DEFCON to evolve and stay current, there was even a Voting Machine Hacking Village.

Multiple Villages Provide a Variety of Information for Hackers and Security Researchers

The multitude of villages helps DEFCON to improve each year. These improvements provide both hackers and security researchers with learning and growth areas, while they exchange topics and new tools to improve the security of our networks and cyber programs. As the skills of DEFCON attendees improve, they will be better able to handle current and emerging cyber threats.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”