jump to navigation

Don’t be “pwned”- InfoSec 101 November 7, 2011

Posted by Chris Mark in Uncategorized.
Tags: , ,
add a comment

pwned is a term that originated in online gaming and has been adopted by hackers.  It is pronounced ‘owned’ and the origin of the misspelling is not important but you can read about it here.  At a high level to be pwned means to be controlled.  If your 15 inch MacBook Pro laptop is infected with a backdoor program it is fair to say you have been pwned. Back Orifice (a play on MS’s Back Office) is one of the original backdoor programs. Whey is this important?

Companies and people are often under the mistaken belief that cyber criminals are only interested in servers that contain sensitive data.  In truth, user systems often contain information which is valuable.  Users often store usernames and passwords on their desktops and laptops.  Additionally, users often use their email to freely discuss information that can provide significant value to an adversary.  Consider a situation where an executive is discussing new product plans for an upcoming iteration.  Competitors (unethical competitors) would value this information.  It is estimated that intellectual property theft costs the UK 27 billion Pounds annually.

On another note, law enforcement may also have an interest in what is on a personal computer.  While laws vary, under the right circumstances, law enforcement can also track activity on personal computers.  While EU laws are much more strict in this regard, some US companies also track user behavior.  Installing tracking software that can record screenshots, key strokes, and email is a relatively simple process.  While being lawfully monitored and pwned are not the same, the technologies used are similar.

How do you know if you have been pwned?  Well…most of the time you won’t unless the other side wants you to know to send a message.  Often, anomalous activity on your system can be an indication that your system is infected with some form of malware. BlueCoat estimated in 2010 that 48% of systems were infected with malware.  Recent estimates have put the estimates as high as 80%.

So what to do?  Ensure that you use your work system for work and are careful about emailing sensitive info on an ‘untrusted’ system.  Ensure that you keep your system updated with malicious software protection.  Ensure you use a firewall with appropriate rules.  Use complex password.  It is important to remember that once your system is ‘owned’ it is very difficult to repair and have confidence in the system’s security.

Piracy Delaying Food Aid November 4, 2011

Posted by Chris Mark in Piracy & Maritime Security, Uncategorized.
Tags: , , , ,
add a comment

It is well known that some, if not many, Somali pirates, when hijacking vessels, have claimed to represent the “Somali Coast Guard” and other “Somali Interests”.  At the recent Combating Piracy event in London the attendees were told numerous tales about Europeans, Asians, and other who illegally fished the Somali waters and were therefore the cause of the piracy (at least a major cause).  While there is little debate that economic issues are the root cause of many Somalis joining the ranks of pirates, piracy is now beginning to adversely affect the very Somalis that many pirates claim to represent.  According to an article on CNN, piracy is delaying needed food aid to the Horn of Africa. Over 12 million people in the Horn of Africa require some form of food aid. According to Professor Mthuli Ncube, who fulfills a dual role as the bank’s chief economist and vice president the African Development Bank:

“[Piracy] affects the transit of food quickly, where it’s needed by refugees. It also brings up the costs of transporting the food and it goes beyond that into tourism, into the exploitation of hydro-carbons … the issue around fishing and so forth.  But more urgently it is about delivery of food that is being affected.”

Cyber Piracy- Clear and Present Danger (in Maritime Executive) November 2, 2011

Posted by Chris Mark in Piracy & Maritime Security, Uncategorized.
Tags: , , , ,
add a comment

Maritime Executive’s Jack O’Connell published a very good article on cybercrime and its impact on the shipping industry.  Recently, Lloyds list also published an article on the same topic. With the shipping industry taking steps to prevent piracy, pirates are turning to technology to gain advantage over the shipping companies.  Read the article here.

Somali Pirates Suspected Kidnapping Aid Workers October 26, 2011

Posted by Chris Mark in Uncategorized.
Tags: , , , , ,
add a comment

Somali pirates are suspected in the recent abduction of 3 aid workers who were working in Somali for a Danish aid group.  The group issued a statement that said:  “Today, at 3 pm (1200 GMT) in Somalia, three staff members from the Danish Demining Group have been kidnapped. One is a Somali man, two are international staff members, an American woman and a Danish man.”  Earlier this month  Somali gunmen kidnapped two Spanish staff working for Medicins Sans Frontieres (MSF) from the Dadaab refugee camp in northern Kenya on October 13 and took them across the border into the anarchic Horn of Africa nation.  A Somali pirate who gave his name as Abdi told Reuters from Galkayo that a group of pirates was behind the abduction and the captives were being taken to a coastal haven.Previously, three people had been kidnapped from Kenya by Somali pirates and one killed.  As more vessels employ BMP and armed guards it is clear that pirates will simply look for new avenues to replace he revenue they are losing.

Al Shabaab, Somali Piracy link Growing? October 26, 2011

Posted by Chris Mark in Piracy & Maritime Security, Uncategorized.
Tags: , , , ,
add a comment

According to a report in Reuters, the UN stated that the link between Al Shabaab and Somali pirates is growing.  This was stated by the UN’s head of counter piracy, Colonel John Steed at the Combating Piracy event in London, England last week.  “There is a growing link and growing cooperation between al Shabaab who are desperate for funding and resources with other criminal gangs and with pirates,” said Colonel John Steed.  Notice that the statement is less than definitive.  During the event last week Colonel Steed was questioned very pointedly about the UN”s position that Al Shabaab and pirates are working more closely together.  Additionally, numerous other speakers were definitive in their position that piracy was NOT associated with Shabaab and was a purely financial, and criminal effort.

While there is little doubt that Shabaab is looking for new funding sources, the prevailing opinion among those at the event appeared to be that the UN’s insistence on correlating piracy with terrorism was little more than an attempt gather international attention to the issue of piracy within Somalia and attract international efforts to combat piracy.