jump to navigation

Don’t be “pwned”- InfoSec 101 November 7, 2011

Posted by Chris Mark in Uncategorized.
Tags: , ,
add a comment

pwned is a term that originated in online gaming and has been adopted by hackers.  It is pronounced ‘owned’ and the origin of the misspelling is not important but you can read about it here.  At a high level to be pwned means to be controlled.  If your 15 inch MacBook Pro laptop is infected with a backdoor program it is fair to say you have been pwned. Back Orifice (a play on MS’s Back Office) is one of the original backdoor programs. Whey is this important?

Companies and people are often under the mistaken belief that cyber criminals are only interested in servers that contain sensitive data.  In truth, user systems often contain information which is valuable.  Users often store usernames and passwords on their desktops and laptops.  Additionally, users often use their email to freely discuss information that can provide significant value to an adversary.  Consider a situation where an executive is discussing new product plans for an upcoming iteration.  Competitors (unethical competitors) would value this information.  It is estimated that intellectual property theft costs the UK 27 billion Pounds annually.

On another note, law enforcement may also have an interest in what is on a personal computer.  While laws vary, under the right circumstances, law enforcement can also track activity on personal computers.  While EU laws are much more strict in this regard, some US companies also track user behavior.  Installing tracking software that can record screenshots, key strokes, and email is a relatively simple process.  While being lawfully monitored and pwned are not the same, the technologies used are similar.

How do you know if you have been pwned?  Well…most of the time you won’t unless the other side wants you to know to send a message.  Often, anomalous activity on your system can be an indication that your system is infected with some form of malware. BlueCoat estimated in 2010 that 48% of systems were infected with malware.  Recent estimates have put the estimates as high as 80%.

So what to do?  Ensure that you use your work system for work and are careful about emailing sensitive info on an ‘untrusted’ system.  Ensure that you keep your system updated with malicious software protection.  Ensure you use a firewall with appropriate rules.  Use complex password.  It is important to remember that once your system is ‘owned’ it is very difficult to repair and have confidence in the system’s security.

Piracy Delaying Food Aid November 4, 2011

Posted by Chris Mark in Piracy & Maritime Security, Uncategorized.
Tags: , , , ,
add a comment

It is well known that some, if not many, Somali pirates, when hijacking vessels, have claimed to represent the “Somali Coast Guard” and other “Somali Interests”.  At the recent Combating Piracy event in London the attendees were told numerous tales about Europeans, Asians, and other who illegally fished the Somali waters and were therefore the cause of the piracy (at least a major cause).  While there is little debate that economic issues are the root cause of many Somalis joining the ranks of pirates, piracy is now beginning to adversely affect the very Somalis that many pirates claim to represent.  According to an article on CNN, piracy is delaying needed food aid to the Horn of Africa. Over 12 million people in the Horn of Africa require some form of food aid. According to Professor Mthuli Ncube, who fulfills a dual role as the bank’s chief economist and vice president the African Development Bank:

“[Piracy] affects the transit of food quickly, where it’s needed by refugees. It also brings up the costs of transporting the food and it goes beyond that into tourism, into the exploitation of hydro-carbons … the issue around fishing and so forth.  But more urgently it is about delivery of food that is being affected.”

Combating Piracy Week London 2011 October 22, 2011

Posted by Chris Mark in Piracy & Maritime Security, Uncategorized.
Tags: , , , , ,
add a comment

I am currently flying back from London on Delta after returning from Piracy Week.  While we will provide a more in-depth update later I wanted to capture some comments.  Overall the event was well worth the investment and was a very well attended event.  Hanson Wade did a great job of managing the event and encouraging networking.  I have spoken at well over 100 events in the past 10 years and I would say this was in the top 5%.  Marie, James, Jethro, Sara, David, Miles and crew at HW did a great job.

The lineup of speakers was impressive as were the attendees.  All speakers showed and provided some very good information.  Some of the speakers included representatives from the Somali Government, as well as the UN, UKPTO, and IMO, among others.  Of course, I (Chris Mark) was a speaker at the event.  Even competitors such PVI, and Salama Fakira had speakers, as did other companies such as Rubicon advisors. Both Conrad and Dom provided very valuable information.

Attendees included numerous shipping companies and representatives.  The overall view was that armed security is an important component of the overall security strategy.  Numerous speakers confirmed that no armed vessels have been hijacked to date.

Overall, I would suggest that any ship owner or other stakeholder with a real interest in security may want to consider attending a Piracy Week event hosted by Hanson Wade.  The hosts are great, the speakers are good and the attendees are bright and committed.

Against The Gods. The Remarkable Story of Risk October 14, 2011

Posted by Chris Mark in Uncategorized.
Tags: , , , ,
add a comment

As I am preparing for my presentation next week I was reminded of a book that I recommend all risk managers and security professionals read.  It is a book by Peter Bernstein called Against the Gods. The Remarkable Story of Risk.  You can get it at Amazon.com here.  While the book sounds dry, it is really a very fascinating look at the history of risk in humanity.  One of the examples is that of the title.  Before people really understood the concept of probability they had no real way of making calculated decisions such as when to sail across the seas.  In essence, you would pray to the gods that you would make it across the north Atlantic and…if the Gods were on your side you made it…if not…you didn’t.  Then one day someone said: “Hey…it seems like the gods are against us more often during certain times of the year than others…”  This was the origin of probability theory.  As you can imaging probability theory really came into fashion when people were trying to win at ‘games of chance’ which, as we know now, we are not really random rather based upon probability.  Overall, it is a great read and I highly recommend for the library.

As West Africa Piracy Increase….Naval Forces to Decrease in 2012 October 12, 2011

Posted by Chris Mark in Piracy & Maritime Security, Uncategorized.
Tags: , , , , ,
add a comment

In what is sure to be a winning combination, piracy in West Africa is increasingly substantially while Lloyds list today published an article indicating that Naval support for anti-piracy efforts will decrease sharply in 2012.  It was announced todaythat another vessel was hijacked off the coast of Nigeria.  According to the IMB a tanker was hijacked off the coast of Nigeria.  A spokesperson for the IMB stated: “The vessel is still under captivity…We believe the crew is still on board,” according to the official of the piracy watchdog, who added that there was “no indication that the crew has been taken away”.

While Somali pirates are becoming increasingly violent and desperate as attacks are thwarted and piracy on the West Coast of Africa is increasing, the international community has seen fit to decrease the presence in high risk waters.  Reasons given are austerity measures being enacted as well as the need for vessels to support operations in Libya and other areas in the Middle East and North Africa.  Regardless of the reasons, the end result is likely to be the same.  Increases in pirate attacks on merchant vessels.  It is imperative that ship owners and other stakeholders consider the use of armed guards on their vessels as 2012 is sure to see a marked increase in piracy on both the East and West coasts of Africa.