Combining Blog Content (GlobalRiskInfo / DrHeatherMark) May 31, 2012
Posted by Chris Mark in News, Politics.Tags: Chris Mark, cybercrime, Dr. Heather Mark, InfoSec, InfoSec & Privacy, risk, risk management, security
add a comment
In the near term I will begin integrating blog content from Dr. Heather Mark’s privacy and payments blog. This will give new information and insight into privacy, regulatory, and information security issues. We will be combing both blogs into GlobalRiskInfo. Please stay tuned and, in the meantime,take a spin through Heather’ blog!
“Flame On!”- New CyberWeapon Discovered in Middle East May 28, 2012
Posted by Chris Mark in cyberespionage, cybersecurity, InfoSec & Privacy, News, terrorism.Tags: Chris Mark, cybercrime, cyberespionage, cybersecurity, data theft, Duqu, Flame, hack, InfoSec, Kapersky, security, Stuxnet
1 comment so far
Complementing the post CyberEspionage, researchers have discovered a new cyberweapon. First there was Stuxnet, then there was Duqu..now there is Flame. Called by a researcher: “…the most complex piece of malicious software discovered to date…” the recently discovered virus is designed to capture data but can also change computer setting and turn on integrated microphones to record what is being said in the room. Kapersky labs discovered the virus, dubbed “Flame”, which has been lurking undetected inside of thousands of computers in the Middle East for as long as 5 years. According to Kapersky, the countries with the most infections include Iran with the most infections followed by Israel/Palestine area, Syria, and Sudan. According to Kapersky senior researcher Roel Schouwenberg: “The virus contains about 20 times as much code as Stuxnet, which attacked an Iranian uranium enrichment facility, causing centrifuges to fail. It has about 100 times as much code as a typical virus designed to steal financial information”. (more…)
“Semper Fi?” – Marines Convicted of Selling Weapons to Gangs & China May 15, 2012
Posted by Chris Mark in News, terrorism, weapons and tactics.Tags: Adam Reich, Camp Lejeune, Chris Mark, M4, Marines, MARSOC, NCIS, security, trust but verify, USMC
1 comment so far
As a former Marine, this is a difficult story for me to write. It does however highlight the importance of the concept of “trust but verify” within security. As reported in the Jacksonville Daily News, a 2 year investigation by the Naval Criminal Investigation Service (NCIS) has uncovered an operation where 49 Marines and 21 civilians stole and then sold almost $2 million worth of weapons and equipment. Many of the Marines were stationed at Camp Lejeune, NC and much of the gear was sold on eBay, Craigslist or in face to face meetings. One of the Marines was a member of the elite Marines Special Operations Command and served with the 3rd Special Operations Battalion. As stated in the article: “Sgt. Daniel Adam Reich, a former member of 3rd Marine Special Operations Battalion, was convicted of selling and attempting to sell military property and conspiracy. He was sentenced to 40 months in prison and a dishonorable discharge, MarSOC spokesman Maj. Jeff Landis said.” The investigation has since extended into the Air Force and Army.
The point of this blog post is to show that even our military folks who take an oath of honor and are subject to very stiff penalties for violation of that oath are vulnerable to the same temptations as everyone. It is not enough to blindly trust people to do the right thing. While 99% may be honest and have integrity, there is always a small percentage that will give in to temptation. This is why it is so critical to “trust but verify” in security.
“I can neither confirm nor deny”; NSA + Google = Glomar Response May 12, 2012
Posted by Chris Mark in News, Risk & Risk Management, terrorism.Tags: Chris Mark, freedom of information act, Glomar, google, mark consulting group, NSA, privacy, security
add a comment
In a story on Foxnews it is revealed that a US Federal Appeals court has turned down a request under the Freedom of Information Act that would have forced the National Security Agency to disclose what, if any, relationship it has with Google and specifically a cyberattack against Google which originated in China. According to the story: “The Electronic Privacy Information Center, which focuses on privacy and civil liberties, sought communications between Google and the NSA, which conducts worldwide electronic surveillance and protects the U.S. government from such spying. But the NSA refused to confirm or deny whether it had any relationship with Google. The NSA argued that doing so could make U.S. government information systems vulnerable to attack.”
Now for some history- In April 1968, the Soviet Union’s K129 nuclear submarine sank. Seeing an opportunity to get some intelligence, the US CIA’s Special Activities Division came up with a plan known as Project Azorian. Using Howard Hughes’ company as a front, they commissioned the Hughes Glomar Explorer. Hughes claimed the ship was designed to extract minerals from the ocean floor. The HGE was sent to pick up the remains of the submarine and return them to the US. When the project came to light and the US Government was asked about the project, the response was: “I can neither confirm nor deny” the existence of such a project. Thus was born the Glomar Response or Glomar Denial…
“Pot…Meet Kettle”…Syria Urges UN to Stop Terrorism in Damascus (cough, cough) May 10, 2012
Posted by Chris Mark in News, terrorism, weapons and tactics.Tags: assad, Chris Mark, hezbolah, mark consulting group, security, syria, terrorism
1 comment so far
I had to comment on an article I just read on MSNBC.com titled: “Syria Urges UN to Stop 
‘Terrorism’ Following Damascus Blasts”. The basis of the article is that Assad’ government is claiming that the two bombs that went off in Damascus yesterday (35 killed and over 300 wounded) is evidence of “foreign terrorism”. According to the article: “Syria’s foreign ministry said the bombing was a sign the country is facing foreign-backed terrorism and called on the United Nations Security Council to take measures against countries or groups supporting violence in the revolt against President Bashar Assad.” While I try to keep this blog professional and on the up and up, I do have to say that Syria sure has some…(ahem)…cajones to make a plea like that. “Syria stresses the importance of the UNSC taking measures against countries, groups and news agencies that are practicing and encouraging terrorism,” the state news agency SANA quoted the ministry as saying in a letter addressed to the Security Council. Lets take a spin over to the Council on Foreign Relations website to investigate our friends in Syria. (not the citizens but the government).
Does Syria support terrorism? (from the CFR website) (more…)
Global Security, Privacy, & Risk Management 