Ransomware Escalates To a Near Nation-State Attack in the UK

Published with Permission by:
Lint, James R., “Ransomware Escalates To a Near Nation-State Attack in the UK”, In Cyber Defense, 15 May 2017, Web, http://incyberdefense.com/james-lint/ransomware-escalates-near-nation-state-attack-uk/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
In Cyber Defense and Contributor, In Homeland Security

On Friday, May 12, the BBC reported an international ransomware attack involving hackers using ransomware called WanaCrypt0r 2.0. The BBC stated, “There have been reports of infections in as many as 74 countries, including the U.K., U.S., China, Russia, Spain, Italy and Taiwan. Computers in thousands of locations have apparently been locked by a program that demands $300 in Bitcoin.”

CNET reported, “The ransomware attack that hit 16 National Health Service (NHS) hospitals in the U.K. and also hit up to 52,000 devices across other countries using an exploit called the WanaCrypt0r 2.0 ransomware. The majority of the new malware was targeting Russia, Ukraine and Taiwan, Avast Threat Lab team lead Jakub Kroustek said.”

WanaCryptor 2.0 Attack’s Impact on UK Hospitals

Multiple hospitals in the NHS pushed information via social media to the local population to contact their hospitals before traveling to determine if those hospitals were open for operations. The NHS is the government-run, major medical system in the U.K., so hackers have only one system to breach and install ransomware.

The advantage to the American healthcare system is that we have multiple hospital systems. While there have been major hacks against a few major U.S. hospitals and insurance companies, it is more difficult to penetrate all of these unconnected systems.

If the U.S. healthcare system were to migrate to a single health system like the NHS, the security of our healthcare system would require more safeguards. But these multiple healthcare systems provide some additional security for patient data; the competition provides some additional security.

Ransomware Could Escalate into Strategic Attacks on the US

It is possible that the use of ransomware could escalate and ransomware could be used for strategic attacks against the United States. Imagine the potential of ransomware that attacks an entire sector of a country, such as healthcare and hospitals.

For example, what if there was a ransomware attack that affected both a hospital’s computer system and its interconnected phone system? In the U.K., you must contact the hospital before bringing in a patient for treatment. Patient care would be unnecessarily delayed as the problems with that hospital’s computers and phone system were solved.

Although a hospital’s managers could theoretically shut down uninfected computer and phone systems to prevent ransomware infections, that security measure would be self-defeating and would replicate the impact of a ransomware attack. Without access to phones or health records, hospital employees would have difficulty doing their jobs properly.

Ransomware Attacks Could Impact Strategic Actions and Confidence in Government

Taking major hospital systems offline and causing hospitals to tell their patients not to go to specific hospitals causes a public lack of confidence in government systems. Patients become worried and uneasy when they are told that their health data records are unavailable and “the hospital is not in control of your personal health records at this time.”

In Latin American insurgencies in the 1980s, the goal of insurgents was to destabilize countries and make the population unsure that the government can protect them. The same type of impact could happen with a strategic cyberattack or strategic ransomware.

Potential Solution to the WanaCrypt0r 2.0 Ransomware Attack

Microsoft released a patch in March for the vulnerability that the WanaCrypt0r 2.0 ransomware exploits. Unfortunately, many computer systems have not been updated. This lack of action could leave a legal avenue for customers to sue for damages caused by the company’s negligence in performing software updates.

Long-Term Impact of WanaCryptor 2.0 Ransomware Attack

The WanaCrypt0r 2.0 ransomware attack that impacted so many countries could end in a multitude of ways. As the attack is investigated, we may see that the attack was caused by criminals trying to make money. But if the attack involved a nation-state intent on destroying other countries’ computer systems and holding systems for ransom, this situation could become more serious and potentially lead to war.

The news that some of the ransomware demands payments in small sums of $300 to $600 to restore access indicates this attack is a criminal matter. The scope and impact of the WanaCrypt0r 2.0 attack is wide.

But the WanaCrypt0r 2.0 ransomware attack may have one positive outcome. With the number of countries involved in this latest ransomware attack, there may be an increase of cooperation between law enforcement agencies across the world on cyber crimes.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.

Don’t Protect Your Valuable Photos the Way Grandpa Did

Published with Permission by:
Lint, James R., “Don’t Protect Your Valuable Photos the Way Grandpa Did”, In Cyber Defense, 7 Mar. 2017, Web, http://incyberdefense.com/news/dont-protect-valuable-photos-way-grandpa/

Commentary By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

Today, most people take many more digital photos of family, friends and vacations than previous generations did with film cameras. In fact, the ease of use and the low cost of digital photography consigned Kodak, Fuji and Polaroid cameras and film to the museums of 20th century technology.

For example, Polaroid stopped manufacturing its instant film in 2008, leaving this Waltham, Massachusetts, manufacturer with just 150 employees. Thirty years earlier, Polaroid was an iconic company with a “peak” global employment of nearly 21,000 employees.

Today, lots of people have never heard of Polaroid. But their valuable digital pictures often receive the same poor level of protection that an album or scrapbook full of Polaroid or Kodak prints used to provide – not much.

Many people born in the 1960s and 1970s could never imagine storing pictures on a thumb drive, DVD or even a CD.

In a digital world, we need better protection for our valuable photos and other documents because technology is always changing. The 3.5 disk might have been a nice improvement over a 5.25 floppy disk, but today, many computers don’t even have a disk drive.

Technology Changes Rendered Some Familiar Devices Obsolete

Think of that rapidly deteriorating album of black and white photos your grandfather gave you. The negatives of those pictures disappeared long ago. It might be a good idea to convert those album photographs to JPG files for later use. And those old 35 mm slides you used to project onto a screen at home to bore your neighbors? It’s not easy to find a working projector today, much less a new one.

Some people paid to have their slides transferred to VHS tapes and then they threw away the slides. But it’s hard to play VHS tapes these days.

Just as you should “never put all your eggs in one basket,” you should never store valuable digital files in just one place.

Never Save Digital Files in One Place

If you had a one-of-a-kind item, you would want to protect it. The cost to reconstruct PowerPoint programs or Word documents from a damaged laptop is extremely intensive in terms of man-hours. The cost often exceeds the cost of the laptop.

Yet, it’s surprising how many people save their cherished photos and documents only on their laptops or desktop devices. That computer could become infected with a virus or, worse, ransomware could attack it. If someone steals your laptop, those cherished family photos are gone forever.

Many Security Programs Can Save Your Photos

There are multiple solutions to the issue of saving digital images. Which solution is best for you depends on your situation.

For example, there are many types of software backup programs. Some programs save their files to an off-site cloud server.

Some computer owners save their photos on a thumb drive or on an external hard drive. They can be unplugged and should be stored separately from your computer so a virus or ransomware attack on your device will not affect them. These devices enhance your protection.

Another form of security can be as simple as having a friend or business colleague hold an encrypted hard drive of your data, with you repeating the favor for that person. If one or both laptops are lost by theft or destroyed in a fire, neither of you will lose your data. This is inexpensive security that saves you the cost of a cloud backup.

Federal organizations are working hard to protect the public from cybercrimes, but we also must take some responsibility for our own protection. By taking some extra time to protect your images and other digital files, you’ll enjoy greater peace of mind knowing your files are protected.

The inspiration for this and several future articles came from a meeting at the US Secret Service (USSS), Electronic Crimes Task Force (ECTF) in Las Vegas. Future articles will discuss concepts and actions to counter ransomware and the experiences of individuals and businesses.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.

Trade Shows Are Easy Targets for Foreign Intelligence Breaches

Published with Permission by:
Lint, James R., “Trade Shows Are Easy Targets for Foreign Intelligence Breaches”, In Homeland Security, 24 Feb. 2017, Web, http://inhomelandsecurity.com/trade-shows-are-easy-targets-for-foreign-intelligence-breaches/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for In Cyber Defense and Contributor, In Homeland Security

Trade shows are like playing poker with your competition standing over your shoulder or like a library with no library cards. Everything is easily available and there is lots of free information. The question is: who benefits from all this information?

A trade show offers a startup company an opportunity to make its new product a household name. It also facilitates networking opportunities for a marketing department looking for new business. In addition, a trade show is the perfect opportunity for business executives to learn if there are markets for a niche item they produce.

However, trade shows are also open venues for industrial spying by unfriendly nations seeking U.S. technology.

Intelligence Services View of Trade Shows

The Bureau of Industry and Security of the U.S. Department of Commerce has control over what is authorized for sale to overseas companies. The Export.gov website has a Consolidated Screening List. The CSL includes parties for which the United States maintains restrictions on certain exports, re-exports or transfers of items.

Because people and companies from specific countries are restricted from purchasing certain business lines, they may look for other opportunities for acquisition.

It would make no sense for the U.S. to sell elements of stealth technology to countries that wish to harm America. No country would sell missile technology to its enemies. So foreign intelligence entities (FIEs) look for other opportunities to acquire U.S. technology they cannot acquire through legitimate sales.

Trade shows provide an opportunity for those entities to see technology that they cannot purchase legitimately.

Techniques of Illicit Collection Vary, But the Goal Is the Same

The FBI pamphlet, “Counterintelligence Concerns for Trade Shows and Industry Events,” is designed to improve counterintelligence awareness of American citizens and companies by describing many of the collection activities FIEs conduct.

For example, one foreign agent dipped his tie into a beaker containing a solution used in a product demonstration at the company’s booth. That allowed his nation later to test the solution in a laboratory and gain a technological advantage through reverse engineering. A company representative’s “simple mistake” of not maintaining vigilance in the display booth proved to be a loss for a U.S. company.

Everyone knows that the informal side meetings at trade shows can often be more valuable than keynote events. In one case, it certainly was more valuable for the Russians.

Russian intelligence officer Evgeny Buryakov specialized in economic intelligence. Under unofficial cover as a Russian banker, he attended confidential meetings at a trade association conference and learned information that the Russian government was not authorized to know.

During an international arms exhibition, Chinese nationals were discovered taking notes and videotaping every display. The group also stole a video that revealed the U.S. Theater High Altitude Air Defense System (THAAD), which a Defense Department contractor left unprotected. Among other features, THAAD protects South Korea from North Korean missiles.

Currently, China is pressuring Seoul to prevent the deployment of THAAD in South Korea because of THAAD’s ability to observe aviation threats at great distances. Because of Chinese intelligence collection, Beijing knows THAAD’s capabilities and does not want the system nearby.

Often, trade show vendors do not want their booths photographed. But sometimes foreign intelligence personnel photograph the people in the booth to gain identification information for possible recruitment. In addition, they obtain ID information through the common trade show practice of exchanging business cards.

By learning who the technical experts at various companies are, FIEs gain an advantage for future intelligence targeting. Although this method of information collection could be considered a human intelligence targeting operation, it could also assist future targeting of company communications, including email intrusions. In fact, some companies report an increase of computer intrusions after a trade show.

Extensive Scope of Trade Show Espionage

In an annual report to Congress on foreign economic collection and industrial espionage, the Office of the National Counterintelligence Executive stated: “Entities from a record number of countries — 108 — were involved in collection efforts against sensitive and protected US technologies in FY 2005, according to evidence amassed by the Counterintelligence (CI) Community. A relatively small number of countries, though — including China and Russia — were the most aggressive and accounted for much of the targeting, just as they have since the CI Community first began systematically tracking foreign technology collection efforts in 1997.”

The FBI offers pamphlets and online counterintelligence documents to help companies safeguard their information and personnel. Protecting intellectual property (IP) is important for the future of the United States and American business.

Contact your local FBI office and ask for the Counterintelligence Coordinator.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in South Korea, supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.

Will We See a Decline in Cyber Threats in 2017?

Published with Permission by:
Lint, James R., “Will We See a Decline in Cyber Threats in 2017?”, In Cyber Defense, 15 Feb. 2017, Web, http://incyberdefense.com/news/will-see-decline-cyber-threats-2017/

Commentary by James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

It’s still early enough in the New Year to make predictions about cyber threats and malware attacks in 2017.

Ransomware Exploitation

First, I think ransomware attacks will likely decline by the end of the year. Ransomware is malicious software that extortionist hackers use to lock a target’s computer with encryption and then demand payment to unlock the computer.

Criminally obtained funds from a single type of ransomware has yielded as much as $325 million, according to McAfee Labs Threats Predictions. This gives cyber extortionists the funds for research and development to overcome anti-ransomware technologies.

McAfee Labs forecasts that the effectiveness of ransomware attacks will be reduced partly due to initiatives like “No More Ransom!” and the development of anti-ransomware technologies.

Ransomware attacks might also decrease due to their widespread use in recent years and the increasing costs to mount them due to law enforcement action. There is also hope that continued law enforcement actions, including arrests and the accompanying loss of hackers’ funds, will make ransomware operations too expensive to continue.

The issue will come down to which side will overcome the other.

‘Drone Jacking’ Places Threats in the Sky

Drones have become the new tool for shippers, law enforcement, news photographers and farmers. And new uses for drones are being developed all the time. Dronejacking too is new and the threats to drones are increasing.

The McAfee Labs report states, “Recently, we saw an example of a drone outfitted with a full hacking suite that would allow it to land on the roof of a home, business, or critical infrastructure facility and attempt to hack into the local wireless network.”

The DEFCON 2015 hacking convention showed the proof of concept that an individual could take control of a toy drone. While a small toy drone is interesting, the software in it is similar to the software in more expensive and larger drones. “Dronejacking” has now entered our vocabulary and threat matrix and should be of concern to all cyber defenders.

With drone shipping, high-value items and medicines could be diverted from their intended address to another landing area. A dronejacker could sit in a pickup truck, direct a targeted drone to land in the pickup bed and steal the drone’s cargo.

Such illegal activities would precipitate a technology race for shippers to put encrypted trackers on drones to thwart hacker attacks. Drone hackers, of course, will try to develop new tools to destroy drone communications and control. In the end, it will be up to industry to build better safeguards into the drone systems and ground stations

Depending on the industry, the development of useful drones will determine when we will see the first spectacular drone hack. The first one will be for underground notoriety but after that, drone jackings will be for criminal profits. Look for drone jacking in the news near the end of 2017 or in first half of 2018.

Another prediction is that if captured drones are destroyed or lost, shippers will soon find drones too expensive to use and end the practice. An end to drone shipping would also eliminate use of the word drone jacking.

Machine Learning Accelerates Social Engineering Attacks

The McAfee Labs report warns “that cybercriminals are leveraging machine learning to target victims. We expect that the accessibility of machine learning will accelerate and sharpen social engineering attacks in 2017.”

Hackers routinely access corporate networks and collect a great deal of information on their executives and key financial personnel. Machine learning tools to conduct complex analyses are publically available, creating the opportunity for cyberattacks far more sophisticated than simple target selection. Such attacks could include probes into decision makers’ business plans, proprietary information and ancillary activities such as executives’ vacations, travel or ill relatives.

The FBI calls these well-researched cyber attacks Business Email Compromise (BEC) scams. The hackers target personnel with financial responsibility or authority to write checks. For example, by analyzing hacked corporate data, the hackers learn that the CEO is taking a trip out of the country.

The trip includes many hours of air travel, poor communications and time zone changes. That is when the threat actors send an email in the executive’s name to a company financial officer to cut a large check and send it to an account number that belongs to the threat actors.

The McAfee report further states: “Cybercriminals know that sending a well-crafted email to a financially responsible team member, purporting to be from a leader of an organization and indicating urgency, results in a meaningful success rate in completing fraudulent transactions.”

This information is all mined and analyzed with machine learning tools. These tools are much quicker and give the best advantage for threat actors because machine learning keeps improving.

Machine learning use in criminal activity and BEC will increase in 2017. The money made by organizations using machine learning and the ability to crunch large data sets will give actionable intelligence for criminal activity. This will cause an increase of the use of machine learning for crime. In the end, machine learning is cost-effective, with a business case shown by FBI statistics that “more than $3 billion has been stolen, with victims in all 50 states and 100 countries.”

Cyber Espionage Will Continue to Target Intellectual Property and Stat Secrets

“Cyber operations from China are still targeting and exploiting U.S. government, defense industry, academic and private computer networks,” U.S. Cyber Command Admiral Michael S. Rogers said last April during testimony before a Senate committee.

The McAfee Labs report agrees with Adm. Rogers. “Cyber espionage will always be present, either as part of a nation-state’s intelligence operations or run by organized groups that will hunt for proprietary intelligence and offer it for sale.”

The greatest threat will be to U.S. government organizations and defense contractors. Cyber espionage against defense organizations and contractors will continue to be a weak link exploited by adversary nation states. In the past, a spy passing off a duffel bag of classified material to his foreign handler was considered a successful spy operation. Today, with small hard drives or thumb drives, the theft of terabytes of data is not unusual.

In the last three years, there has been an increased focus by the federal government to protect classified information from traitors and cyber theft. With this emphasis, there may be more successful apprehensions like that of former NSA contractor Harold T. Martin, who has been charged with stealing 50 terabytes of classified information over a 20-year period.

Technology created some of the vulnerabilities, and technology is fixing some of the vulnerabilities. The expectation is that the duel between cyber criminals and cyber defenders will be a draw or a tied game at the end of 2017.

Police and Hackers Will Have More Successes in 2017

No one will predict an overwhelming success for either side of the battle. The police have learned and created successful takedowns in 2016 of Botnets, DDoS and ransomware attacks. But until the threat actors evaluate the risk as too high, they will not stop their attacks.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.

What We Can Learn About Technology from a Super Bowl Commercial

Published with Permission by:
Lint, James R., “What We Can Learn About Technology from a Super Bowl Commercial”, In Cyber Defense, 8 Feb. 2017, Web, http://incyberdefense.com/news/technology-super-bowl-commercial/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense

During the recent Super Bowl, Hyundai Motor America aired an emotional commercial that showed support for our military. It also showed how technology can be used to keep families connected across the world. Many people do not realize there are more than 150,000 U.S. military service members deployed to over 150 countries.

Technology Evolution Brings Military Families Closer

For decades, military communications with family members in the U.S. was through letters, which took a couple of weeks to reach their destination. In the 1980s, communications greatly improved with the placement of dedicated phone booths on overseas military posts for service members to call their families in the United States. A call from South Korea to the States cost a little over a dollar a minute.

GIs often placed their calls in cold phone booths with a waiting line outside. But they were grateful for the technology of international phones.

Now, we have email for instant written communication and Skype. With Skype, fathers and mothers on active duty away from home can see and talk to their children live from posts anywhere in the world.

Service personnel can even further their education online.

Using Technology, Hyundai Surprises Some Troops with Super Bowl Family Time

Hyundai and the Defense Department worked together to throw a Super Bowl party for soldiers stationed on a military base in Zagan, Poland. These soldiers were part of the recent deployment in early January 2017. The party included big-screen TVs and lots of food.

Three service members were selected to watch the Super Bowl in individual 360-degree immersive TV pods. The concept was to make them feel as if they were sitting in Hyundai’s luxury box at the Super Bowl.

Like many maneuvers in the military, secrecy was involved. A news embargo prevented the media from releasing details of the 90-second ad named “Operation Better” until it aired at the conclusion of the game. While the individual soldiers enjoyed the action in the pods, they were surprised to see their families actually at the game in Houston, watching in similar pods.

The technology was similar to virtual reality, but without the need to use virtual reality headsets. The cameras were similar to 360-degree cameras, but the output was transmitted onto large surround screens inside the pods.

Around the holidays, we often see stories of service personnel reuniting with their children and families on a surprise leave home. This time, the event became a technological reunion because it was the families who popped up in the soldiers’ 360-immersion pods.

The real-time ad was rapidly produced and well planned, despite the challenge of maintaining secrecy. It showed amazing coordination and operational planning. The actual surprise “visit” occurred in the first quarter and the filming was edited in the second quarter. The third and fourth quarters were used for obtaining approvals from DoD, the National Football League and Hyundai.

Future Use Is Ripe for 360-Degree Immersive Pods

On-scene immersive training, such as for crime scenes or accidents, allows police and emergency medical technicians to learn by observing a situation remotely. EMT trainees, for example, can learn without interfering in a life-threatening situation. Police trainees can observe a crime scene without disturbing evidence.

The military could use immersive pods to train patrols to be alert before an incident happens and to identify activities that hinder their ability to operate effectively. These pods could train a soldier to identify indicators of a bomb planted in the ground or an ambush. The advantage is that no one gets hurt in the pods.

This new technology for communicating means that distance is no longer a problem. For situations where details are critical, the 360-degree cameras give investigative researchers a level of detail which has never been seen before.

What Technology Will Be Available in the Future?

“Operation Better” displayed an excellent use of emerging technology in new ways. It also gave corporate America the opportunity to show its appreciation for our military by showcasing ground-breaking technology. As technology continues to improve, our lives – both civilian and military – may see some amazing innovations.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in South Korea, supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.

What to Do during the Federal Hiring Freeze

Published with Permission by:
Lint, James R., “What to Do during the Federal Hiring Freeze”, In Cyber Defense, 7 Feb. 2017, Web, http://incyberdefense.com/news/federal-hiring-freeze/

Commentary by James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

Now that President Trump has instituted a 90-day federal hiring freeze, it’s time to study the government hiring situation and improve your application. It’s time to reassess your strategy for getting a federal job and to determine if you are serious about working for the federal government.

When the hiring freeze is lifted, it’s likely that new legislation will restrict managers to hiring just one person for every two vacancies in their office. This will increase the competition and make it more difficult to get hired for a federal job.

The Manager’s View of a Hiring Freeze

It’s smart to look at federal job vacancies from a hiring manager’s point of view. After the freeze ends, I know from personal experience (as a hiring manager during the freeze of 2012-13), that managers will be eager to hire. They need employees to fulfill their agency’s mission.

Until a vacancy is filled, current employees must share the work of the vacant position. Currently, it takes at least six months from the time a hiring process begins to actually bringing a new hire onboard.

When the new employee arrives and assumes his duties, the existing staff is better able to focus on their own jobs. Overall efficiency improves and work is completed in less time than during the freeze.

It is important to remember that the hiring freeze is only for 90 days. Specific exemptions permit some federal agencies to continue to hire during the freeze.

Exceptions to the Federal Hiring Freeze

Experienced federal professionals know that every rule and regulation has exceptions. Paragraph 3 of the January 31 Memorandum: Federal Civilian Hiring Freeze Guidance from the White House lists the following hiring exceptions:

3g. Federal civilian personnel hires are made by the Office of the Director of National Intelligence (ODNI) and the Central Intelligence Agency (CIA).

3h. Appointments made under the Pathways Internship and Presidential Management Fellows programs (this does not include the Recent Graduates program). Agencies should ensure that such hires understand the provisional nature of these appointments and that conversion [to full-time employment] is not guaranteed.

3i. Conversions in the ordinary course to the competitive service of current agency employees serving in positions with conversion authority, such as Veteran’s Recruitment Act (VRA) and Pathways programs.

3r. The head of any agency may exempt any positions that it deems necessary to: Meet national security (including foreign relations) responsibilities, or public safety responsibilities (including essential activities to the extent that they protect life and property).

Cybersecurity Field Fulfills Critical Needs and Has Many Exemptions

Many cybersecurity jobs are in intelligence organizations, so those jobs are considered essential to the protection of health and safety. (Think hospital records at military facilities and the Department of Veterans Affairs.) Similarly, cyber defense jobs support foreign affairs organizations and are deemed essential to meeting national security responsibilities.

Opportunities Exist in Cybersecurity Despite Hiring Freeze

Despite President Trump’s executive order, there are still opportunities available for cyber defenders. Cyber organizations are hiring employees fresh out of college as well as service veterans.

So don’t be discouraged; the future of the federal civil service is not as bleak as media sources describe. In fact, some job seekers might think it’s more difficult now to obtain a federal job, so there could be fewer applicants and thus less competition.

Be persistent. Keep focused on your career goals and your readiness to meet the challenges of the job you seek.

About the Author

 James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in South Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and also served 14 years in the Army. His military assignments include South Korea, Germany and Cuba in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book in 2016, “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a book in 2017, “Secrets to Getting a Federal Government Job.

The Evolution of the CIA’s Area 51

Published with Permission by:
Lint, James R., “The Evolution of the CIA’s Area 51”, In Cyber Defense, 4 Feb. 2017, Web, http://incyberdefense.com/news/evolution-cias-area-51/

By James R. Lint
Faculty Member, School of Business, American Military University
Senior Editor for 
In Cyber Defense & Contributor, In Homeland Security

In Cyber Defense many people believe we are the first to worry about secrecy and tool development.  In the past, this was also an issue for defenders of America. This is a story of 1950-1980 technology development. Amazingly, they had some of the same issues, as cyber defenders today. Loss of technology can have drastic consequences.

On 27 January, a Central Intelligence Agency (CIA) retiree gave a briefing that started with a declassified slide marked Top Secret/Sensitive Compartmented Information (TS/SCI).  That is a world-class attention gainer for an audience of many people who had seen it before in proper locations.

This is the first Distinguished Lecture of the 2017 year at the National Atomic Testing Museum in Las Vegas, Nevada.  Mr. Thornton D. Barnes, author and veteran intelligence operative, gave a talk about “The Evolution of the CIA’s Area 51.”

The National Atomic Testing Museum is a national science, history and educational institution that tells the story of America’s nuclear weapons testing program at the Nevada Test Site and beyond. From Atomic Age culture to scientific and technological advances during the latter part of the 20th Century, the museum uses lessons of the past and present to better understand the extent and effect of nuclear testing on worldwide nuclear deterrence and geo-political history.

Mr. Barnes is the president of Roadrunners Internationale, the group of pilots that tested advanced military aircraft at Area 51, and the former executive director of the Nevada Aerospace Hall of Fame. Between projects at Groom Lake, Barnes worked on NASA’s Nuclear Engine for Rocket Vehicle Application (NERVA) at the Nuclear Rocket Development Station on the Nevada Test Site. Barnes also participated in Atomic Energy Commission tests of the atomic bomb. He is the author of several books, including “MiGs Over Nevada” which was approved by the CIA Public Relations Branch.

The Solution to No USAF Unarmed Aircraft – CIA

Mr. Barnes started his talk by referencing the CIA Directorate of Science and Technology History manual. He did discuss the history of how the Office of Strategic Services (OSS) evolved into the CIA. In 1950, it was found the USAF General LeMay was not interested in any unarmed aircraft at the same time Lockeed had developed high-flying reconnaissance aircraft. The CIA had been flying Air American, Inc in covert operations. The CIA became the natural choice to conduct the testing for high-flying reconnaissance aircraft.

Why Nevada for CIA Aircraft Testing Site

In 1950, Nevada had a population of 237,000 residents, and most were involved in wartime work with the military, NASA and the Atomic Energy Commission (AEC). Nevada had long been known as a military friendly state and the belief was the no one would notice yet another war activity. This is why the CIA chose Area 51 in Nevada to conduct flight testing for the U-2.

CIA created Area 51 facility and combined its air space with the adjoining US Air Force Nellis AFB gunnery range, creating the largest contiguous air and ground range. Groom Lake facility was announced by AEC that the construction would be for NASA weather research. The reality was that CIA would conduct flight test on a reconnaissance plane that was more highly classified than the Manhattan Project that developed the atomic bomb. This was done in the era where military secrecy was understood, respected, and valued.

The Commute to Work

The area was a rough undeveloped desert facility. The employees would fly in on Monday and fly home on Friday.  This was done via their own commuter flight program called Janet Airlines.  It was named after the wife of one of the early leaders of the facilities.  Secrecy was important.  They had mobile home trailers for years until temporary wood buildings, and later permanent housing was built.

The Special Projects team members were known by simple code names easy for customers to remember and to protect identity of Area 51 workers. Mr. T.D. Barnes was “Thunder.” Everything was focused on security and Operations Security or OPSEC.  The CIA Special Projects team was composed of many engineers with different specialties. They were often loaned out to other agencies, with most of them coming to Nevada Area 51. While it could be AEC, or a branch of the military, they were always called the customer for security reasons.

There were many stories of reverse engineering the Soviet Tall King Radar to use it to determine how US reconnaissance planes would appear on Soviet radar.  Stories about the various MIG-17 and MIG-21 flying to show US pilots would they would be up against in combat. Mr. Barnes had stories about the first stealth plane A-12 Blackbird and how the Special Projects team would evaluated it.  The US keeps track of the Soviet satellites.  They would move the test planes, U-2s and Stealth planes into hangers to protect against the Soviet eyes.

Successes, there were many

  • U-2 Projects Aquatone/Idealist overflew reconnaissance over Russia
  • A-12 Project OXCART developed America’s first stealth plane
  • A-12 Operation BLACKSHIELD located missiles sites in North Vietnam and located the USS Pueblo seized by North Korea
  • Projects Tagboard and Senior Bowl produced drone technology
  • MIG-21 exploitation Project HAVE DOUGHNUT revealed the reasons for US air combat losses in North Vietnam and sparked the US Navy to initiate the Top Gun Weapons School
  • MiG-17 exploitation Projects HAVE DRILL and HAVE FERRY further revealed the reasons for US air combat losses in North Korea and sparked the US Air Force to initiate the Red Flag Exercises and added aggressors to the Weapons School.
  • Project HAVE BLUE produced the F-117 Stealth plane.

The top success was the CIA produced the fastest and highest flying manned jet plane ever. The most amazing part was that they kept it secret from our enemies.

Space Aliens

It is funny how many people in America will talk about space aliens being hidden at Area 51.  The truth is that there were “UFOs” at Area 51.  They were the U-2, SR-71, A-12, D-21 drone, and other strange shaped airplanes for high altitude flight. The pilots had to wear pressurized suits which made them look strange in the 1960s. The mission was secret. In all of the stories, Area 51 was a success because the CIA developed stealth technology, evaluated proof of concepts, exploited our enemy’s technology, and flew reconnaissance flights over denied territory.  Overall, Area 51 was a highly successful area that promoted American defense. Today’s Cyber Defenders could learn from the past.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded the 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and also served 14 years in the Army. His military assignments include South Korea, Germany and Cuba in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and Secrets to Getting a Federal Government Job.

Giuliani Appointment Puts Administration Spotlight on Cybersecurity

Published with Permission by:
Lint, James R., “Giuliani Appointment Puts Administration Spotlight on Cybersecurity”, In Cyber Defense, 20 Jan. 2017, Web, http://incyberdefense.com/news/giuliani-appointment-cybersecurity/

By James R. Lint
Faculty Member, School of Business, American Military University
Contributor, In Homeland Security

Donald Trump announced last week that former NYC Mayor Rudy Giuliani will be advising the new administration on cybersecurity issues.

Giuliani will head an advisory group from the corporate world because of his “long and very successful government career in law enforcement, and his now sixteen years of work providing security solutions in the private sector,” according to a statement by the Trump transition website.

Trump will host “a series of meetings with senior corporate executives from companies which have faced or are facing challenges similar to those facing the government and public entities today, such as hacking, intrusions, disruptions, manipulations, theft of data and identities, and securing information technology infrastructure,” the GreatAgain.gov website explains.

The goal is to improve the planning and implementation for increasing security of computer systems by drawing on the knowledge and input of corporate leaders. Cybersecurity has become a key issue for Trump, since U.S. intelligence agencies blamed Russia for recent hacking attacks during the U.S. presidential election campaign.

New Cybersecurity Initiative Using Several Avenues to Share Information

The Department of Homeland Security has several avenues to share information with public corporations. Executive Order 13691, Promoting Private Sector Cybersecurity Information Sharing directs DHS to engage “in continuous, collaborative, and inclusive coordination” with information sharing and analysis organizations (ISAOs) via the National Cybersecurity and Communications Integration Center (NCCIC). The NCCIC coordinates cybersecurity information sharing and analysis among the federal government and private-sector partners.

These organizations were created for each of the 16 critical infrastructure sectors. The information technology sector has many government and private sector participants. It appears this new initiative aims to get corporate executives to participate and solve cyber security problems.

What Will Giuliani’s Role Be?

Giuliani’s role in this new cybersecurity initiative is not clear. For example, what will his official position be and how will he interact with DHS? The DHS Office of Cybersecurity and Communications (CS&C) is part of the National Protection and Programs Directorate. Will Giuliani coordinate with the CS&C? Or will he plan for or give direction to the office?

The U.S. Computer Emergency Readiness Team (US-CERT) has broad knowledge of and experience with federal computer systems. The Defense Department is required to report an incident to US-CERT within 12 hours. Public-sector organizations can voluntarily report incidents to US-CERT.

Will Giuliani receive briefings from US-CERT? Will he have the reports filtered via CS&C?

The bottom line is that the new administration sees the value of and need for improved cybersecurity. It appears to be a growing business. It will also be an area for improved employment prospects.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in South Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and also served 14 years in the Army. His military assignments include South Korea, Germany and Cuba in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” and a new book in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea.”

New Phishing Technique Puts Gmail Accounts at Risk

Published with Permission by:
Lint, James R., “New Phishing Technique Puts Gmail Accounts at Risk”, In Cyber Defense, 17 Jan. 2017, Web, http://incyberdefense.com/news/phishing-technique-gmail-accounts-risk/

By James R. Lint
Faculty Member, School of Business, American Military University
Senior Editor for
In Cyber Defense

Cyber attackers have found a new, highly effective phishing technique targeting Gmail and other services, according to a recent article on Wordfence.

Author Mark Maunder writes “an attacker will send an email to your Gmail account. That email may come from someone you know who has had their account hacked using this technique. It may also include something that looks like an image of an attachment you recognize from the sender.

You click on the image, expecting Gmail to give you a preview of the attachment. Instead, a new tab opens up and you are prompted by Gmail to sign in again….Once you complete sign-in, your account has been compromised.”

Maunder surmises that the attackers must be on hand and ready to exploit your account because of the speed with which they respond. They sign into your account and send emails with your attachments using your subject lines from previous emails to people in your address book.

This is a very effective phishing technique to use against the people who trust you. The hacking crew is large enough to spread across several time zones and exploit your English-language email account. More analysis of this phishing technique might reveal what other languages are being used for this phishing method and help locate the attackers by their unique skill sets.

Using Gmail Single Sign-On Services Is Risky for Your Account

The comfort of Single Sign-On services for your Gmail credentials creates a security risk for your account. As we get more comfortable using these services and customers ask for more ease of operation, we will have to consider the impact of risk that comes with the ease of operation.

The Wordfence article shows a “data URI” (Uniform Resource Identifier) with the complete file in the browser location bar. This data URI provides a method to include in-line data in web pages as if they were normal external resources.

The data:text link line in the browser bar is actually a disguised script. This script opens a fake Gmail login page. When you log in, it sends your real credentials to an attacker. Ideally, you should review the whole browser address window and ensure there is not a script hiding further inside the window.

Always Check Your Browser’s Location Bar

The Wordfence article, US-CERT best practices and other experts say it is best to check the location bar in your browser to determine if you are clicking on the correct website. Just because you click on something that states: “We will make you rich, click link” does not mean it is the correct link.

In fact, here is a safe example. Click on this link: “We will make you rich.

The link will NOT make you rich, but it sends you to the US-CERT Best Practices Page. Be sure to check your links before you click on them to see whether they match.

A reader comment from Google suggests that most any HTTP or HTTPS could have phishing code. The reader says the address bar in a browser window remains one of the few trustworthy components in a browser program.

To say that the browser address bar is highly trusted is inviting the next skilled hacker to show his capability. We do not know what the future will hold in terms of security and hacker attackers. However, I would not bet on the safety of any material you wish to keep private.

It is wiser to remain up to date with your security software and to study new cyberattacks when you hear about them to keep your computers and mobile devices protected.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in South Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and also served 14 years in the Army. His military assignments include South Korea, Germany and Cuba in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” and a new book in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea.”

Managing Multiple Generations: Issues, Problems and Language

Published with Permission by:
Lint, James R., “Managing Multiple Generations: Issues, Problems and Language”, In Cyber Defense, 24 Jan. 2017, Web, http://incyberdefense.com/news/managing-multiple-generations/

By James R. Lint
Faculty Member, School of Business, American Military University
Senior Editor for 
In Cyber Defense and Contributor, In Homeland Security

In the world of cyber defenders, we often see multiple generations working in the same office. We see the Millennials, GenXers and Baby Boomers who have seniority and management skills. However, has the world changed when it comes to managing a multiple-generation organization?

Dan Coates is an authority on marketing and research about youth and the millennial market. At the recent 2017 SHOT Show’s Executive Management Seminar, he discussed how various generations view management.

His ideas can help improve management skills in many areas. The need for better management is critical as the government tries to hire more cyber security personnel.

What Makes Generations Unique?

Coates looked at what makes the generations unique. What made Millennials unique was technology. It was their top concern, twice as important as that of Gen Xers. Millennials want IT upgrades and better hardware and software.

Boomers rated the work ethic as the number one concern among those factors that made their generation unique. After all, who are today’s managers?

Coates’ research found Millennials’ second top focus was music and culture. For Gen Xers, it was work ethics, while Boomers cited respect.

With this diversity of focus among different generations, there is the potential for workplace issues. That focus could cause Millennials to perceive older workers as too much like “stuffed shirts,” while Millennials are seen as undisciplined by Gen Xers and Baby Boomers.

Managers should give consideration to each generation’s unique qualities as they deal with different generations in the workplace. Training and managing expectations might calm workplace issues before they become problems that interfere with productivity.

Each Generation Has Its Own World Views

Coates explained that each generation has a unique experience and point of view. Their generational characteristics shape the way they view the world.

To effectively communicate with employees, managers should consider the generation they address. Thinking of generation communications as three different languages could help improve workplace communication.

Tips for Working with Generation Xers

  • Show how the discourse affects them. What is the impact on them?
  • Focus on skills development. Explain how they can develop and grow.
  • Show proof of what you’re discussing. Give examples of improvements that can be made and provide websites.
  • Keep it concise. Make the bottom line simple, straightforward and to the point.

Tips for Working with Millennials

  • Emphasize “the cause” first; they want to make an impact on the world. The military calls this “mission focus.”
  • Be highly visual. Millennials are a visually driven group and prefer images over text.
  • Think online and offline. Digital natives need digital points in addition to in-person reinforcement, because they live online and offline simultaneously.
  • Use peer influence. Give examples of peer successes.

Examine the Possible Solutions

Many of these tips and comments have been raised in executive management seminars and MBA courses, but Dan Coates separates them into generational targeting. If your office is having personnel issues, check to see if they are multi-generational in nature and try some of these tips. The solution of workplace problems may lie in dissecting the players by generation and looking for the solution as a targeted segment.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in South Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and also served 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” and a new book in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea.”