Posts

Iranian Hackers Charged with Hacks of 144 U.S. Universities

Published with Permission by:
Lint, James R., “Iranian Hackers Charged with Hacks of 144 US Universities”, In Cyber Defense, 28 March 2018, Web, https://incyberdefense.com/featured/iranian-hackers-charged-hacks-144-us-universities/

By James Lint
Senior Editor for InCyberDefense and Contributor, In Homeland Security

Many cyber defenders watch for Chinese and Russian hackers. However, we must not forget that smaller countries are also in the cyber attack game.

The U.S. Department of Justice and the Department of the Treasury’s Office of Foreign Assets Control determined that nine Iranians hacked the computer systems of 144 American universities, ZDNet reported.

The Iranian hackers worked in cooperation with the Islamic Revolutionary Guard Corps, the Mabna Institute (an Iranian hacker network) and the Iranian government to steal 31.5 terabytes of valuable data.

“In all, 320 universities around the world were attacked along with several U.S. government entities, including the Department of Labor, [the] United Nations, and the Federal Energy Regulatory Commission,” ZDNet added.

Wide-Ranging Impact of Iranian Hackers

The “massive and brazen cyber assault” was “one of the largest state-sponsored hacking campaigns ever prosecuted by the Department of Justice,” U.S. Attorney Geoffrey Berman of the Southern District of New York told a news conference on March 23.

According to the indictment cited by Sciencemag.org, “3,768 of the hacked professors were at 144 U.S. universities, and the attackers stole data that cost these institutions about $3.4 billion to ‘procure and access.’” Data stolen by the Iranian hackers includes scientific research, dissertations and journals.

The hack was intended to help Iranian universities gain access to foreign scientific resources. The indictment notes that the stolen data will also assist scientific and research organizations in Iran.

The FBI website reported that “the hackers stole more than 30 terabytes of academic data and intellectual property—roughly three times the amount of data in the print collection of the Library of Congress.”

Iranian Hackers Used Password Spray Attacks to Penetrate Other Computer Systems

According to the FBI investigation, a group of malicious cyber actors working for the Iran-based Mabna Institute conducted coordinated and broadly targeted password spray attacks against organizations in the United States and abroad. Victims of Mabna attacks often lack multi-factor authentication (MFA) and preventative network activity alerts. The lack of security measures allowed the Iranian hackers to easily guess passwords such as “Winter2018” and “Password123!”

Unlike a brute force attack, in which a would-be penetrator will obtain a single email account’s password by trying all possible combinations in sequence, spray attacks search for accounts with the easiest passwords. This attack method does not trip safety lockouts because the hacker tries only a few simple passwords before moving on to someone else’s account.

An FBI alert offers a good description of spray attacks: “During a password spray attack, a malicious actor attempts a single password against a population of accounts before moving on to attempt a second password against the accounts, and so on.” In other words, a spray attack searches multiple accounts for simple passwords.

Defendants Cannot Leave Iran without Fear of Capture and Extradition to US

The nine defendants in the U.S. university hack scheme are believed to be in Iran. “These defendants are no longer free to travel outside of Iran without the fear of being arrested and extradited to the United States. The only way they can see the rest of the world is through their computer screen, but not stripped of their greatest asset, anonymity,” Berman said.

Tips on Improving Your Cyber Defense

  • Review password policies to ensure they align with the latest NIST guidelines. Never use easy-to-guess passwords, which is the key to defense against this type of cyber attack.
  • Review IT Helpdesk password management of initial passwords, password resets for user lockouts and shared accounts. IT Helpdesk password procedures may not align with company policy, creating a security gap that hackers can exploit.

Cyber Defenders Need to Constantly Learn about New Cyber Attack Methods

Cyber defenders should stay current about new attack methods and older techniques. By keeping your end users informed, you can prevent simple cyber attacks from happening.

In addition, cyber defenders should use government resources to keep their knowledge up to date. One key tool could be Infragard, which is run by the FBI and has chapters in all 50 states. Your local FBI Liaison can help you access the Infragard portal.

Another good resource is US-CERT.gov. This site does not require a signup, but it does hold various events for cyber defenders. Its current activities and announcements show both system vulnerabilities and announcements on system threats.

Cyber defenders who stay current on various cyber threats are force multipliers for their organizations. They are much less likely to be surprised by people targeting their computer systems.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 49th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

DEFCON Hacking Conference Features Diversity as Its Mission

Published with Permission by:
Lint, James R., “DEFCON Hacking Conference Features Diversity as Its Mission”, In Cyber Defense, 3 August 2017, Web, http://incyberdefense.com/news/defcon-hacking-conference-features-diversity-mission/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

The DEFCON Hacker Conference in Las Vegas celebrated its 25th anniversary on July 28-30, 2017, in Las Vegas.

People keep coming back to DEFCON because of the unique quality of the conference presentations. They are often on topics that most organizations would not want to publicize: computer hacking, robots hacking safes, implanting passwords and cognitive memory. The speakers are all experienced in the hobby and profession of hacking into computers.

Yesterday’s ‘Hackers’ Are Today’s ‘Security Researchers’

DEFCON attendees who stroll DEFCON’s villages for information and new security ideas are sometimes called “hackers.” Many of the old “hackers” now have titles like information technology “researchers” as industries fight to hire those who can think outside the box and discover computer vulnerabilities before they become problems. Brilliant people discovering problems to be solved are important, but how they label their “hobby” is no longer important.

Multiple ‘Villages’ Are Devoted to Diverse Topics

DEFCON’s mission of diversity is fostered by “villages,” a series of conference areas devoted to specific topics. For example, the Biohacking Village website describes it as “a biotechnology conference focused on breakthrough DIY, grinder, transhumanist, medical technology, and information security along with its related communities in the open source ecosystem.”

Cars Hacking Village Offers Information to Correct Auto Industry Vulnerabilities

The Car Hacking Village, now in its third year at DEFCON, has been helpful to the auto industry in exposing vulnerabilities before a crisis. The wireless interfaces built into today’s vehicles make them virtual computers on wheels.

Computers have been hacked for decades, so why would anyone expect cars not to be hacked? One of the talks this year, “That’s no car. It’s a network!” explained how auto manufacturers try to discover software and network vulnerabilities from improperly written software code before there is a fatal crash.

Crypto and Privacy Village Provides Platform for Discussing Privacy Maintenance

The Crypto and Privacy Village provides little information online, which says something about its focus. One of the scheduled talks, “Privacy is Not An Add-On: Designing for Privacy from the Ground Up,” described different ways to maintain privacy using a variety of tools.

Hardware Hacking Village Discusses VoIP, Reverse Engineering and Sustainability

Discussions in the Hardware Hacking Village ranged from VoIP (Voice over Internet Protocol) phone hacking to reverse engineering. An unusual workshop explained component desoldering and recovery, which are useful techniques as landfills are filling up with technology waste.

Internet of Things (IoT) Village Promotes Security Advancements

According to its website , “IoT Village delivers advocacy for and expertise on security advancements in Internet of Things devices.” This is one area that has many people in business worried about security being an afterthought. Over the years, the DEFCON IoT Village has displayed and discovered 113 new vulnerabilities in connected devices that were reported to manufacturers so they can make their devices safer and more secure.

Packet Hacking Village Pinpoints Security Vulnerabilities

The Packet Hacking Village featured talks and hands-on workshops. It also had an interesting presentation schedule that included its “Wall of Sheep” display, highlighting vulnerable systems that are ready “for slaughter.” Visitors were able to have a free security assessment to ensure that their system was not listed on the Wall of Sheep.

Other Villages Offer Additional Topics of Interest to Attendees

Other villages included social engineering (also known as human hacking), wireless, lock picking, Industrial Controls Systems and the Packet Hacking Village. To show the ability of DEFCON to evolve and stay current, there was even a Voting Machine Hacking Village.

Multiple Villages Provide a Variety of Information for Hackers and Security Researchers

The multitude of villages helps DEFCON to improve each year. These improvements provide both hackers and security researchers with learning and growth areas, while they exchange topics and new tools to improve the security of our networks and cyber programs. As the skills of DEFCON attendees improve, they will be better able to handle current and emerging cyber threats.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

Ransomware Could Escalate into Strategic Attacks on the US

Published with Permission by:
Lint, James R., “Ransomware Could Escalate into Strategic Attacks on the US”, In Cyber Defense, 10 Apr. 2017, Web, http://incyberdefense.com/news/ransomware-escalate-strategic-attacks-us/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

After writing a series of articles on ransomware, I started thinking about how ransomware could be used in a strategic attack nationwide, rather than the attacks we’ve seen so far on business and personal computers. While a hospital’s $17,000 payout to ransomware thieves is considered big news, the consequences of a national ransomware attack on U.S. computers would be even more devastating.

Taking the tactical attack to the next logical level means a strategic attack that is bigger in impact and payout. Remember, the 9/11 Commission Final Report stated that the “most important failure” leading to the attacks was “one of imagination.” It concluded, “We do not believe leaders understood the gravity of the threat.”

Former New Jersey Governor Tom Kean, the chairman of the 9/11 Commission, said: “[The attackers] penetrated the defenses of the most powerful nation in the world. They inflicted unbearable trauma on our people, and at the same time, they turned the international order upside down.”

Are we again failing to use our imagination? What would be the worst scenario involving ransomware, a relatively new and growing hackers’ tool in 2016-17? This type of thinking sounds like a depressing way to make a living, but that is what our nation’s intelligence analysts must think about and anticipate. Thinking in the same way as an enemy requires special training, and that training must continually improve.

What If Hackers Were Able to Control a Vital US Installation?

Joseph Marks, writing in NextGov, discussed the potential of hackers holding government infrastructure hostage. “If hackers were able to seize the controls of a critical infrastructure asset such as a dam or airport where they could cause major property destruction and loss of life, the ransom demand could be huge, [McAfee Chief Technology Officer Steve] Grobman said, and there’s a good chance the asset owner or the government would have to pay up.”

What would happen if the attack came from someone other than a conventional criminal hacker? Suppose the attacker was a nation-state or terrorist group that took control of a major dam and demanded that the U.S. government pay a ransom to prevent an area or town from being flooded? What if a small country wanted money to turn the electricity back on in New York City after an outage caused by ransomware?

In March 2016, Bloomberg Technology reported, “Hackers linked to the Iranian government launched cyber-attacks on some four dozen U.S. financial institutions and a flood-control dam north of New York City in forays meant to undermine U.S. markets and national security, according to federal prosecutors.”

Beginning in 2011, Iran-based hackers targeted the New York stock exchange, NASDAQ, Bank of America Corp., JPMorgan Chase & Co. and AT&T Inc. “One of them gained unauthorized remote access to a computer controlling the Bowman Avenue Dam in Rye, New York, for about three weeks beginning in 2013, according to the indictment,” the article reported.

The hackers were thought to be working for the Tehran government and the Islamic Revolutionary Guard Corps, a well-disciplined military organization. Following the indictments, the United States placed sanctions on Iran.

Now Is the Time to Prepare for a Strategic Ransomware Attack

Hackers have been indicted in China and sanctions have been levied against North Korea for hacking. A number of countries have already studied our networks. Most of the focus has been on the tactical ransomware on businesses and people. It does not take a lot of imagination to see the potential impact of a strategic attack on our nation’s infrastructure.

The impact of a strategic attack is huge. Now is the time to prepare for a ransomware attack from a wily enemy, its aftermath and crisis management. Let’s not be guilty of another “failure of imagination.”

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

Ransomware Targets Continue to Pay Hackers

Published with Permission by:
Lint, James R. & Kim, Dr. Yoohwan, “Ransomware Targets Continue to Pay Hackers”, In Cyber Defense, 15 Mar. 2017, Web, http://incyberdefense.com/news/ransomware-targets-continue-pay-hackers/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

By Yoohwan Kim, Ph.D.  
CISSP, CISA, CEH, CPT Associate Professor Computer Science Department University of Nevada Las Vegas

Ransomware attacks spiked 6,000% in 2016, with more than 4,000 attacks occurring each day. This is an increase from 1,000 attacks a day in 2015.

As famed bank robber Willie Sutton once said, “I rob banks because that is where the money is.” Contemporary bank robbers are seldom as successful and certainly nowhere close to these ransomware statistics. Ransomware is the new criminal money-making industry.

Co-author Dr. Yoohwan Kim, a speaker at the Las Vegas USSS Electronic Crimes Task Force quarterly meeting on March 3, 2017, provided research for this article. Some of that research came from an IBM Security Report, which also noted the 6,000% spike in 2016.

Ransomware Is a Costly Problem for Many Organizations

Ransomware is a type of malware that prevents users from accessing their computer systems. This malware targets critical data and systems for the purpose of extortion, either by locking the system’s screen or by locking the victims’ files until a ransom is paid.

Check Point’s ThreatCloud World Cyber Threat Map currently contains 250 million addresses and 11 million malware signatures. There is a steady increase in ransomware successes by hostile actors. More than 2,000 new ransomware programs are developed every month.

Perhaps a better term would be crypto-ransomware: Your files are encrypted and you are locked out from important data. The criminals then demand payment for the key to unlock the encryption.

Who Is Vulnerable to Ransomware?

Hollywood Presbyterian Medical Center in California lost control of its data for more than a week due to a ransomware attack. The hospital paid the ransom with 40 bitcoins worth $17,000 and the hospital regained control of its data.

Allen Stefanek, president and CEO of HPMC, said: “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”

The San Francisco Municipal Transportation Agency was attacked on November 28, 2016. The hostile actors demanded 100 bitcoins or $73,000. The attack took all ticket machines offline for the day and affected more than 2,000 systems and computers. Rather than shut down the rail system, the agency allowed users to travel for free.

Police Departments Can Be Targets

The police department in Tewksbury, Massachusetts, made a $500 payment after enlisting the help of the FBI. Similarly, a police computer in Swansea, Massachusetts, was hit with a ransomware attack. The police department decided to pay the ransom of two bitcoins (about $750) rather than try to figure out how to break the lock.

There are many similar targets, and most victims pay the scammers rather than risk losing critical data. The targets can be anyone. And when threat actors live outside the United States, U.S. money can be an enticing target due to the high cost of living in many of the home countries of ransomware operations.

Ransomware Business Is Booming and Growing More Professional

Revenue from the Cryptowall 3.0 program – the most popular ransomware program among hostile actors – reached $325 million through October 2015, according to the Cyber Threat Alliance.

In all, hostile actors earned $24 million in 2015. The FBI said hackers earned $209 million in the first quarter of 2016.  Experts project that criminals will use ransomware to earn over $1 billion in 2017.

An interesting phenomenon is that ransomware is becoming more business-like in its operations, including live customer support to negotiate fees and deadlines. Good customer service gives ransom victims the confidence to pay and regain control of their files. Bitcoin virtual payments provide secure transactions for the criminals.

If an extortionist attacks your computer with ransomware, report the attack to local authorities and the FBI’s Internet Crime Complaint Center (IC3) as soon as possible. This practice will allow law enforcement to track the growth of the ransomware industry. It will also help all of us to understand new ransomware trends and potential methods to protect ourselves.

About the Authors

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.

Dr. Yoohwan Kim is an Associate Professor in the Department of Computer Science at University of Nevada Las Vegas (UNLV). He received his Ph.D. degree from Case Western Reserve University in 2003 in the area of network security (DDoS attack mitigation). His research expertise includes secure network protocols, unmanned aircraft systems (UAS) communications and cyber-physical system (CPS) security. He has published over 90 papers in peer-reviewed journals and conferences, and has 6 patents granted or pending. His research has been sponsored by Microsoft Research, the U.S. Air Force, Naval Air Warfare Center, Oak Ridge National Laboratory, National Security Technologies and the National Science Foundation. Before joining UNLV, he has had broad experience in the IT industry as a management information systems consultant at Andersen Consulting (now Accenture), a database programmer at Cleveland Clinic Foundation, a software engineer at Lucent Technologies and his own start-up company. 

Will We See a Decline in Cyber Threats in 2017?

Published with Permission by:
Lint, James R., “Will We See a Decline in Cyber Threats in 2017?”, In Cyber Defense, 15 Feb. 2017, Web, http://incyberdefense.com/news/will-see-decline-cyber-threats-2017/

Commentary by James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

It’s still early enough in the New Year to make predictions about cyber threats and malware attacks in 2017.

Ransomware Exploitation

First, I think ransomware attacks will likely decline by the end of the year. Ransomware is malicious software that extortionist hackers use to lock a target’s computer with encryption and then demand payment to unlock the computer.

Criminally obtained funds from a single type of ransomware has yielded as much as $325 million, according to McAfee Labs Threats Predictions. This gives cyber extortionists the funds for research and development to overcome anti-ransomware technologies.

McAfee Labs forecasts that the effectiveness of ransomware attacks will be reduced partly due to initiatives like “No More Ransom!” and the development of anti-ransomware technologies.

Ransomware attacks might also decrease due to their widespread use in recent years and the increasing costs to mount them due to law enforcement action. There is also hope that continued law enforcement actions, including arrests and the accompanying loss of hackers’ funds, will make ransomware operations too expensive to continue.

The issue will come down to which side will overcome the other.

‘Drone Jacking’ Places Threats in the Sky

Drones have become the new tool for shippers, law enforcement, news photographers and farmers. And new uses for drones are being developed all the time. Dronejacking too is new and the threats to drones are increasing.

The McAfee Labs report states, “Recently, we saw an example of a drone outfitted with a full hacking suite that would allow it to land on the roof of a home, business, or critical infrastructure facility and attempt to hack into the local wireless network.”

The DEFCON 2015 hacking convention showed the proof of concept that an individual could take control of a toy drone. While a small toy drone is interesting, the software in it is similar to the software in more expensive and larger drones. “Dronejacking” has now entered our vocabulary and threat matrix and should be of concern to all cyber defenders.

With drone shipping, high-value items and medicines could be diverted from their intended address to another landing area. A dronejacker could sit in a pickup truck, direct a targeted drone to land in the pickup bed and steal the drone’s cargo.

Such illegal activities would precipitate a technology race for shippers to put encrypted trackers on drones to thwart hacker attacks. Drone hackers, of course, will try to develop new tools to destroy drone communications and control. In the end, it will be up to industry to build better safeguards into the drone systems and ground stations

Depending on the industry, the development of useful drones will determine when we will see the first spectacular drone hack. The first one will be for underground notoriety but after that, drone jackings will be for criminal profits. Look for drone jacking in the news near the end of 2017 or in first half of 2018.

Another prediction is that if captured drones are destroyed or lost, shippers will soon find drones too expensive to use and end the practice. An end to drone shipping would also eliminate use of the word drone jacking.

Machine Learning Accelerates Social Engineering Attacks

The McAfee Labs report warns “that cybercriminals are leveraging machine learning to target victims. We expect that the accessibility of machine learning will accelerate and sharpen social engineering attacks in 2017.”

Hackers routinely access corporate networks and collect a great deal of information on their executives and key financial personnel. Machine learning tools to conduct complex analyses are publically available, creating the opportunity for cyberattacks far more sophisticated than simple target selection. Such attacks could include probes into decision makers’ business plans, proprietary information and ancillary activities such as executives’ vacations, travel or ill relatives.

The FBI calls these well-researched cyber attacks Business Email Compromise (BEC) scams. The hackers target personnel with financial responsibility or authority to write checks. For example, by analyzing hacked corporate data, the hackers learn that the CEO is taking a trip out of the country.

The trip includes many hours of air travel, poor communications and time zone changes. That is when the threat actors send an email in the executive’s name to a company financial officer to cut a large check and send it to an account number that belongs to the threat actors.

The McAfee report further states: “Cybercriminals know that sending a well-crafted email to a financially responsible team member, purporting to be from a leader of an organization and indicating urgency, results in a meaningful success rate in completing fraudulent transactions.”

This information is all mined and analyzed with machine learning tools. These tools are much quicker and give the best advantage for threat actors because machine learning keeps improving.

Machine learning use in criminal activity and BEC will increase in 2017. The money made by organizations using machine learning and the ability to crunch large data sets will give actionable intelligence for criminal activity. This will cause an increase of the use of machine learning for crime. In the end, machine learning is cost-effective, with a business case shown by FBI statistics that “more than $3 billion has been stolen, with victims in all 50 states and 100 countries.”

Cyber Espionage Will Continue to Target Intellectual Property and Stat Secrets

“Cyber operations from China are still targeting and exploiting U.S. government, defense industry, academic and private computer networks,” U.S. Cyber Command Admiral Michael S. Rogers said last April during testimony before a Senate committee.

The McAfee Labs report agrees with Adm. Rogers. “Cyber espionage will always be present, either as part of a nation-state’s intelligence operations or run by organized groups that will hunt for proprietary intelligence and offer it for sale.”

The greatest threat will be to U.S. government organizations and defense contractors. Cyber espionage against defense organizations and contractors will continue to be a weak link exploited by adversary nation states. In the past, a spy passing off a duffel bag of classified material to his foreign handler was considered a successful spy operation. Today, with small hard drives or thumb drives, the theft of terabytes of data is not unusual.

In the last three years, there has been an increased focus by the federal government to protect classified information from traitors and cyber theft. With this emphasis, there may be more successful apprehensions like that of former NSA contractor Harold T. Martin, who has been charged with stealing 50 terabytes of classified information over a 20-year period.

Technology created some of the vulnerabilities, and technology is fixing some of the vulnerabilities. The expectation is that the duel between cyber criminals and cyber defenders will be a draw or a tied game at the end of 2017.

Police and Hackers Will Have More Successes in 2017

No one will predict an overwhelming success for either side of the battle. The police have learned and created successful takedowns in 2016 of Botnets, DDoS and ransomware attacks. But until the threat actors evaluate the risk as too high, they will not stop their attacks.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 43rd scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.