Posts

NSA Speaker Rob Joyce Offers Cybersecurity Insights at DEF CON 26

Published with Permission by:
Lint, James R., “NSA Speaker Rob Joyce Offers Cybersecurity Insights at DEF CON 26”, In Cyber Defense, 17 August 2018, Web, https://incyberdefense.com/exclusive/nsa-speaker-rob-joyce-offers-cybersecurity-insights-def-con-26/

By James Lint
Senior Editor forInCyberDefense and Contributor, In Homeland Security

Rob Joyce, the Senior Advisor for Cybersecurity Strategy at the National Security Agency (NSA), was an interesting kickoff speaker for DEF CON 26. He has attended this hacker’s convention for many years. Joyce attended this year’s conference not only to give his talk but also for recruitment purposes.

Information Technology Is a Worldwide Game Changer, Joyce Says

Information technology is a worldwide game changer and is increasing the number of people online, according to Joyce. In 2017, 4.16 billion people (54% of the global population) were online.

While social media sites such as Facebook and Twitter encouraged the development of online communities, the growth of Bitcoin and other cryptocurrencies, the Internet of Things (IoT) and cloud computing have accelerated the evolution and increased online communities. Consequently, there have been more cybersecurity hacking incidents.

Major cybersecurity incidents have included:

  • The Office of Personnel Management database hack between 2014-15 by Chinese actors
  • The attack on Ukraine’s electrical grid in 2016
  • The WannaCry ransomware attack from North Korea that knocked out computers in 150 countries in 24 hours in 2017
  • The Russian cyber attack on the 2018 Winter Olympics, which took Internet and Wi-Fi access and the Olympics website down for 12 hours

Joyce Reviews Today’s Cyber Threats

Joyce discussed the current threats that are affecting the U.S. and cyber security domains. He noted that high-end cyber threat activity continues to become more sophisticated, while the level of expertise required for hacking has decreased.

This change is due to new Internet tools that have become easier for hackers to use. Joyce noted that hacking has clearly moved from mere exploitation to active disruption of operations and organizations.

Many of the Chinese hacks were not attacks to destroy or even disrupt systems. Instead, Joyce observed, the Chinese hacks were intended as cyberespionage.

An interesting area that Joyce examined was the growing use of information operations using cyber intrusions to spread misinformation. Cyber intrusions into social media platforms have been used to create additional followers or fake accounts. This practice allows threat actors to push a storyline or create malicious propaganda campaigns, as we’ve seen during election cycles.

Joyce Offered Prediction on Where Cybersecurity Is Going in the Future

As a result of Joyce’s speech, some attendees explored career opportunities with NSA. This agency is continuing to incorporate innovative technology in cyber defense, such as analytics tools and the knowledge gained from them.

NSA also collaborates with the Department of Homeland Security to pass along cyber threats to the affected industries. In the future, Joyce predicted, there will be more communication between agencies and other organizations to stop cyber threats to the United States.

Conferences Such As DEF CON 26 Provide Unique Window into Government Agencies

Normally, you do not encounter NSA personnel unless you reside in the Washington, D.C., metro area. However, DEF CON 26, provides a unique opportunity to talk to, ask questions of and learn from senior government officials, including those from NSA.

About the Author

James R. Lint retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 51st scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” a book published in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

Cyber Security Professionals Must Prevent Attacks or Be Terminated

Published with Permission by:
Lint, James R., “Cyber Security Professionals Must Prevent Attacks or Be Terminated”, In Cyber Defense, 14 June 2017, Web, http://incyberdefense.com/james-lint/cyber-security-professionals-must-prevent-attacks-terminated/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

My recent article, “Cyber Defenders Are Often Not Fired, When Others Would Be” stirred responses from many physical security professionals. The common theme was that there are standards in physical security, but the cyber security problem is too difficult to solve. Cyber defenders, however, know standards and solutions are available.

Cyber Defense Standards Can Be Found

The National Institute of Standards and Technology (NIST) has created a cyber security framework for private sector organizations to assess their ability to prevent, detect and respond to cyberattacks.

The “The Framework, which was created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure.”

Also, on May 11, 2017, the White House released a Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.

The United States Computer Emergency Readiness Team, a division of the Department of Homeland Security, (US-CERT) website states that US-CERT “strives for a safer, stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world.”

The US-CERT website has numerous publications, alerts, tips, and resources. It is updated daily, and has many ways to be contacted.  Any cyber defenders who have not signed up for the alerts and tips email list are missing good professional development and also timely protection information for their organizations.

Comparisons of Physical Security and Cyber Security

Many physical security personnel are not trained in cyber security, just as many cyber security personnel are not trained in physical security. Training helps both.

Physical security specialists are trained for many different sectors such as government security, security for intelligence facilities, shopping centers, banks, and hospitals. No one is an expert in all of those sectors. The security standards for a Top Secret intelligence facility are much different from those of a hospital. In turn, a hospital security is different than that of a bank.  With all the knowledge needed in these sectors, why would some people think they can also be experts in cyber security/defense?

Cyber Defenders Must Install Updates

Companies that do not upgrade their software are as derelict as those companies that leave a door open to thieves.

On Friday, May 12, the BBC reported an international ransomware attack involving hackers using ransomware called WanaCrypt0r 2.0. As many as 74 countries, including the U.K., U.S., China, Russia, Spain, Italy and Taiwan, were affected. Thousands of computers were locked by a program that demanded $300 in Bitcoin for each hacked computer. But in March Microsoft had issued the first patch to prevent the WannaCry attack.

That means all those companies and officials who were affected by WannaCry Ransomware could have prevented the attack if they had installed Microsoft’s update and upgrades two months earlier.

Why are boards of directors not firing CIOs and senior IT managers who fail to take steps to prevent cyberattacks?  Why are they not firing CEOs who did not ensure that their CIOs and IT managers implemented the Microsoft update patches? Why do they treat cyber security personnel so cavalierly but do not reprimand or fire physical security personnel who make similar errors?

Visual Comparison of Security Physical Holes and Unpatched or Upgraded Networks

If a company does not repair a large hole in its building for two months, wouldn’t that be cause for termination of its security manager? Would that business’s insurance company continue to insure a firm with a large hole in its building?

If you don’t patch a hole in your fence, people will think you are incompetent or lazy. If you leave a large hole in your building you should be fired for cause. Why do we not hold CIOs to the same standard of responsibility? It really is that simple. There will be new innovative hacks in the future. But any security professional who does not deal with existing vulnerabilities should be fired.

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”

WannaCry Ransomware Leads to Discovery of Earlier Hack

Published with Permission by:
Lint, James R., “WannaCry Ransomware Leads to Discovery of Earlier Hack”, In Cyber Defense, 06 June 2017, Web, http://incyberdefense.com/news/wannacry-ransomware-leads-discovery-earlier-hack/

By James Lint
Faculty Member, School of Business, American Military University
Senior Editor for
 In Cyber Defense and Contributor, In Homeland Security

There is a new attack related to the recent international WannaCry (also known as WanaCrypt0r 2.0) hack that occurred between May 12 and May 14. As of May 14, this hack had affected more than 70,000 computers and netted the hackers at least $15 million.

Yahoo Tech News reported that “The new attack targets the same vulnerabilities the WannaCry ransomware worm exploited but, rather than freeze files, [it] uses the hundreds of thousands of computers believed to have been infected to mine virtual currency.”

Bitcoin and other cyber currencies can be mined by allowing your computer to be used to solve math problems. In the past, it has been something that people volunteered to do to earn cybercurrency.

Filipino news source Agence France-Press states, “virtual currencies such as Monero and Bitcoin use the computers of volunteers for recording transactions. They are said to “mine” for the currency and are occasionally rewarded with a piece of it.”

WannaCry Hack Led Researchers to Discover Earlier Malware Attack

ABC News reported that “While investigating the WannaCry ransomware attacks, researchers at the cybersecurity firm Proofpoint stumbled upon another ‘less noisy’ form of malware called Adylkuzz that, the firm says, has likely generated millions of dollars in cryptocurrency for the unknown attackers.” Monero, a cybercurrency, has been named as a target for Adylkuzz.

“I would say the real-world impact of this attack is going to be more substantial than WannaCry,” Ryan Kalember, the senior vice president for cybersecurity at Proofpoint, told ABC News. “Ransomware is painful, but you can restore operations relatively quickly. Here, you have a huge amount of money landing in some bad people’s hands. That has geopolitical consequences.”

Proofpoint identified Adylkuzz attacks dating back to May 2. Those attacks predate the WannaCry attacks, making Adylkuzz the first known widespread use of the leaked NSA hacking tools. It remained undetected for so long, Kalember says, because its impact on users is far less noticeable than ransomware.

“It takes over your computer, but you probably don’t notice anything other than that the system runs really slow,” Kalember said. “Your computer might be mining cryptocurrency for some very bad people.”

Does the US Dominate the Strategic Cyber Battlefield?

The U.S. Army has published doctrine for Army Field Manual 3-12, “Cyberspace and Electronic Warfare Operations.” This manual notes that the U.S. may not dominate the cyber battlefield. The doctrine seeks to upgrade tactics and techniques for cybersecurity, while realizing that cybersecurity is a domain of combat, just as air, land and sea are domains.

Ryan Kalember at Proofpoint and many others have indicated that North Korean-backed hackers called the Lazarus Group might be responsible for the WannaCry hack. This group has been linked to a similar cryptocurrency mining attack in late 2016. However, no final attribution for the WannaCry hack has been determined, because attribution often takes months to complete.

North Korea Could Be Earning Funds from Cyber Attacks

North Korea has suffered sanctions for decades. Pyongyang’s recent actions of increasing construction of nuclear and missile facilities and missile tests have caused other countries to call for increased sanctions.

How is North Korea able to afford its nuclear program? The country could be behind cybercurrency mining.

The cyber battlefield is level with many countries focusing on cyber tools. Some of these countries are experiencing financial difficulties due to sanctions and embargoes.

By turning to cybercurrency, these countries are attempting to solve their financial problems through cybercurrency mining or ransomware. Their actions could be solutions to the diplomatic actions against them. While diplomatic and military tactics controlled rogue nations in the past, they are less effective in today’s cyber environment.

How to Protect Your Computer from Ransomware Attacks

To better protect your own computer, update your operating system often. Microsoft issued the first patch to prevent the WannaCry attack in March 2017.

A second update has been issued to block Adylkuzz. If you do not take care of your computer, you will be at risk. You will be vulnerable to ransomware and other attacks. If your computer’s operating system is running slowly, be sure to update it and your antivirus software at the same time.

Stay secure!

About the Author

James R. Lint recently retired as the (GG-15) civilian director for intelligence and security, G2, U.S. Army Communications Electronics Command. He is an adjunct professor at AMU. James has been involved in cyberespionage events from just after the turn of the century in Korea supporting 1st Signal Brigade to the DHS Office of Intelligence and Analysis as the first government cyber intelligence analyst. He has 38 years of experience in military intelligence with the U.S. Marine Corps, U.S. Army, government contracting and civil service.

Additionally, James started the Lint Center for National Security Studies, a nonprofit charity that recently awarded its 45th scholarship for national security students and professionals. James was also elected as the 2015 national vice president for the Military Intelligence Corps Association. He has also served in the Department of Energy’s S&S Security Office after his active military career in the Marine Corps for seven years and 14 years in the Army. His military assignments include South Korea, Germany and Cuba, in addition to numerous CONUS locations. In 2017, he was appointed to the position of Adjutant for The American Legion, China Post 1. James has authored a book published in 2013, “Leadership and Management Lessons Learned,” in 2016 “8 Eyes on Korea, A Travel Perspective of Seoul, Korea,” and a new book in 2017 Secrets to Getting a Federal Government Job.”