Espionage against the US Continues, Even After the Cold War

Published with Permission by:
Lint, James R., “Espionage against the US Continues, Even After the Cold War”, In Homeland Security, 21 July 2017, Web, https://inhomelandsecurity.com/espionage-against-the-us-continues-even-after-the-cold-war/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

This article is the first in a series on espionage.

There are still people who think of espionage as part of the old Cold War and in the past. The reality is that espionage is all around us.

It’s widely assumed that foreign espionage is focused solely on the U.S. military and State Department to gain insight on military actions and foreign policy. Sadly, that thinking is also incorrect.

Foreign espionage agents not only target the military’s current actions and future movements, but also military research and development (R&D) to learn what emerging technologies are a potential threat to their hostile countries. R&D information is stolen to protect or strengthen the countries that steal it.

Spying Is a Way to Understand Foreign Politics and Increase Wealth

Espionage is also a way for nation-states to understand the current geopolitical situation and to prevent wars. Some countries, however, commit economic espionage to increase their wealth by targeting information that can expose national or industrial intentions and capabilities.

The FBI reports that “as a result of a string of high-profile espionage arrests by the FBI and its partners, the press dubbed 1985 as the ‘Year of the Spy.’” With a string of apprehensions, hostile nations were put on notice that espionage against the United States would not be tolerated; spies who were caught would be sentenced to long prison terms or deported.

The string of arrests in 1985 was a blow to those hostile countries – mainly China and the Soviet Union – because the apprehensions shut down some of their intelligence gathering into U.S. intentions.

At the same time, it is often counterproductive to arrest espionage agents because U.S. intelligence agencies then have the always difficult task of identifying and capturing their replacements. It’s no wonder that U.S. counterintelligence agents often prefer to leave foreign agents in place and provide them with false intelligence or, even better, turn them against their own country.

The “Year of the Spy” was a good reminder to the public and to our enemies that we know espionage agents operate against the United States. The publicity surrounding the spies’ arrests helped educate the next generation of homeland security, military and intelligence professionals and provided memorable case histories for instructors to use as real-world espionage examples.

What Is the Current Espionage Situation in the US?

In a March 2016 speech to the conservative Heritage Foundation, Mike Rogers, former head of the House Intelligence Committee, stated that there are more spies in the United States today from foreign nation-states than at any time in our history — including the Cold War. “And they’re stealing everything. If it’s not bolted down, it’s gone,” Rogers said. “And if it’s bolted down, give them about an hour — they’ll figure out how to get that, too.”

In 2012, Foreign Policy magazine reported that several thousand foreign intelligence officers operate openly in Washington, D.C., from dozens of embassies and international organizations.

What few people realize is that we have little privacy or rights from foreign intelligence agencies. The Russians have targeted U.S. political and military intelligence organizations for many decades. Chinese spies target intellectual property in addition to political and military intelligence. While the Russians send skilled intelligence officers, China often relies on people untrained in espionage, but who have access to targeted information or to those who know how to gain that access.

Recent Successes in Hostile Espionage

The Chinese intelligence service created what is known in spycraft as a “honey trap” for 59-year-old Benjamin Bishop, a married defense contractor with a top-secret security clearance. Bishop was a retired lieutenant colonel working at the U.S. Pacific Command in Hawaii when he met a 27-year-old Chinese national in the U.S. on a student visa. Bishop provided her with numerous classified documents during their three-year affair.

“In court, Bishop’s attorney, Birney Bervar, characterized the couple’s exchange of secret information as an act of love, not espionage,” Foreign Policy reported.

But in 2014, a military court in Honolulu sentenced Bishop to more than seven years in prison “for passing national defense secrets to his Chinese girlfriend and illegally keeping numerous classified documents at his home,” according to the Reuters news agency.

Similarly, former NSA contractor Edward Snowden and U.S. Army soldier Chelsea Manning conducted espionage or participated in the loss and distribution of classified information to non-cleared actors, including foreign intelligence services. Distributing classified information to the public or anyone without proper security clearance is a crime. Some people call this action the “insider threat,” but it mostly falls under theft and espionage.

This article was adapted from my article, “The Espionage Threat Is Real: Strategies for the Next Insider Task Force.” That article placed second in the Military Writers Guild 2017 Competition.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

A New Trojan Horse: The Kaspersky Software Hack of US Intelligence

Published with Permission by:
Lint, James R., “A New Trojan Horse: The Kaspersky Software Hack of US Intelligence”, In Cyber Defense, 18 October 2017, Web, https://incyberdefense.com/james-lint/kaspersky-hack-us-intelligence/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
InCyberDefense and Contributor, In Homeland Security

According to legend, when the warring Greeks were unable to pierce the defenses of the city of Troy, they presented Troy with a gift — a huge, hollow wooden horse known as the “Trojan Horse.” Since then, the term “Trojan horse” has come to refer to subversion or sabotage from within.

Beginning in the late 20th century, the term was applied to deceptive computer codes that seemed like legitimate applications. However, this software was actually written to deliberately damage or disrupt a computer’s programming or to steal information from it.

If Software Seems Too Good To Be True, It Is When it’s Made in Russia

Sometimes when something looks too good or is priced too low, it usually is too good to be true. So imagine a large nation-state that was the West’s main foe during the Cold War creating software to help the West. Would you buy its software to protect your systems?

Can Antivirus Software Be an Espionage Tool?

Amazingly, U.S. government agencies and others did just that; they bought expensive enterprise packages of Kaspersky Lab’s antivirus cyber security software from Russia. According to US-CERT, “anti-virus software scans files or your computer’s memory for certain patterns that may indicate the presence of malicious software.”

Now, as the result of new revelations, buying Russian-made software is reminiscent of the Trojans taking their equine gift inside their city walls. Of course, that did not work out so well for the people of Troy. That night, Greek soldiers hidden inside the Trojan horse got out, opened the city gates and allowed their army to take the city.

A recent New York Times article revealed how the Israelis hacked into Kaspersky Lab’s own network and alerted the National Security Agency (NSA) to the Russian intrusion into U.S. government computer systems.

“The Russian operation was known to have stolen classified documents from a National Security Agency employee who had improperly stored them on his home computer, on which Kaspersky’s antivirus software was installed,” the Times story said. “What additional American secrets the Russian hackers may have gleaned from multiple agencies, by turning the Kaspersky software into a sort of Google search for sensitive information, is not yet publicly known.”

Who Paid Kaspersky for This Russian Espionage?

The revelation exposed how easily Russia was able to target American individuals and government organizations for espionage. The irony here is that Americans paid Kaspersky Lab for the privilege of using its antivirus software that sucked out their information and sent it to Russia. Russia ran an espionage operation against the U.S. sponsored by a Russian business and possibly by the Russian government.

As the Times reported: “For years, there has been speculation that Kaspersky’s popular antivirus software might provide a back door for Russian intelligence. More than 60 percent, or $374 million, of the company’s $633 million in annual sales come from customers in the United States and Western Europe. Among them have been nearly two dozen American government agencies — including the State Department, the Department of Defense, Department of Energy, Justice Department, Treasury Department and the Army, Navy and Air Force.”

The Greeks gave Troy the Trojan Horse for free; the Russians did the Greeks one better. They made the West pay millions of dollars for their digital Trojan horse.

Kaspersky’s business was a wonderful way to help boost the Russian economy and add jobs at a time when oil prices had dropped. It was also a brilliant espionage operation, which could bring further income to Russia from the theft of Western research and development (R&D) information and economic espionage.

Although Their Espionage Succeeded, Russian Creators Won’t Receive Public Recognition

When you look at the U.S. government agencies that used the Kaspersky Lab software, you see a textbook list of targets for a hostile nation-state or competitor. You rarely see, however, this group of espionage targets paying a foreign power to take their information, intelligence and research and development materials.

The Russians who thought up and perpetrated this Trojan horse operation probably received a wonderful reward from a very grateful Russian government. As is common in the intelligence field, the creators probably will never be able to talk about or share their award outside the Kaspersky offices or the Kremlin walls. After all, they do not want a foreign power learning their secrets.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016, “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017, Secrets to Getting a Federal Government Job.”

Regular Software Patches Could Have Prevented Equifax Breach

Published with Permission by:
Lint, James R., “Regular Software Patches Could Have Prevented Equifax Breach”, In Cyber Defense, 3 October 2017, Web, http://incyberdefense.com/james-lint/regular-software-patches-prevented-equifax-breach/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

We often think of Equifax as a company that can be trusted to securely save and control our personal information. But as CNN Money’s Kaya Yurieff reported in September, “A huge security breach at credit reporting company Equifax has exposed sensitive information, such as Social Security numbers and addresses, of up to 143 million Americans.”

It seems that some rookie mistakes were made. However, this breach provides good lessons that can be used to protect future victims.

Splitting Up Your Security May Make for a Weaker Brand

Wired Magazine reported that Equifax started directing potential victims of the breach to a new, quickly constructed website called “equifaxsecurity2017.com.” However, “quickly” often does not mean securely built. Bugs were found in the new site, which was ostensibly designed to discuss protection from breaches.

This revelation is not a confidence builder for Equifax victims. It would have been logical to put the information on the website Equifax.com, which was already online and branded. Using the existing Equifax website would have given customers more confidence that they were getting the correct information.

One possible reason for this change to a new website might have been that Equifax did not trust its own security on its branded website. Yes, Equifax was hacked, but it was the databases containing personal information that were hacked. Normally, the main website could be secured again quickly from a backup disk.

The new website asked people to input the last six digits of their Social Security number to check if their information was compromised in the breach of Equifax servers. But the website asking for this information also had bugs.

Again, that was not a confidence builder for Equifax. Future organizations in Equifax’s situation will probably try to remain on their branded sites.

Using an Established Branded Website versus a Non-Branded Website

Nick Sweeting, a web developer, thought it strange for Equifax to set up a non-branded website. He set up “securityequifax2017.com” (note: the fake site’s name was a simple transposition of two words) to show how traffic could be driven to a wrong or malicious website. Sweeting created the site not to cause harm, but to show the potential damage a non-branded website could do.

Sweeting set up the bogus phishing site to expose vulnerabilities that existed in Equifax’s response page. “I made the site because Equifax made a huge mistake by using a domain that doesn’t have any trust attached to it [as opposed to hosting it on equifax.com],” Sweeting told The Verge.

Compounding the confusion for Equifax victims, customers were sent to Sweeting’s website when they called the Equifax help desk. One Equifax employee even tweeted Sweeting’s fake website four times. Luckily, the alternate URL was not malicious.

“A day after the breach and launch of the legitimate help website, scammers had created 194 phishing websites that shared similar addresses with equifaxsecurity2017.com,” USA Today reported on September 21.

Equifax Acknowledged that It Failed to Ensure Software Patches Were Properly Installed

According to a September 24 Wired article by Lily Hay Newman, “The fact that attackers got into Equifax’s systems through a known vulnerability with a patch available galls security analysts. But the company also acknowledged that it knew about the patch when it was first released, and had actually attempted to apply it to all its systems.”

The fact that the company failed to ensure that the patches were properly installed and tested does not bode well for any future court actions against Equifax.

Newman also quoted Michael Borohovski of Tinfoil Security, who commented on Equifax’s mistake of tweeting out the wrong website for victims of the hack: “When your social media profile is tweeting out a phishing link, that’s bad news bears.”

We like to believe that large companies holding the credit history of over 100 million Americans is incredibly strong. Sometimes, that is an illusion.

In this case, just as in the WannaCry ransomware attacks, the Equifax security breach could have been prevented if the company had installed updates on all of its systems. However, this did not happen and Equifax became the latest victim of a preventable hack.

Former Equifax CEO to Face the Senate Committee on Banking, Housing and Urban Affairs on October 4

Equifax’s former CEO, Richard Smith, is scheduled to talk with a Senate committee on October 4. Their discussions will cover Equifax’s security lapses and the Equifax executives who sold stock before this breach was discovered. Currently, there is no proof of insider trading on privileged information, but the appearance of wrongdoing is there.

One of the worst management mistakes made by Equifax in the handling of this incident was stated in CNN Money. Journalist Jackie Wattles noted that “Equifax initially asked affected customers to give up their right to sue the company in exchange for credit monitoring services.”

The concept of breaking even or making a profit during a crisis breach is unusual. Many victims viewed it as outrageous that Equifax wanted to charge fees for doing credit freezes to protect themselves from Equifax’s errors.

Additionally, the idea of giving up the ability to sue for damages in exchange of protection created a public relations nightmare. The company stock has rapidly fallen by 32%. This shows that crisis management and cyber defense failures are costly to executives who are often paid bonuses based on stock prices.

Did State-Sponsored Espionage Play a Role in the Equifax Hack?

While investigations are still continuing, the hackers who penetrated Equifax used techniques that are similar to the techniques used by nation-state hackers. Bloomberg reported, “One person briefed on the probe being conducted by the Federal Bureau of Investigation and U.S. intelligence agencies said that there is evidence that a nation-state may have played a role, but that it doesn’t point to China. The person declined to name the country involved because the details are classified.”

Later, the same article showed that “One of the tools used by the hackers — China Chopper — has a Chinese-language interface, but is also in use outside China.” Most espionage hacks have layers to hide the true identity of the nation-state doing the hack. It will take a few more months to hopefully work towards the attribution of a nation-state identity.

The Golden Rule of Cybersecurity: Patch Now, Patch Often

If this were a humorous article, it might be worth mentioning that in Argentina, Equifax had a system running on weak credentials. Both the login and the password were “admin.”

Of course, this is not a humorous article. The havoc caused by the Equifax breach will last for years. And it could all have been avoided by simply updating the system with the new software patches.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

Kasparov Urges DEFCON Participants to Use AI More and Kaspersky Security Software Less

Published with Permission by:
Lint, James R., “Kasparov Urges DEFCON Participants to Use AI More and Kaspersky Security Software Less”, In Cyber Defense, 3 August 2017, Web, http://incyberdefense.com/james-lint/kasparov-urges-defcon-participants-use-ai-kaspersky-security-software-less/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

Between July 27 and July 30, the annual DEFCON Hacker Conference celebrated its 25th anniversary in Las Vegas.

DEFCON began in 1992, when Platinum Net, a Fido protocol-based hacking network, held a party in Las Vegas for members of Bulletin Board Systems (BBS) and their users. The party was organized by Jeff Moss, an American hacker, computer and Internet security expert.

Since then, the DEFCON community has grown to more than 20,000 attendees. The talks and skills of the presenters have grown over the years along with technology.

Featured Speaker Garry Kasparov Says AI’s Power Should Be Harnessed for Cybersecurity

Garry Kasparov, a chess Grand Master who was beaten at his own game by IBM’s Deep Blue supercomputer, spoke on the first day. He called for using artificial intelligence (AI) for cyber security. Kasparov’s new book, “Deep Thinking,” forecasts a bright future once we use the full power of computing and AI.

Kasparov acknowledged that machines and computers likely will eliminate some jobs in the future. However, technology also will create new jobs for people with an understanding of how to harness and expand AI.

He also called for banning Kaspersky Internet security software from U.S. government offices. Kasparov wants the new administration to ban the software because he believes Eugene Kaspersky is connected to Russian intelligence, a statement backed up by U.S. intelligence services and news reports.

Safe-Cracking Robots Discover Combinations in Less than One Hour

DEFCON also featured a 45-minute demonstration of how a robot could open a security container or safe. It was so successful that the exhibition ended early. The robot opened the secure container in about 30 minutes.

Originally, it took the robot three hours to break into the safe. But through applied mathematics, the robot’s creators, first-time DEFCON participants, solved the combination manipulation process. The demonstration also made the federal employees in the audience worry if government security systems could be defeated in such a short time.

25 Years of Continued Education

I’ve attended DEFCON since 2005 and I’ve found each year’s gathering was a learning event. Attendees return home smarter employees.

DEFCON is where you can see new threats to security and solutions to some security issues. The admission price is low, the networking is impressive and learning happens every year.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

DEFCON Hacking Conference Features Diversity as Its Mission

Published with Permission by:
Lint, James R., “DEFCON Hacking Conference Features Diversity as Its Mission”, In Cyber Defense, 3 August 2017, Web, http://incyberdefense.com/news/defcon-hacking-conference-features-diversity-mission/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

The DEFCON Hacker Conference in Las Vegas celebrated its 25th anniversary on July 28-30, 2017, in Las Vegas.

People keep coming back to DEFCON because of the unique quality of the conference presentations. They are often on topics that most organizations would not want to publicize: computer hacking, robots hacking safes, implanting passwords and cognitive memory. The speakers are all experienced in the hobby and profession of hacking into computers.

Yesterday’s ‘Hackers’ Are Today’s ‘Security Researchers’

DEFCON attendees who stroll DEFCON’s villages for information and new security ideas are sometimes called “hackers.” Many of the old “hackers” now have titles like information technology “researchers” as industries fight to hire those who can think outside the box and discover computer vulnerabilities before they become problems. Brilliant people discovering problems to be solved are important, but how they label their “hobby” is no longer important.

Multiple ‘Villages’ Are Devoted to Diverse Topics

DEFCON’s mission of diversity is fostered by “villages,” a series of conference areas devoted to specific topics. For example, the Biohacking Village website describes it as “a biotechnology conference focused on breakthrough DIY, grinder, transhumanist, medical technology, and information security along with its related communities in the open source ecosystem.”

Cars Hacking Village Offers Information to Correct Auto Industry Vulnerabilities

The Car Hacking Village, now in its third year at DEFCON, has been helpful to the auto industry in exposing vulnerabilities before a crisis. The wireless interfaces built into today’s vehicles make them virtual computers on wheels.

Computers have been hacked for decades, so why would anyone expect cars not to be hacked? One of the talks this year, “That’s no car. It’s a network!” explained how auto manufacturers try to discover software and network vulnerabilities from improperly written software code before there is a fatal crash.

Crypto and Privacy Village Provides Platform for Discussing Privacy Maintenance

The Crypto and Privacy Village provides little information online, which says something about its focus. One of the scheduled talks, “Privacy is Not An Add-On: Designing for Privacy from the Ground Up,” described different ways to maintain privacy using a variety of tools.

Hardware Hacking Village Discusses VoIP, Reverse Engineering and Sustainability

Discussions in the Hardware Hacking Village ranged from VoIP (Voice over Internet Protocol) phone hacking to reverse engineering. An unusual workshop explained component desoldering and recovery, which are useful techniques as landfills are filling up with technology waste.

Internet of Things (IoT) Village Promotes Security Advancements

According to its website , “IoT Village delivers advocacy for and expertise on security advancements in Internet of Things devices.” This is one area that has many people in business worried about security being an afterthought. Over the years, the DEFCON IoT Village has displayed and discovered 113 new vulnerabilities in connected devices that were reported to manufacturers so they can make their devices safer and more secure.

Packet Hacking Village Pinpoints Security Vulnerabilities

The Packet Hacking Village featured talks and hands-on workshops. It also had an interesting presentation schedule that included its “Wall of Sheep” display, highlighting vulnerable systems that are ready “for slaughter.” Visitors were able to have a free security assessment to ensure that their system was not listed on the Wall of Sheep.

Other Villages Offer Additional Topics of Interest to Attendees

Other villages included social engineering (also known as human hacking), wireless, lock picking, Industrial Controls Systems and the Packet Hacking Village. To show the ability of DEFCON to evolve and stay current, there was even a Voting Machine Hacking Village.

Multiple Villages Provide a Variety of Information for Hackers and Security Researchers

The multitude of villages helps DEFCON to improve each year. These improvements provide both hackers and security researchers with learning and growth areas, while they exchange topics and new tools to improve the security of our networks and cyber programs. As the skills of DEFCON attendees improve, they will be better able to handle current and emerging cyber threats.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

BSidesLV Information Security Conference Provides Useful Job Information

Published with Permission by:
Lint, James R., “BSidesLV Information Security Conference Provides Useful Job Information”, In Cyber Defense, 27 July 2017, Web, http://incyberdefense.com/james-lint/bsideslv-information-security-conference-provides-useful-job-information/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

In addition to learning more about information security, the BSidesLV Information Security Conference in Las Vegas is a target-rich environment for gaining information about jobs. In some cases, you might even have the chance to interview with potential employers as well.

Amazon Offers Jobs to Military, Military Spouses and Dependents

I saw someone at BSidesLV wearing a shirt that read “Warriors@Amazon.” He was a former Marine who now works for Amazon. He talked about how Amazon offers some of the same camaraderie that most military members miss after getting out of the service.

In fact, Amazon has three job websites that relate to the military. One website discusses the military community within Amazon. It states that “Amazon Warriors is made up of Amazonians who have served in their respective country’s military forces, those who are still serving and all Amazon employees who support them. The group’s mission is to provide its members a professional network and a means to organize community outreach programs, to aid veterans during their transition into the Amazon workforce and to be a resource for recruiting top military talent.”

The second website is about jobs for service members transitioning out of the military, veterans and military spouses. The website includes a quote from owner and founder Jeff Bezos about the military needs of Amazon. Bezos says, “We actively seek leaders who can invent, think big, have a bias for action and deliver results on behalf of our customers. These principles look very familiar to men and women who have served our country in the armed forces, and we find that their experience leading people is invaluable in our fast-paced work environment.”

Amazon’s third website offers support to military dependents, often called military brats. In Amazon’s Career Choice program, Amazon pre-pays up to 95 percent of tuition for courses related to in-demand fields, regardless of whether the skills are relevant to a career at Amazon. The website also states, “Investing in our employees is one of the many reasons Amazon is an employer of choice for military families.”

#brainbabe – Advocating and Supporting Women in Cyber Jobs

Cyber or information technology conferences often lack many female participants. One organization that supports bringing women into the information security profession is the nonprofit #brainbabe.

Its mission statement notes that “#brainbabe is directly impacting three statistics:

10% of the cyber security workforce [are] women, 1% of the cyber community are women leaders, 53% of women end up leaving the industry.”

#brainbabe supports changes that will attract and utilize women in cyber security. On #brainbabe’s website, Deidre Diamond, #brainbabe’s founder and CEO, discusses her background and states, “As a woman who was hired as an entry-level employee with a liberal arts degree and trained to lead sales teams for tech companies, who has been the CEO of a software company, and who is currently the Founder and CEO of a cyber security company, I have a lot of content and enthusiasm to offer the tech community about training people — specifically, women.”

Diamond is a motivated person who strongly believes in training. She and her crew often attend conferences such as BSidesLV and speak about how to increase the cyber workforce by training and bringing more women into cyber security.

She says on the website, “We can attract more women into cyber security while fostering the interpersonal and communication skills needed to retain them.” The training and improved communication skills may be a solution for growing our future cyber workforce in both the corporate world and government sector.

New People You Meet at Conferences Are a Rich Source of Industry Information

Attending conferences such as BSidesLV is more than just about learning in a conventional manner as you listen to scheduled talks. It is also about meeting people in the booths, on the floor or at lunch tables.

By meeting others at the conference, you sometimes learn just as much information as you do at formal presentations. Conferences show that learning happens everywhere, if you keep your eyes and brain open to new ideas.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

First Day at BSidesLV Information Security Conference Offers Insightful Lessons

Published with Permission by:
Lint, James R., “First Day at BSidesLV Information Security Conference Offers Insightful Lessons”, In Cyber Defense, 26 July 2017, Web, http://incyberdefense.com/james-lint/first-day-bsideslv-information-security-conference-offers-insightful-lessons/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

The BSidesLV Information Security Conference was filled to capacity on the first day of the show. This free conference has grown in popularity over the years, generating lots of interest because of its excellent speakers and topics.

Both the speakers’ pool and the various interest tracks enlighten experienced professionals as well as young people looking to break into the information security field.

Security Innovator Urges Business to Involve CSOs in Their Operations

Allison Miller delivered one of the opening addresses. Miller has worked at the intersection of cybersecurity, human behavior and predictive analytics for almost two decades.

She is an innovator in the security industry’s data-driven detection technology, specifically within security, anti-fraud/anti-abuse and payments/commerce systems. In her talk, “Something Wicked: Defensible Social Architecture in the context of Big Data, Behavioral Exon, Bot Hives and Bad Actors,” Miller urged companies to integrate their chief security officers (CSO) into their business operations.

A CSO pushed to the side or not in the boardroom often does not have the full picture of the organization, she said. That results in the CSO not having enough knowledge to protect all organizational assets or to understand what targets would attract hackers.

Miller noted that with so much new and expensive technology on the market, CSOs must understand that their purchasing decisions have a cost. Miller said CSOs must know how to communicate new technologies’ return on investment (ROI) to the board members.

Today’s cyber defenders must design architectural systems that operate in real time at Internet speeds, while also protecting millions of customers, transactions, end points and actions on any given day. As scale and complexity grow exponentially, manual intervention must be the exception and not the expectation, Miller noted. The future is new design-driven approaches infused with data and artificial intelligence to bolster cyber defenses.

Penetration Tester Recounts How He Accidentally Got a Job in Information Security

Johnny Xmas is a penetration tester for Chicago-based MMS and security assessment firm Redlegg International. Xmas shared his story of weaving through many career beginnings, but never gaining traction on a career path.

His passion for computers and technology led to many short-term contract jobs. Xmas became the man people called to solve computer problems, but no one ever wanted him for a full-time job.

His career path changed one evening while he and his roommates were having their weekly board game night. One of the new players, who turned out to be a senior information security professional at Office Max, said he was looking for someone to hire who was well versed in information security. Xmas spoke up and got the job.

Xmas told the audience to take advantage of social events because you never know who is attending. You won’t get a job if you don’t network and let people know you are interested in working for them, he added.

Security Mentor Explains What a Career in Public Service Is All About

Bobbie Stempfley has been a mentor to many aspiring security professionals. She reviewed her career in the Hire Ground Track of BSidesLV. Hire Ground gives job seekers resume reviews and interview practice.

Stempfley said her engineering degree wasn’t much use when she started her career as an intern shredding documents for the Army. However, she gained skills and a good deal of knowledge by observing how information security professionals went about their jobs.

That internship launched her decades-long career in public service with the Army, Department of Energy and the Department of Homeland Security. In 2015, Stempfley resigned as DHS Deputy Assistant Secretary of the Office of Cybersecurity and Communication to take a position with The MITRE Corporation.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

Cybersecurity Hazards Abound in Airports, Parking Lots and Conventions

Published with Permission by:
Lint, James R., “Cybersecurity Hazards Abound in Airports, Parking Lots and Conventions”, In Cyber Defense, 19 July 2017, Web, http://incyberdefense.com/james-lint/cybersecurity-hazards-abound-airports-parking-lots-conventions/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

With so much public attention to viruses, ransomware and cyberattacks, you might think that you’ve heard all the possible ways someone can attack your computers or mobile devices. But there are many bad actors who have devised devious ways to get your data through public charging stations, USB hub power stations and thumb drives.

Public Wi-Fi Poses a Cybersecurity Risk

Watch out for Wi-Fi hotspots that are not sponsored by an airport or your hotel. If you notice that the airport or hotel’s Wi-Fi service has a slight variance in the service’s name or has a #2 added to the actual name of the hotspot, that is a fake hotspot used by scammers. Others can access your computer or phone and use it as a launch pad for other activities.

Public Charging Stations Can Collect Your Private Data

For the convenience of travelers, airports offer free charging stations. However, “free” is not always good and it is easy for a tired traveler to make security mistakes.

A new way for hackers to access your data is through phone data cords plugged into “free” USB charging stations. These phone data cords can also be used to connect your phone to a USB port on your laptop. When you transfer data or pictures from your phone to your laptop, for example, that data or those images are vulnerable to a hacker.

Unfortunately, some USB charging hubs have more than just a charging capability. They can contain a hidden hard drive that can suck in your personal photographs, an important PowerPoint presentation or Word documents relating to your company’s business. This type of data is valuable and eagerly sought by hackers.

USB Hub Power Stations Could Also Be a Cybersecurity Risk

Be wary of public USB hubs with eight plug-in ports. When you plug your USB device into one of these ports, do you know the people around you who are also plugged into the ports? Your company’s competitors or your government’s enemy could be using those same ports.

That same hub could be configured to allow one port to pull data from the other ports by introducing a new motherboard or modifying the existing motherboard in the USB hub power station. Most of us have no idea of that potential for hacking when we blindly plug in our devices and are happy to get free power. Depending on the data loss you could incur, maybe that power is not really “free.”

USB Thumb Drives ‘Lost’ in Parking Lots

Penetration testers, hackers and espionage agents have another way to collect your data through what appear to be “lost” thumb drives. They will drop a couple of USB thumb drives in company or government parking lots. This process is called “seeding.”

Unwary employees pick up these thumb drives, take them into their office and plug them into their computer. Most of these people are Good Samaritans simply trying to identify the owner and return the thumb drive. Sadly, the thumb drive could contain a virus that attacks the organization’s networks and allows outsiders in to steal data.

This same seeding technique has worked at conventions and conferences. Convention display booth workers often hand out thumb drives that ostensibly feature their company’s products. But the same thumb drives can contain vulnerabilities that are a hazard to your network and data.

Cybersecurity Precautions to Take When You Travel

  • In airports or other public facilities, do not trust free USB hub power stations. Carry a second power pack, power cord or battery to power up your devices.
  • Be wary of Wi-Fi hotspots that have additional numbers or misspellings in their names.
  • Never pick up a “lost” USB thumb drive and stick it into your computer or mobile device. Turn it into your organization’s security office. If you have no other alternative, plug it into a stand-alone machine, not one that is connected to your organization’s network.

The common link to all of these types of cyberattack is the lure of getting something for free. As someone once said, nothing in life is free. Sometimes in cyber, free can be a hazard and cause disruption.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016, “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017, Secrets to Getting a Federal Government Job.”

Fileless Malware: A New Threat in the Cybersecurity Field

Published with Permission by:
Lint, James R., “Fileless Malware: A New Threat in the Cybersecurity Field”, In Cyber Defense, 29 June 2017, Web, http://incyberdefense.com/james-lint/fileless-malware-new-threat-cybersecurity-field/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

Currently, threats to your computer often involve some type of virus or hostile file. But fileless malware is a new and growing hazard in cybersecurity. Consequently, it presents a danger to companies and individuals.

Fileless Malware Leaves Few Traces on Your Computer

What is fileless malware? Zeltser Security Corporation defines fileless malware as “malware that operates without placing malicious executables on the file system. Though initially fileless malware referred to malicious code that remained solely in memory without even implementing a persistence mechanism, the term evolved to encompass malware that relies on some aspects of the file system for activation or presence.”

The fact that there is no file to detect, similar to a virus, makes fileless malware difficult for your antivirus software to find. It also makes protection against malware more difficult, now and in the future.

Cybersecurity Community Becoming Aware of Fileless Malware Threat

In June, the Cyber Security Awareness Lunch and Learn event in Las Vegas hosted by MJ Computer Concepts featured a speaker from the US Secret Service (USSS).  This was the same Special Agent  who also hosted the USSS Electric Crimes Task Force (ECTF) in Las Vegas.  The speaker at the Task Force meeting was Dr. Anthony J. Carcillo on the topic of fileless malware.

The U.S. Secret Service has two major areas of responsibility. The traditional and best-known mission is the protection of senior executive branch leaders. The older mission for the USSS is financial crimes, which include the prevention and investigation of counterfeit U.S. currency, U.S. treasury securities and the investigation of major fraud. This second mission has the modern USSS involved with modern cybercrimes.

During the Lunch and Learn, by MJ Computer Concepts and the ECTF meeting with Dr. Cardillo both discussed the need to protect your computer system. Both of these speakers had similar comments on the criticality of software updates and backups. The information from Dr. Carcillo was thought-provoking because there is very little information in the public domain about fileless malware.

Staying Informed Is Your Best Protection against Fileless Malware

The United States Computer Emergency Readiness Team (US-CERT) regularly publishes information about cybersecurity threats. Reviewing the US-CERT website is a useful way to learn about current threats. Also, you can sign up for tips and emails on new cyber vulnerabilities.

Failing to Update Software Increases Vulnerability to Attack

Discussions at recent cybersecurity events have shown that there is a common reason why victims are selected and attacked. Hackers commonly exploit security weaknesses in computers with outdated software, because those computers are more vulnerable to attackers. In some cases, computer owners neglected to install software updates to protect their computers and data.

What You Can Do to Improve Your Security

There are simple measures you can take to protect your computer. CNN Money Tech stated, “First, install any software updates immediately and make it a regular habit. Turn on auto-updaters where available (Microsoft offers that option). Microsoft also recommends running its free anti-virus software for Windows.”

Another way to protect your files is to use a cloud-based storage service. Cloud storage companies normally keep all their systems updated with the newest software protection and backups in case of a problem.

There are other ways to protect your computer from an attack:

  • Use a backup program for your personal or business computer.
  • Buy two or more USB hard drives and use them to run incremental backups. Use one USB hard drive at a time and set it to back up your computer files for a week. Then, change to a different hard drive and conduct backups.

If you use multiple drives for backups, valuable files and pictures will remain safer, even if your current drive gets corrupted or attacked by ransomware. The more hard drives you have in your rotation, the more likely it is that your earlier files will not become corrupted.

  • Do not click on a link that you do not recognize or download files from sources you do not know.

Although updating your systems and backing up your files is time-consuming, these computer tasks are necessary to protect you from cyberattacks. With all of the problems that viruses, ransomware and malware create, simple protective measures are worth your time and money.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

Cyber Security Professionals Must Prevent Attacks or Be Terminated

Published with Permission by:
Lint, James R., “Cyber Security Professionals Must Prevent Attacks or Be Terminated”, In Cyber Defense, 14 June 2017, Web, http://incyberdefense.com/james-lint/cyber-security-professionals-must-prevent-attacks-terminated/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

My recent article, “Cyber Defenders Are Often Not Fired, When Others Would Be” stirred responses from many physical security professionals. The common theme was that there are standards in physical security, but the cyber security problem is too difficult to solve. Cyber defenders, however, know standards and solutions are available.

Cyber Defense Standards Can Be Found

The National Institute of Standards and Technology (NIST) has created a cyber security framework for private sector organizations to assess their ability to prevent, detect and respond to cyberattacks.

The “The Framework, which was created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure.”

Also, on May 11, 2017, the White House released a Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.

The United States Computer Emergency Readiness Team, a division of the Department of Homeland Security, (US-CERT) website states that US-CERT “strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world.”

The US-CERT website has numerous publications, alerts, tips, and resources. It is updated daily, and has many ways to be contacted.  Any cyber defenders who have not signed up for the alerts and tips email list are missing good professional development and also timely protection information for their organizations.

Comparisons of Physical Security and Cyber Security

Many physical security personnel are not trained in cyber security, just as many cyber security personnel are not trained in physical security. Training helps both.

Physical security specialists are trained for many different sectors such as government security, security for intelligence facilities, shopping centers, banks, and hospitals. No one is an expert in all of those sectors. The security standards for a Top Secret intelligence facility are much different from those of a hospital. In turn, a hospital security is different than that of a bank.  With all the knowledge needed in these sectors, why would some people think they can also be experts in cyber security/defense?

Cyber Defenders Must Install Updates

Companies that do not upgrade their software are as derelict as those companies that leave a door open to thieves.

On Friday, May 12, the BBC reported an international ransomware attack involving hackers using ransomware called WanaCrypt0r 2.0. As many as 74 countries, including the U.K., U.S., China, Russia, Spain, Italy and Taiwan, were affected. Thousands of computers were locked by a program that demanded $300 in Bitcoin for each hacked computer. But in March Microsoft had issued the first patch to prevent the WannaCry attack.

That means all those companies and officials who were affected by WannaCry Ransomware could have prevented the attack if they had installed Microsoft’s update and upgrades two months earlier.

Why are boards of directors not firing CIOs and senior IT managers who fail to take steps to prevent cyberattacks?  Why are they not firing CEOs who did not ensure that their CIOs and IT managers implemented the Microsoft update patches? Why do they treat cyber security personnel so cavalierly but do not reprimand or fire physical security personnel who make similar errors?

Visual Comparison of Security Physical Holes and Unpatched or Upgraded Networks

If a company does not repair a large hole in its building for two months, wouldn’t that be cause for termination of its security manager? Would that business’s insurance company continue to insure a firm with a large hole in its building?

If you don’t patch a hole in your fence, people will think you are incompetent or lazy. If you leave a large hole in your building you should be fired for cause. Why do we not hold CIOs to the same standard of responsibility? It really is that simple. There will be new innovative hacks in the future. But any security professional who does not deal with existing vulnerabilities should be fired.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”