Porn, Steganography & Al Qaeda = Bad News May 2, 2012
Posted by Chris Mark in InfoSec & Privacy, Risk & Risk Management, terrorism.Tags: al qaeda, Chris Mark, cybersecurity, data security, InfoSec, mark consulting group, steganography, terrorism
add a comment
“Believe half of what you see and nothing that you hear”…Benjamin Franklin
Recently it was disclosed that German cryptographers had managed to decipher plans taken from an Al Qaeda operator who had a memory card confiscated. According to the story: “On May 16 last year, a 22-year-old Austrian named Maqsood Lodin was being questioned by police in Berlin. He had recently returned from Pakistan via Budapest, Hungary, and then traveled overland to Germany. His interrogators were surprised to find that hidden in his underpants were a digital storage device and memory cards. Buried inside them was a pornographic video called “Kick Ass” — and a file marked “Sexy Tanja.” “ As stated on Gary Kessler’s website: (more…)
(UPDATE)-“Interesting” Logic & Analysis – Verizon’s 2012 Data Breach Report April 17, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy, terrorism.Tags: anonymous, Chris Mark, CSOonline, cybercrime, hacktivism, InfoSec, mark consulting group, security, Verizon data breach report
2 comments
I received a very insightful comment from one of the Verizon authors and thought it prudent to share. I think this explanation is very helpful for companies looking at infosec controls. Here it is, in part(emphasis added): “You make a valid point about the fact that a determined attacker would simply try again if the first attempt failed. However, our finding that most breaches are avoidable through relatively simple controls doesn’t overlook this as you suggest. Our data show that most criminals aren’t determined to breach a particular victim and likely won’t try again if met with decent resistance. In fact, the extreme opportunistic nature of target selection means they likely won’t even be attacked w certain controls in place because automated probes will skip on down the street after jiggling the door handle a bit.“ You can read the full comment, in ‘comments’. The entire post is you continue reading. (more…)
“Privacy, Terrorism, Blowback, and Crime” – Where to start? April 10, 2012
Posted by Chris Mark in Industry News, Laws and Leglslation, terrorism.Tags: al qaeda, Chris Mark, fox news, mark consulting group, Raptor, security, terrorism
add a comment
There is an interesting story on the front page of Foxnews this morning where a self-proclaimed patriot hacker who calls himself “The Raptor” is “…waging his own war on terror..” by taking down online forums used by Al Qaeda sympathizers. Certainly, known, and admitted terrorist organizations are not in the public interest. This blog is not justifying their position their tactics, or anything else they do.
The purpose of this post is to question the value of an individual (if you believe his tweets) taking unilateral action and then basking in the attention given to his actions. While vigilante actions may have a visceral appeal to many (including this author, at times) do actions such as this exacerbate the situation? Additionally, one has to ask whether he is right in taking unilateral action? As an American my gut reaction is to applaud the person but upon closer review, I don’t know if his actions are positive or altruistic.
In espionage there is a term called Blowback that refers to the unintended consequences of a covert action. (more…)
Richard A. Clarke: Every Major US Company has been Hacked by China March 31, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy, Risk & Risk Management, terrorism.Tags: china, cyber espionage, cyber war, cybersecurity, information security, PCI DSS, richard a clarke, Stuxnet
add a comment
According to an article and interview on FastCompany, Counter terrorism expert, and best selling author, Richard Clarke has gone on the record claiming that “…every major company in the United States has already been penetrated by China.” Mr. Clarke served under three presidents and currently runs a cybersecurity organization called Good Harbor. He is the author of CyberWarfare and several other books. You can read his interview in Smithsonianmag.com. One of his more compelling statements is:
“My greatest fear is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese. And we never really see the single event that makes us do something about it. That it’s always just below our pain threshold. That company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China….After a while you can’t compete.”
Risk 102: “Security Ain’t Safefy”; Putting Risk In Context March 26, 2012
Posted by Chris Mark in Industry News, InfoSec & Privacy, Risk & Risk Management, terrorism.Tags: airline safety, Chris Mark, cybersecurity, mark consulting group, risk, risk management, safety, security
add a comment
In reading through the volumes of blogs, and Linkedin comments on security and risk management a common theme appeared. When talking about risk management at it applies to security there appears to be a temptation to use the same models and methodologies as those used in safety risk management. Make no mistake, safety risk management is critical and both aspects may overlap from time to time. Whether analyzing auto accident risks, designing industrial equipment or other aspect, it is important to understand and analyze the risk of the activity. The difference lies in the catalyst for the events in question. (more…)
Global Security, Privacy, & Risk Management 