Ransomware Is Everywhere, So Protect All of Your Electronic Devices

Published with Permission by:
Lint, James R. & Kim, Dr. Yoohwan, “Ransomware Is Everywhere, So Protect All of Your Electronic Devices”, In Cyber Defense, 23 Mar. 2017, Web, http://incyberdefense.com/news/ransomware-everywhere-protect-electronic-devices/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

Co-Authored by Yoohwan Kim, Ph.D. 
CISSP, CISA, CEH, CPT Associate Professor Computer Science Department University of Nevada Las Vegas

This is the third in a series of articles on ransomware.

Ransomware attacks have been on the rise in recent years. In 2016, these attacks increased 6,000% over 2015.

“Ransomware targeting Android users has increased by over 50 percent in just a year, as cybercriminals increasingly take aim at what they view as an easy ecosystem to penetrate,” ZDNet reports. Author Danny Palmer says the increase “comes as users increasingly turn to mobiles as their primary devices, storing more and more valuable data on them.”

Increased use of cloud storage also contributes to the explosive growth of ransomware attacks. As InfoSec Institute notes, “Cloud storage ransomware usually self-propagates after being installed on cloud servers. Virlock is a typical example of cloud storage ransomware. It impersonates FBI authorities and requests victims to pay the fine of $250 due to alleged misconduct on behalf of the victims.”

Many ransomware programs impersonate the FBI in an attempt to make their demands for payment look legitimate. However, no police department or federal investigative organization will ever request payment, especially via the Internet.

Ransomware and the Internet of Things = Jackware?

Between 2015 and 2016, there were at least 15 major industrial incidents involving ransomware attacks, according to a Booz Allen Hamilton Industrial Cyber Security Threat Briefing. These incidents included the following:

  • In April 2016, cybercriminals delivered ransomware via phishing to the corporate network of Board of Water & Light (BWL), a Michigan-based public electric and water utility. Administrators shut down the corporate network to isolate the ransomware and prevent it from potentially moving into the operations-technology environment.
  • In June 2015, a cybercriminal advertised the sale of SCADA access credentials on a Dark Web forum dedicated to selling stolen data. The post included a screenshot of a SCADA graphical user interface, IP addresses and virtual network computing passwords for a SCADA system managing a hydroelectric generator.

Also in 2015, hackers demonstrated that they could control a Jeep Cherokee from 10 miles away. They were able to cut the Cherokee’s engine and apply the brakes, sending the Jeep into a spin.

Future Ransomware Targets Could Include Household Devices

There are also many potential targets that could be exploited in the future. Think of the electronic devices in a smart home, part of the Internet of Things (IoT). Lights, alarms, music systems and even electric coffeemakers offer hackers potential targets.

Because all manner of IoT devices are linked to the Web, your lights could be turned on at 1:30 in the morning, followed by music from your iTunes collection. If you were asked for a small payment of, say, $30 by 2:30 a.m. that same day, would you pay? What if the payment demands were to increase each hour?

What if your home security system was turned off remotely and you were susceptible to an increased risk of theft or home invasion? How much would you be willing to pay to restore your peace of mind and security?

The future could include the destruction of data from wearable devices (such as Fitbits) or the sale of tracking data. Hostile attackers could turn on your electric coffeemaker while you are away and perhaps cause a house fire if you do not meet their demands for payment.

Protect Yourself from Ransomware by Increasing Your Electronic Security

One way to increase your personal security is to protect the electronic devices that run your life. Your computer serves as your IoT central control and your smartphone is often synchronized with your computer files, so both devices need protection from ransomware.

First, update your antivirus software on your computer, tablets and mobile devices. All devices have patches for your operating system. And be sure to check for updates on any mobile devices.

Second, make your passwords long and difficult to decipher. The days of the eight-character password are gone. The 12- or 14-character password is now the way to help protect your devices and data. Use a hard-to-guess password with numbers, uppercase and lowercase letters, and special characters.

Third, back up your files often. Keep those backups separate from your system, so they will not be compromised if your devices are attacked.

Fourth, always be aware of what you download. Downloading programs from unknown sites is risky. Always use only the sites you know or trust.

Similarly, opening attachments in emails or clicking on URLs in email increases your system’s vulnerability to attack. These practices can permit the downloading of ransomware.

Carefully examine unexpected emails from known or unknown senders. If you know the sender, check with him or her about the email and its attachment before you open it. Also, hover your cursor above a URL in an email to see if it actually goes to a legitimate source and double-check the sender’s email address for accuracy.

Future Protection Against Ransomware

The hope is that future new technology will have better security built into it. Currently, that hope is not realized. The potential for hostile actors to disrupt our life is increasing. It is our job to look for ways to make disruption a bit harder and hope attackers move to an easier target.

[Related: Ransomware Targets Continue to Pay Hackers and Ransomware: Its History and Evolution]

About the Authors

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.

Dr. Yoohwan Kim is an Associate Professor in the Department of Computer Science at the University of Nevada Las Vegas (UNLV). He received his Ph.D. degree from Case Western Reserve University in 2003 in the area of network security (DDoS attack mitigation). His research expertise includes secure network protocols, unmanned aircraft systems (UAS) communications and cyber-physical system (CPS) security. He has published over 90 papers in peer-reviewed journals and conferences, and has six patents granted or pending. His research has been sponsored by Microsoft Research, the U.S. Air Force, Naval Air Warfare Center, Oak Ridge National Laboratory, National Security Technologies and the National Science Foundation. Before joining UNLV, he had broad experience in the IT industry as a management information system consultant at Andersen Consulting (now Accenture), a database programmer at Cleveland Clinic Foundation, a software engineer at Lucent Technologies, and his own start-up company.

Ransomware: Its History and Evolution

Published with Permission by:
Lint, James R. & Kim, Dr. Yoohwan, “Ransomware: Its History and Evolution”, In Cyber Defense, 21 Mar. 2017, Web, http://incyberdefense.com/news/ransomware-history-evolution/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

Co-Authored by Dr. Yoohwan Kim
CISSP, CISA, CEH, CPT Associate Professor Computer Science Department University of Nevada Las Vegas

Note: This blog post is the second in a series of articles about ransomware.

In the infantry and the intelligence field, a basic tenet is to know your enemy. In 2016, ransomware attacks spiked 6,000%, with more than 4,000 attacks occurring daily. That makes ransomware an enemy worth knowing.

But to truly understand ransomware, it is necessary to first examine its history and how attackers plant this software in victims’ computer systems for illicit gain.

1989: First Known Use of Ransomware

In 1989, 20,000 attendees at the World Health Conference received free floppy disks. The disks contained a real survey about AIDS, but they also contained a Trojan Horse virus that encrypted the users’ files after a fixed number of reboots. The virus demanded that each victim send $189 to a post office box in Panama.

The creator of the virus, an AIDS researcher named Dr. Joseph Popp, was arrested by the FBI and extradited to Britain.

His virus used only symmetric key cryptography, but the level of ransomware sophistication has increased ever since.

1996: Researchers Connect Cryptography to Ransom

In 1996, researchers Adam Young (Columbia University) and Moti Yung (IBM) published a paper “Cryptovirology: Extortion-Based Security Threats and Countermeasures.” The co-authors proposed the use of public-key cryptography, which would make reverse engineering impossible.

While Young and Yung’s academic paper showed the writers’ expertise, it also showed “how cryptography can be used to implement viruses that are able to mount extortion-based attacks on their hosts,” as the co-authors wrote. Unfortunately, too many readers recognized the article’s potential use in criminal attacks.

Interestingly, the co-authors also coined the terms “crypto-viral extortion” and “cryptovirology.” This new terminology moved cryptography from a defensive position to an offensive position.

2005 – 2006: Russians Become Involved in Ransomware

In 2005 and 2006, organized crime figures in Russia created some ransomware. Their software was among the first discovered to be ransomware programs.

The principal targets were Russian citizens and others living in Russian-speaking countries. Later ransomware programs would move from victim to victim using common language paths.

After the victim downloaded the program, the software would take the computer’s file types, zip them into a password-protected folder and delete the originals. The victim would be required to transfer $300 into an E-Gold account, an early version of Bitcoin.

2005: “Ransomware” Becomes a Term

In September 2005, Susan Schaibly wrote an article, “Files for Ransom,” for NetworkWorld magazine which contained the first known use of the term “ransomware.” Another interesting term used to describe ransomware was “Filenapper.” But a more appropriate term is extortionist.

2005-2009: Ransomware Payment Methods Increase in Sophistication

In 2005, GPCoder was a frequently used Trojan Horse virus that encrypted files and demanded a ransom of between $100 and $200 in E-Gold or as a deposit to a Liberty Reserve account.

E-Gold was a digital currency operated by a Florida-based company. The U.S. government banned its use in 2009. Liberty Reserve was a Costa Rica-based digital currency that was harder for the U.S. government to shut down.

Bitcoin was introduced in 2008, followed by the release of its open-source software in January 2009. These developments led to an incredible spike in ransomware attacks that have continued to increase ever since.

2012: Ransomware Mimics Law Enforcement Organizations

In 2012, a public stir was created by the appearance of Reveton ransomware, which impersonated police departments and the FBI. This type of software was used to scare victims into paying to unlock their computer data.

Typically, a message would appear on the victim’s screen claiming that the user was caught conducting illegal online activity. The message would also threaten the victim with imminent arrest unless a “fine” was paid promptly.

The on-screen logos of authentic law enforcement organizations made the scam appear real. The idea was to cause victims to panic and pay up quickly, not giving them time to realize that law enforcement organizations do not demand payment from the public, especially via Bitcoin.

2013: The First Major Ransomware Appears

The year 2013 saw the birth of Cryptolocker, a crypto-ransomware that was spread via email. Cryptolocker demanded that the victim pay $400 in Bitcoin within 72 hours.

This ransomware infected half a million computers, and 1.3% of the victims paid the ransom. The attackers netted an estimated $27 million from their victims.

An international collaborative effort called Operation Tovar was formed to crack down on Cryptolocker and another ransomware program, the Gameover Zeus botnet. As a result, Russian hacker Evgeniy Mikhailovich Bogachev was caught and charged as an administrator of both Cryptolocker and Gameover Zeus.

The criminals’ command and control server was also recovered during Operation Tovar. The information on that server gave 500,000 victims the key to unlock their data without paying the ransom.

However, California-based network security firm FireEye warns that CryptoLocker has evolved and has started again to compromise users’ devices.

2014: Copycat Ransomware Like CryptoDefense Appears

Over time, copycat ransomware like CryptoDefense also evolved. This ransomware would double the victim’s ransom if it was not paid within four days.

But CryptoDefense was poorly designed because the decryption key was easy to find in the program. CryptoDefense proves that even hackers make mistakes.

Over time, many crypto-ransomware programs evolved further and acquired business and market differentiations. Some crypto-ransomware included a voice feature like Cerber ransomware, while others overwrote the master boot record and disable booting.

Some ransomware targeted healthcare facilities; others targeted gamers. One variant known as Silent Shade demanded a ransom of only $30, easily affordable for most victims.

2016: Ransomware Offers Opportunity to Avoid Ransom by Purposely Infecting Others

In December 2016, ransomware took on a new angle: deliberately infecting friends or colleagues. A program called Popcorn Time offered free decryption if the victim infected two other people, normally friends, via email. The new victims would open their trusted friend’s email and click on a link. Then, their systems would be attacked.

The attackers offered victims two ways to retrieve their data. The victims could choose the “nice way” and make a payment, or the “nasty way” by infecting the computers of two other people.

Ransomware Is An Equal Opportunity Attack on All Computer Systems

Ransomware isn’t limited to just one type of computer or mobile device. Operating systems of Mac devices can be attacked by a ransomware called KeRanger. It typically activates within three days of the infection and charges a ransom of $400.

Similarly, Linux systems are attacked by KillDisk. This ransomware demands 222 Bitcoins or $218,000. Researchers, however, recently found a key for KillDisk.

Ransomware is starting to exploit smartphones and even cloud servers. Cyber defenders will need to work diligently to overcome these ransomware infections.

The Best Protection against Ransomware: Back Up Your Data

Backing up your data is one form of protection against ransomware. If you have backups of your recent files and your computer is infected, it may be easier to wipe your machine and start over. You could also opt to buy a new machine if your computer or mobile device is old.

Overall, the data you store is much more valuable than your computer. Be sure to protect your data by backing it up to a hard drive kept offline.

About the Authors

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.

Dr. Yoohwan Kim is an Associate Professor in the Department of Computer Science at University of Nevada Las Vegas (UNLV). He received his Ph.D. degree from Case Western Reserve University in 2003 in the area of network security (DDoS attack mitigation). His research expertise includes secure network protocols, unmanned aircraft systems (UAS) communications, and cyber-physical system (CPS) security. He has published over 90 papers in peer-reviewed journals and conferences, and 6 patents granted or pending. His research has been sponsored by Microsoft Research, the U.S. Air Force, Naval Air Warfare Center, Oak Ridge National Laboratory, National Security Technologies and the National Science Foundation. Before joining UNLV, he had broad experience in the IT industry as a management information system consultant at Andersen Consulting (now Accenture), a database programmer at Cleveland Clinic Foundation, a software engineer at Lucent Technologies and his own start-up company. 

Ransomware Targets Continue to Pay Hackers

Published with Permission by:
Lint, James R. & Kim, Dr. Yoohwan, “Ransomware Targets Continue to Pay Hackers”, In Cyber Defense, 15 Mar. 2017, Web, http://incyberdefense.com/news/ransomware-targets-continue-pay-hackers/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

By Yoohwan Kim, Ph.D.  
CISSP, CISA, CEH, CPT Associate Professor Computer Science Department University of Nevada Las Vegas

Ransomware attacks spiked 6,000% in 2016, with more than 4,000 attacks occurring each day. This is an increase from 1,000 attacks a day in 2015.

As famed bank robber Willie Sutton once said, “I rob banks because that is where the money is.” Contemporary bank robbers are seldom as successful and certainly nowhere close to these ransomware statistics. Ransomware is the new criminal money-making industry.

Co-author Dr. Yoohwan Kim, a speaker at the Las Vegas USSS Electronic Crimes Task Force quarterly meeting on March 3, 2017, provided research for this article. Some of that research came from an IBM Security Report, which also noted the 6,000% spike in 2016.

Ransomware Is a Costly Problem for Many Organizations

Ransomware is a type of malware that prevents users from accessing their computer systems. This malware targets critical data and systems for the purpose of extortion, either by locking the system’s screen or by locking the victims’ files until a ransom is paid.

Check Point’s ThreatCloud World Cyber Threat Map currently contains 250 million addresses and 11 million malware signatures. There is a steady increase in ransomware successes by hostile actors. More than 2,000 new ransomware programs are developed every month.

Perhaps a better term would be crypto-ransomware: Your files are encrypted and you are locked out from important data. The criminals then demand payment for the key to unlock the encryption.

Who Is Vulnerable to Ransomware?

Hollywood Presbyterian Medical Center in California lost control of its data for more than a week due to a ransomware attack. The hospital paid the ransom with 40 bitcoins worth $17,000 and the hospital regained control of its data.

Allen Stefanek, president and CEO of HPMC, said: “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”

The San Francisco Municipal Transportation Agency was attacked on November 28, 2016. The hostile actors demanded 100 bitcoins or $73,000. The attack took all ticket machines offline for the day and affected more than 2,000 systems and computers. Rather than shut down the rail system, the agency allowed users to travel for free.

Police Departments Can Be Targets

The police department in Tewksbury, Massachusetts, made a $500 payment after enlisting the help of the FBI. Similarly, a police computer in Swansea, Massachusetts, was hit with a ransomware attack. The police department decided to pay the ransom of two bitcoins (about $750) rather than try to figure out how to break the lock.

There are many similar targets, and most victims pay the scammers rather than risk losing critical data. The targets can be anyone. And when threat actors live outside the United States, U.S. money can be an enticing target due to the high cost of living in many of the home countries of ransomware operations.

Ransomware Business Is Booming and Growing More Professional

Revenue from the Cryptowall 3.0 program – the most popular ransomware program among hostile actors – reached $325 million through October 2015, according to the Cyber Threat Alliance.

In all, hostile actors earned $24 million in 2015. The FBI said hackers earned $209 million in the first quarter of 2016.  Experts project that criminals will use ransomware to earn over $1 billion in 2017.

An interesting phenomenon is that ransomware is becoming more business-like in its operations, including live customer support to negotiate fees and deadlines. Good customer service gives ransom victims the confidence to pay and regain control of their files. Bitcoin virtual payments provide secure transactions for the criminals.

If an extortionist attacks your computer with ransomware, report the attack to local authorities and the FBI’s Internet Crime Complaint Center (IC3) as soon as possible. This practice will allow law enforcement to track the growth of the ransomware industry. It will also help all of us to understand new ransomware trends and potential methods to protect ourselves.

About the Authors

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.

Dr. Yoohwan Kim is an Associate Professor in the Department of Computer Science at University of Nevada Las Vegas (UNLV). He received his Ph.D. degree from Case Western Reserve University in 2003 in the area of network security (DDoS attack mitigation). His research expertise includes secure network protocols, unmanned aircraft systems (UAS) communications and cyber-physical system (CPS) security. He has published over 90 papers in peer-reviewed journals and conferences, and has 6 patents granted or pending. His research has been sponsored by Microsoft Research, the U.S. Air Force, Naval Air Warfare Center, Oak Ridge National Laboratory, National Security Technologies and the National Science Foundation. Before joining UNLV, he has had broad experience in the IT industry as a management information systems consultant at Andersen Consulting (now Accenture), a database programmer at Cleveland Clinic Foundation, a software engineer at Lucent Technologies and his own start-up company. 

Don’t Protect Your Valuable Photos the Way Grandpa Did

Published with Permission by:
Lint, James R., “Don’t Protect Your Valuable Photos the Way Grandpa Did”, In Cyber Defense, 7 Mar. 2017, Web, http://incyberdefense.com/news/dont-protect-valuable-photos-way-grandpa/

Commentary By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

Today, most people take many more digital photos of family, friends and vacations than previous generations did with film cameras. In fact, the ease of use and the low cost of digital photography consigned Kodak, Fuji and Polaroid cameras and film to the museums of 20th century technology.

For example, Polaroid stopped manufacturing its instant film in 2008, leaving this Waltham, Massachusetts, manufacturer with just 150 employees. Thirty years earlier, Polaroid was an iconic company with a “peak” global employment of nearly 21,000 employees.

Today, lots of people have never heard of Polaroid. But their valuable digital pictures often receive the same poor level of protection that an album or scrapbook full of Polaroid or Kodak prints used to provide – not much.

Many people born in the 1960s and 1970s could never imagine storing pictures on a thumb drive, DVD or even a CD.

In a digital world, we need better protection for our valuable photos and other documents because technology is always changing. The 3.5 disk might have been a nice improvement over a 5.25 floppy disk, but today, many computers don’t even have a disk drive.

Technology Changes Rendered Some Familiar Devices Obsolete

Think of that rapidly deteriorating album of black and white photos your grandfather gave you. The negatives of those pictures disappeared long ago. It might be a good idea to convert those album photographs to JPG files for later use. And those old 35 mm slides you used to project onto a screen at home to bore your neighbors? It’s not easy to find a working projector today, much less a new one.

Some people paid to have their slides transferred to VHS tapes and then they threw away the slides. But it’s hard to play VHS tapes these days.

Just as you should “never put all your eggs in one basket,” you should never store valuable digital files in just one place.

Never Save Digital Files in One Place

If you had a one-of-a-kind item, you would want to protect it. The cost to reconstruct PowerPoint programs or Word documents from a damaged laptop is extremely intensive in terms of man-hours. The cost often exceeds the cost of the laptop.

Yet, it’s surprising how many people save their cherished photos and documents only on their laptops or desktop devices. That computer could become infected with a virus or, worse, ransomware could attack it. If someone steals your laptop, those cherished family photos are gone forever.

Many Security Programs Can Save Your Photos

There are multiple solutions to the issue of saving digital images. Which solution is best for you depends on your situation.

For example, there are many types of software backup programs. Some programs save their files to an off-site cloud server.

Some computer owners save their photos on a thumb drive or on an external hard drive. They can be unplugged and should be stored separately from your computer so a virus or ransomware attack on your device will not affect them. These devices enhance your protection.

Another form of security can be as simple as having a friend or business colleague hold an encrypted hard drive of your data, with you repeating the favor for that person. If one or both laptops are lost by theft or destroyed in a fire, neither of you will lose your data. This is inexpensive security that saves you the cost of a cloud backup.

Federal organizations are working hard to protect the public from cybercrimes, but we also must take some responsibility for our own protection. By taking some extra time to protect your images and other digital files, you’ll enjoy greater peace of mind knowing your files are protected.

The inspiration for this and several future articles came from a meeting at the US Secret Service (USSS), Electronic Crimes Task Force (ECTF) in Las Vegas. Future articles will discuss concepts and actions to counter ransomware and the experiences of individuals and businesses.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.

Trade Shows Are Easy Targets for Foreign Intelligence Breaches

Published with Permission by:
Lint, James R., “Trade Shows Are Easy Targets for Foreign Intelligence Breaches”, In Homeland Security, 24 Feb. 2017, Web, http://inhomelandsecurity.com/trade-shows-are-easy-targets-for-foreign-intelligence-breaches/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for In Cyber Defense and Contributor, In Homeland Security

Trade shows are like playing poker with your competition standing over your shoulder or like a library with no library cards. Everything is easily available and there is lots of free information. The question is: who benefits from all this information?

A trade show offers a startup company an opportunity to make its new product a household name. It also facilitates networking opportunities for a marketing department looking for new business. In addition, a trade show is the perfect opportunity for business executives to learn if there are markets for a niche item they produce.

However, trade shows are also open venues for industrial spying by unfriendly nations seeking U.S. technology.

Intelligence Services View of Trade Shows

The Bureau of Industry and Security of the U.S. Department of Commerce has control over what is authorized for sale to overseas companies. The Export.gov website has a Consolidated Screening List. The CSL includes parties for which the United States maintains restrictions on certain exports, re-exports or transfers of items.

Because people and companies from specific countries are restricted from purchasing certain business lines, they may look for other opportunities for acquisition.

It would make no sense for the U.S. to sell elements of stealth technology to countries that wish to harm America. No country would sell missile technology to its enemies. So foreign intelligence entities (FIEs) look for other opportunities to acquire U.S. technology they cannot acquire through legitimate sales.

Trade shows provide an opportunity for those entities to see technology that they cannot purchase legitimately.

Techniques of Illicit Collection Vary, But the Goal Is the Same

The FBI pamphlet, “Counterintelligence Concerns for Trade Shows and Industry Events,” is designed to improve counterintelligence awareness of American citizens and companies by describing many of the collection activities FIEs conduct.

For example, one foreign agent dipped his tie into a beaker containing a solution used in a product demonstration at the company’s booth. That allowed his nation later to test the solution in a laboratory and gain a technological advantage through reverse engineering. A company representative’s “simple mistake” of not maintaining vigilance in the display booth proved to be a loss for a U.S. company.

Everyone knows that the informal side meetings at trade shows can often be more valuable than keynote events. In one case, it certainly was more valuable for the Russians.

Russian intelligence officer Evgeny Buryakov specialized in economic intelligence. Under unofficial cover as a Russian banker, he attended confidential meetings at a trade association conference and learned information that the Russian government was not authorized to know.

During an international arms exhibition, Chinese nationals were discovered taking notes and videotaping every display. The group also stole a video that revealed the U.S. Theater High Altitude Air Defense System (THAAD), which a Defense Department contractor left unprotected. Among other features, THAAD protects South Korea from North Korean missiles.

Currently, China is pressuring Seoul to prevent the deployment of THAAD in South Korea because of THAAD’s ability to observe aviation threats at great distances. Because of Chinese intelligence collection, Beijing knows THAAD’s capabilities and does not want the system nearby.

Often, trade show vendors do not want their booths photographed. But sometimes foreign intelligence personnel photograph the people in the booth to gain identification information for possible recruitment. In addition, they obtain ID information through the common trade show practice of exchanging business cards.

By learning who the technical experts at various companies are, FIEs gain an advantage for future intelligence targeting. Although this method of information collection could be considered a human intelligence targeting operation, it could also assist future targeting of company communications, including email intrusions. In fact, some companies report an increase of computer intrusions after a trade show.

Extensive Scope of Trade Show Espionage

In an annual report to Congress on foreign economic collection and industrial espionage, the Office of the National Counterintelligence Executive stated: “Entities from a record number of countries — 108 — were involved in collection efforts against sensitive and protected US technologies in FY 2005, according to evidence amassed by the Counterintelligence (CI) Community. A relatively small number of countries, though — including China and Russia — were the most aggressive and accounted for much of the targeting, just as they have since the CI Community first began systematically tracking foreign technology collection efforts in 1997.”

The FBI offers pamphlets and online counterintelligence documents to help companies safeguard their information and personnel. Protecting intellectual property (IP) is important for the future of the United States and American business.

Contact your local FBI office and ask for the Counterintelligence Coordinator.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in South Korea, supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.

Will We See a Decline in Cyber Threats in 2017?

Published with Permission by:
Lint, James R., “Will We See a Decline in Cyber Threats in 2017?”, In Cyber Defense, 15 Feb. 2017, Web, http://incyberdefense.com/news/will-see-decline-cyber-threats-2017/

Commentary by James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

It’s still early enough in the New Year to make predictions about cyber threats and malware attacks in 2017.

Ransomware Exploitation

First, I think ransomware attacks will likely decline by the end of the year. Ransomware is malicious software that extortionist hackers use to lock a target’s computer with encryption and then demand payment to unlock the computer.

Criminally obtained funds from a single type of ransomware has yielded as much as $325 million, according to McAfee Labs Threats Predictions. This gives cyber extortionists the funds for research and development to overcome anti-ransomware technologies.

McAfee Labs forecasts that the effectiveness of ransomware attacks will be reduced partly due to initiatives like “No More Ransom!” and the development of anti-ransomware technologies.

Ransomware attacks might also decrease due to their widespread use in recent years and the increasing costs to mount them due to law enforcement action. There is also hope that continued law enforcement actions, including arrests and the accompanying loss of hackers’ funds, will make ransomware operations too expensive to continue.

The issue will come down to which side will overcome the other.

‘Drone Jacking’ Places Threats in the Sky

Drones have become the new tool for shippers, law enforcement, news photographers and farmers. And new uses for drones are being developed all the time. Dronejacking too is new and the threats to drones are increasing.

The McAfee Labs report states, “Recently, we saw an example of a drone outfitted with a full hacking suite that would allow it to land on the roof of a home, business, or critical infrastructure facility and attempt to hack into the local wireless network.”

The DEFCON 2015 hacking convention showed the proof of concept that an individual could take control of a toy drone. While a small toy drone is interesting, the software in it is similar to the software in more expensive and larger drones. “Dronejacking” has now entered our vocabulary and threat matrix and should be of concern to all cyber defenders.

With drone shipping, high-value items and medicines could be diverted from their intended address to another landing area. A dronejacker could sit in a pickup truck, direct a targeted drone to land in the pickup bed and steal the drone’s cargo.

Such illegal activities would precipitate a technology race for shippers to put encrypted trackers on drones to thwart hacker attacks. Drone hackers, of course, will try to develop new tools to destroy drone communications and control. In the end, it will be up to industry to build better safeguards into the drone systems and ground stations

Depending on the industry, the development of useful drones will determine when we will see the first spectacular drone hack. The first one will be for underground notoriety but after that, drone jackings will be for criminal profits. Look for drone jacking in the news near the end of 2017 or in first half of 2018.

Another prediction is that if captured drones are destroyed or lost, shippers will soon find drones too expensive to use and end the practice. An end to drone shipping would also eliminate use of the word drone jacking.

Machine Learning Accelerates Social Engineering Attacks

The McAfee Labs report warns “that cybercriminals are leveraging machine learning to target victims. We expect that the accessibility of machine learning will accelerate and sharpen social engineering attacks in 2017.”

Hackers routinely access corporate networks and collect a great deal of information on their executives and key financial personnel. Machine learning tools to conduct complex analyses are publically available, creating the opportunity for cyberattacks far more sophisticated than simple target selection. Such attacks could include probes into decision makers’ business plans, proprietary information and ancillary activities such as executives’ vacations, travel or ill relatives.

The FBI calls these well-researched cyber attacks Business Email Compromise (BEC) scams. The hackers target personnel with financial responsibility or authority to write checks. For example, by analyzing hacked corporate data, the hackers learn that the CEO is taking a trip out of the country.

The trip includes many hours of air travel, poor communications and time zone changes. That is when the threat actors send an email in the executive’s name to a company financial officer to cut a large check and send it to an account number that belongs to the threat actors.

The McAfee report further states: “Cybercriminals know that sending a well-crafted email to a financially responsible team member, purporting to be from a leader of an organization and indicating urgency, results in a meaningful success rate in completing fraudulent transactions.”

This information is all mined and analyzed with machine learning tools. These tools are much quicker and give the best advantage for threat actors because machine learning keeps improving.

Machine learning use in criminal activity and BEC will increase in 2017. The money made by organizations using machine learning and the ability to crunch large data sets will give actionable intelligence for criminal activity. This will cause an increase of the use of machine learning for crime. In the end, machine learning is cost-effective, with a business case shown by FBI statistics that “more than $3 billion has been stolen, with victims in all 50 states and 100 countries.”

Cyber Espionage Will Continue to Target Intellectual Property and Stat Secrets

“Cyber operations from China are still targeting and exploiting U.S. government, defense industry, academic and private computer networks,” U.S. Cyber Command Admiral Michael S. Rogers said last April during testimony before a Senate committee.

The McAfee Labs report agrees with Adm. Rogers. “Cyber espionage will always be present, either as part of a nation-state’s intelligence operations or run by organized groups that will hunt for proprietary intelligence and offer it for sale.”

The greatest threat will be to U.S. government organizations and defense contractors. Cyber espionage against defense organizations and contractors will continue to be a weak link exploited by adversary nation states. In the past, a spy passing off a duffel bag of classified material to his foreign handler was considered a successful spy operation. Today, with small hard drives or thumb drives, the theft of terabytes of data is not unusual.

In the last three years, there has been an increased focus by the federal government to protect classified information from traitors and cyber theft. With this emphasis, there may be more successful apprehensions like that of former NSA contractor Harold T. Martin, who has been charged with stealing 50 terabytes of classified information over a 20-year period.

Technology created some of the vulnerabilities, and technology is fixing some of the vulnerabilities. The expectation is that the duel between cyber criminals and cyber defenders will be a draw or a tied game at the end of 2017.

Police and Hackers Will Have More Successes in 2017

No one will predict an overwhelming success for either side of the battle. The police have learned and created successful takedowns in 2016 of Botnets, DDoS and ransomware attacks. But until the threat actors evaluate the risk as too high, they will not stop their attacks.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.

What We Can Learn About Technology from a Super Bowl Commercial

Published with Permission by:
Lint, James R., “What We Can Learn About Technology from a Super Bowl Commercial”, In Cyber Defense, 8 Feb. 2017, Web, http://incyberdefense.com/news/technology-super-bowl-commercial/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense

During the recent Super Bowl, Hyundai Motor America aired an emotional commercial that showed support for our military. It also showed how technology can be used to keep families connected across the world. Many people do not realize there are more than 150,000 U.S. military service members deployed to over 150 countries.

Technology Evolution Brings Military Families Closer

For decades, military communications with family members in the U.S. was through letters, which took a couple of weeks to reach their destination. In the 1980s, communications greatly improved with the placement of dedicated phone booths on overseas military posts for service members to call their families in the United States. A call from South Korea to the States cost a little over a dollar a minute.

GIs often placed their calls in cold phone booths with a waiting line outside. But they were grateful for the technology of international phones.

Now, we have email for instant written communication and Skype. With Skype, fathers and mothers on active duty away from home can see and talk to their children live from posts anywhere in the world.

Service personnel can even further their education online.

Using Technology, Hyundai Surprises Some Troops with Super Bowl Family Time

Hyundai and the Defense Department worked together to throw a Super Bowl party for soldiers stationed on a military base in Zagan, Poland. These soldiers were part of the recent deployment in early January 2017. The party included big-screen TVs and lots of food.

Three service members were selected to watch the Super Bowl in individual 360-degree immersive TV pods. The concept was to make them feel as if they were sitting in Hyundai’s luxury box at the Super Bowl.

Like many maneuvers in the military, secrecy was involved. A news embargo prevented the media from releasing details of the 90-second ad named “Operation Better” until it aired at the conclusion of the game. While the individual soldiers enjoyed the action in the pods, they were surprised to see their families actually at the game in Houston, watching in similar pods.

The technology was similar to virtual reality, but without the need to use virtual reality headsets. The cameras were similar to 360-degree cameras, but the output was transmitted onto large surround screens inside the pods.

Around the holidays, we often see stories of service personnel reuniting with their children and families on a surprise leave home. This time, the event became a technological reunion because it was the families who popped up in the soldiers’ 360-immersion pods.

The real-time ad was rapidly produced and well planned, despite the challenge of maintaining secrecy. It showed amazing coordination and operational planning. The actual surprise “visit” occurred in the first quarter and the filming was edited in the second quarter. The third and fourth quarters were used for obtaining approvals from DoD, the National Football League and Hyundai.

Future Use Is Ripe for 360-Degree Immersive Pods

On-scene immersive training, such as for crime scenes or accidents, allows police and emergency medical technicians to learn by observing a situation remotely. EMT trainees, for example, can learn without interfering in a life-threatening situation. Police trainees can observe a crime scene without disturbing evidence.

The military could use immersive pods to train patrols to be alert before an incident happens and to identify activities that hinder their ability to operate effectively. These pods could train a soldier to identify indicators of a bomb planted in the ground or an ambush. The advantage is that no one gets hurt in the pods.

This new technology for communicating means that distance is no longer a problem. For situations where details are critical, the 360-degree cameras give investigative researchers a level of detail which has never been seen before.

What Technology Will Be Available in the Future?

“Operation Better” displayed an excellent use of emerging technology in new ways. It also gave corporate America the opportunity to show its appreciation for our military by showcasing ground-breaking technology. As technology continues to improve, our lives – both civilian and military – may see some amazing innovations.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in South Korea, supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.

What to Do during the Federal Hiring Freeze

Published with Permission by:
Lint, James R., “What to Do during the Federal Hiring Freeze”, In Cyber Defense, 7 Feb. 2017, Web, http://incyberdefense.com/news/federal-hiring-freeze/

Commentary by James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

Now that President Trump has instituted a 90-day federal hiring freeze, it’s time to study the government hiring situation and improve your application. It’s time to reassess your strategy for getting a federal job and to determine if you are serious about working for the federal government.

When the hiring freeze is lifted, it’s likely that new legislation will restrict managers to hiring just one person for every two vacancies in their office. This will increase the competition and make it more difficult to get hired for a federal job.

The Manager’s View of a Hiring Freeze

It’s smart to look at federal job vacancies from a hiring manager’s point of view. After the freeze ends, I know from personal experience (as a hiring manager during the freeze of 2012-13), that managers will be eager to hire. They need employees to fulfill their agency’s mission.

Until a vacancy is filled, current employees must share the work of the vacant position. Currently, it takes at least six months from the time a hiring process begins to actually bringing a new hire onboard.

When the new employee arrives and assumes his duties, the existing staff is better able to focus on their own jobs. Overall efficiency improves and work is completed in less time than during the freeze.

It is important to remember that the hiring freeze is only for 90 days. Specific exemptions permit some federal agencies to continue to hire during the freeze.

Exceptions to the Federal Hiring Freeze

Experienced federal professionals know that every rule and regulation has exceptions. Paragraph 3 of the January 31 Memorandum: Federal Civilian Hiring Freeze Guidance from the White House lists the following hiring exceptions:

3g. Federal civilian personnel hires are made by the Office of the Director of National Intelligence (ODNI) and the Central Intelligence Agency (CIA).

3h. Appointments made under the Pathways Internship and Presidential Management Fellows programs (this does not include the Recent Graduates program). Agencies should ensure that such hires understand the provisional nature of these appointments and that conversion [to full-time employment] is not guaranteed.

3i. Conversions in the ordinary course to the competitive service of current agency employees serving in positions with conversion authority, such as Veteran’s Recruitment Act (VRA) and Pathways programs.

3r. The head of any agency may exempt any positions that it deems necessary to: Meet national security (including foreign relations) responsibilities, or public safety responsibilities (including essential activities to the extent that they protect life and property).

Cybersecurity Field Fulfills Critical Needs and Has Many Exemptions

Many cybersecurity jobs are in intelligence organizations, so those jobs are considered essential to the protection of health and safety. (Think hospital records at military facilities and the Department of Veterans Affairs.) Similarly, cyber defense jobs support foreign affairs organizations and are deemed essential to meeting national security responsibilities.

Opportunities Exist in Cybersecurity Despite Hiring Freeze

Despite President Trump’s executive order, there are still opportunities available for cyber defenders. Cyber organizations are hiring employees fresh out of college as well as service veterans.

So don’t be discouraged; the future of the federal civil service is not as bleak as media sources describe. In fact, some job seekers might think it’s more difficult now to obtain a federal job, so there could be fewer applicants and thus less competition.

Be persistent. Keep focused on your career goals and your readiness to meet the challenges of the job you seek.

About the Author

 James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in South Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and also served 14 years in the Army. His military assignments include South Korea, Germany and Cuba in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book in 2016, “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a book in 2017, “Secrets to Getting a Federal Government Job.

The Evolution of the CIA’s Area 51

Published with Permission by:
Lint, James R., “The Evolution of the CIA’s Area 51”, In Cyber Defense, 4 Feb. 2017, Web, http://incyberdefense.com/news/evolution-cias-area-51/

By James R. Lint
Faculty Member, School of Business, American Military University
Senior Editor for 
In Cyber Defense & Contributor, In Homeland Security

In Cyber Defense many people believe we are the first to worry about secrecy and tool development.  In the past, this was also an issue for defenders of America. This is a story of 1950-1980 technology development. Amazingly, they had some of the same issues, as cyber defenders today. Loss of technology can have drastic consequences.

On 27 January, a Central Intelligence Agency (CIA) retiree gave a briefing that started with a declassified slide marked Top Secret/Sensitive Compartmented Information (TS/SCI).  That is a world-class attention gainer for an audience of many people who had seen it before in proper locations.

This is the first Distinguished Lecture of the 2017 year at the National Atomic Testing Museum in Las Vegas, Nevada.  Mr. Thornton D. Barnes, author and veteran intelligence operative, gave a talk about “The Evolution of the CIA’s Area 51.”

The National Atomic Testing Museum is a national science, history and educational institution that tells the story of America’s nuclear weapons testing program at the Nevada Test Site and beyond. From Atomic Age culture to scientific and technological advances during the latter part of the 20th Century, the museum uses lessons of the past and present to better understand the extent and effect of nuclear testing on worldwide nuclear deterrence and geo-political history.

Mr. Barnes is the president of Roadrunners Internationale, the group of pilots that tested advanced military aircraft at Area 51, and the former executive director of the Nevada Aerospace Hall of Fame. Between projects at Groom Lake, Barnes worked on NASA’s Nuclear Engine for Rocket Vehicle Application (NERVA) at the Nuclear Rocket Development Station on the Nevada Test Site. Barnes also participated in Atomic Energy Commission tests of the atomic bomb. He is the author of several books, including “MiGs Over Nevada” which was approved by the CIA Public Relations Branch.

The Solution to No USAF Unarmed Aircraft – CIA

Mr. Barnes started his talk by referencing the CIA Directorate of Science and Technology History manual. He did discuss the history of how the Office of Strategic Services (OSS) evolved into the CIA. In 1950, it was found the USAF General LeMay was not interested in any unarmed aircraft at the same time Lockeed had developed high-flying reconnaissance aircraft. The CIA had been flying Air American, Inc in covert operations. The CIA became the natural choice to conduct the testing for high-flying reconnaissance aircraft.

Why Nevada for CIA Aircraft Testing Site

In 1950, Nevada had a population of 237,000 residents, and most were involved in wartime work with the military, NASA and the Atomic Energy Commission (AEC). Nevada had long been known as a military friendly state and the belief was the no one would notice yet another war activity. This is why the CIA chose Area 51 in Nevada to conduct flight testing for the U-2.

CIA created Area 51 facility and combined its air space with the adjoining US Air Force Nellis AFB gunnery range, creating the largest contiguous air and ground range. Groom Lake facility was announced by AEC that the construction would be for NASA weather research. The reality was that CIA would conduct flight test on a reconnaissance plane that was more highly classified than the Manhattan Project that developed the atomic bomb. This was done in the era where military secrecy was understood, respected, and valued.

The Commute to Work

The area was a rough undeveloped desert facility. The employees would fly in on Monday and fly home on Friday.  This was done via their own commuter flight program called Janet Airlines.  It was named after the wife of one of the early leaders of the facilities.  Secrecy was important.  They had mobile home trailers for years until temporary wood buildings, and later permanent housing was built.

The Special Projects team members were known by simple code names easy for customers to remember and to protect identity of Area 51 workers. Mr. T.D. Barnes was “Thunder.” Everything was focused on security and Operations Security or OPSEC.  The CIA Special Projects team was composed of many engineers with different specialties. They were often loaned out to other agencies, with most of them coming to Nevada Area 51. While it could be AEC, or a branch of the military, they were always called the customer for security reasons.

There were many stories of reverse engineering the Soviet Tall King Radar to use it to determine how US reconnaissance planes would appear on Soviet radar.  Stories about the various MIG-17 and MIG-21 flying to show US pilots would they would be up against in combat. Mr. Barnes had stories about the first stealth plane A-12 Blackbird and how the Special Projects team would evaluated it.  The US keeps track of the Soviet satellites.  They would move the test planes, U-2s and Stealth planes into hangers to protect against the Soviet eyes.

Successes, there were many

  • U-2 Projects Aquatone/Idealist overflew reconnaissance over Russia
  • A-12 Project OXCART developed America’s first stealth plane
  • A-12 Operation BLACKSHIELD located missiles sites in North Vietnam and located the USS Pueblo seized by North Korea
  • Projects Tagboard and Senior Bowl produced drone technology
  • MIG-21 exploitation Project HAVE DOUGHNUT revealed the reasons for US air combat losses in North Vietnam and sparked the US Navy to initiate the Top Gun Weapons School
  • MiG-17 exploitation Projects HAVE DRILL and HAVE FERRY further revealed the reasons for US air combat losses in North Korea and sparked the US Air Force to initiate the Red Flag Exercises and added aggressors to the Weapons School.
  • Project HAVE BLUE produced the F-117 Stealth plane.

The top success was the CIA produced the fastest and highest flying manned jet plane ever. The most amazing part was that they kept it secret from our enemies.

Space Aliens

It is funny how many people in America will talk about space aliens being hidden at Area 51.  The truth is that there were “UFOs” at Area 51.  They were the U-2, SR-71, A-12, D-21 drone, and other strange shaped airplanes for high altitude flight. The pilots had to wear pressurized suits which made them look strange in the 1960s. The mission was secret. In all of the stories, Area 51 was a success because the CIA developed stealth technology, evaluated proof of concepts, exploited our enemy’s technology, and flew reconnaissance flights over denied territory.  Overall, Area 51 was a highly successful area that promoted American defense. Today’s Cyber Defenders could learn from the past.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded the 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and also served 14 years in the Army. His military assignments include South Korea, Germany and Cuba in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and Secrets to Getting a Federal Government Job.

Giuliani Appointment Puts Administration Spotlight on Cybersecurity

Published with Permission by:
Lint, James R., “Giuliani Appointment Puts Administration Spotlight on Cybersecurity”, In Cyber Defense, 20 Jan. 2017, Web, http://incyberdefense.com/news/giuliani-appointment-cybersecurity/

By James R. Lint
Faculty Member, School of Business, American Military University
Contributor, In Homeland Security

Donald Trump announced last week that former NYC Mayor Rudy Giuliani will be advising the new administration on cybersecurity issues.

Giuliani will head an advisory group from the corporate world because of his “long and very successful government career in law enforcement, and his now sixteen years of work providing security solutions in the private sector,” according to a statement by the Trump transition website.

Trump will host “a series of meetings with senior corporate executives from companies which have faced or are facing challenges similar to those facing the government and public entities today, such as hacking, intrusions, disruptions, manipulations, theft of data and identities, and securing information technology infrastructure,” the GreatAgain.gov website explains.

The goal is to improve the planning and implementation for increasing security of computer systems by drawing on the knowledge and input of corporate leaders. Cybersecurity has become a key issue for Trump, since U.S. intelligence agencies blamed Russia for recent hacking attacks during the U.S. presidential election campaign.

New Cybersecurity Initiative Using Several Avenues to Share Information

The Department of Homeland Security has several avenues to share information with public corporations. Executive Order 13691, Promoting Private Sector Cybersecurity Information Sharing directs DHS to engage “in continuous, collaborative, and inclusive coordination” with information sharing and analysis organizations (ISAOs) via the National Cybersecurity and Communications Integration Center (NCCIC). The NCCIC coordinates cybersecurity information sharing and analysis among the federal government and private-sector partners.

These organizations were created for each of the 16 critical infrastructure sectors. The information technology sector has many government and private sector participants. It appears this new initiative aims to get corporate executives to participate and solve cyber security problems.

What Will Giuliani’s Role Be?

Giuliani’s role in this new cybersecurity initiative is not clear. For example, what will his official position be and how will he interact with DHS? The DHS Office of Cybersecurity and Communications (CS&C) is part of the National Protection and Programs Directorate. Will Giuliani coordinate with the CS&C? Or will he plan for or give direction to the office?

The U.S. Computer Emergency Readiness Team (US-CERT) has broad knowledge of and experience with federal computer systems. The Defense Department is required to report an incident to US-CERT within 12 hours. Public-sector organizations can voluntarily report incidents to US-CERT.

Will Giuliani receive briefings from US-CERT? Will he have the reports filtered via CS&C?

The bottom line is that the new administration sees the value of and need for improved cybersecurity. It appears to be a growing business. It will also be an area for improved employment prospects.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in South Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and also served 14 years in the Army. His military assignments include South Korea, Germany and Cuba in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” and a new book in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea.”