All’s Fair in Love & (Cyber) War September 17, 2012
Posted by Heather Mark in cyberespionage.Tags: cyberespionage, data security, Dr. Heather Mark, information security, InfoSec, Kapersky Lab, Stuxnet, Symantec
add a comment
A report released today suggests that the United States government is far more involved in the use of trojans and mal-ware than previously thought. The US had previously been linked to the Stuxnetvirus that wreaked havoc on the Iranian nuclear program. Speculation at that point was that the US and Israel had collaborated on the program in an effort to derail Iranian nuclear ambitions. I don’t think many were surprised to hear that supposition. Today, though, Kapersky Lab and Symantec announced that they have found evidence linking the US to three other, previously unknown viruses.
The use of covert operations on “enemy” governments dates back to the beginning of the civilization, really. Sun Tzu writes extensively about the subject and the use of “covert operatives” peppers Greek and Roman history, as well. These historical endeavors share a common purpose with the cyber-espionage that we see today – to gather data, or to provide data, that can be used to bring about the downfall of one’s enemy, or at least provide a significant advantage to the other side. It shouldn’t come as any surprise, then, that any country would make use of the available technology to conduct remote espionage operations.
We know that other countries, China in particular, has a specific focus on launching attacks on Intellectual Property of Western companies. A recent report in the Baltimore Sun highlights the countries singular focus on hiring cyber-soldiers (for lack of a better word): “Experts estimate that North Korea has as many as 1,000 cyber warfare agents working out of China and is recruiting more every day.” When we know that our enemies are fully engaged in cyber-warfare tactics, it would be short-sighted and naive to believe that our government is not fighting back.
“The Rise of Cyber Espionage” – The Counter Terrorist Magazine August 5, 2012
Posted by Chris Mark in cyberespionage, cybersecurity, terrorism.Tags: chinese hackers, Chris Mark, Counter Terrorist Magazine; RSA, cyberespionage, data security, deterrence theory, Homeland1, InfoSec, IP Theft, Rise of CyberEspionage, risk management, SSI, terrorism
2 comments
UPDATE: I want to thank The Counter Terrorist magazine staff for including attribution to the article. They quickly corrected a mistake and the inaccuracy. Kudos!
Chris Mark (that is me;) has an article in the June/July 2012 issue of The Counter Terrorist Magazine. The article is titled: “The Rise of Cyber Espionage” and provides an overview of the current cyber espionage issues being faced by US businesses today. The article covers the breach at RSA to the subsequent attacks at Lockheed Martin, General Dynamics and others as examples of the types of attacks being faced by state sponsored cyber espionage groups. While this magazine may be new for some readers of this particular blog, it in its 4th year and is filled with great information for military, law enforcement, first responders, and even businesses. This particular issue is 76 pages of information covering Iran’s Nuclear Objectives, Cyber Espionage, First Responder Intelligence, Intelligence for Terror, and a number of great product reviews and other information. The magazine is subscription based but if you are interested in a copy of this particular issue, leave a comment with your email and other contact information and I can forward a free ezine.
“123456, password, welcome” – Yahoo Password Posted Online July 12, 2012
Posted by Chris Mark in News, PCI DSS, Risk & Risk Management.Tags: data breach, encryption, hash, InfoSec, markconsultinggroup.com, password, risk, security, yahoo
add a comment
A story today on MSNBC says that Yahoo Voices was compromised and 450,000 usernames/password posted online. Not surprisingly, the passwords were not hashed or otherwise protected using encryption. While the posting of passwords is nothing new what is interesting is what the researchers found when looking at user generated passwords. The most common passwords were ‘123456’ followed by ‘password’ and ‘welcome’. Fully 1/3 of the passwords used lower case letters only. Here is where I get on my soapbox. According to the story:
“Yahoo! Voices’ administrators made a big mistake storing the passwords in plaintext, but all users need to bolster their own security as well. Make passwords harder to guess by making them more than eight characters long, and pepper them with upper-case letters, numbers and punctuation marks.”
First, strong passwords would not have helped because YAHOO WAS STORING THEM IN CLEARTEXT!..and they were stolen! Second, the company should enforce strong passwords. While all users should use strong passwords, when dealing with 450K users it is prudent to understand that either some users aht a will not understand what a strong password is or will simply ignore the directions. Yahoo should have forced strong passwords…
“See, Hear & Speak no Evil”- Google Censorship Requests June 18, 2012
Posted by Chris Mark in Industry News, privacy.Tags: Censorship, cybersecurity, freedom of speech, google, InfoSec, mark consulting group, privacy, requests, satire
1 comment so far
Google today released information related to the censorship requests by Governments around the Globe. While many are familiar with China and other nations restricting access, it is interesting to see so many “Western” countries requesting censorship. An interesting example is the Canadian Government requesting the removal of “…YouTube video of a Canadian citizen urinating on his passport and flushing it down the toilet. “ To their credit, Google did NOT comply with this request. In another request, Google “…received a request from the Central Police in Italy to remove a YouTube video that satirized Prime Minister Silvio Berlusconi’s lifestyle.” Again, Google did not comply. The interesting part of these requests is that they request removal of material that is typically considered a right of free speech and protest. Satire has been used as a form of protest in West for centuries (look at Voltare, Oscar Wilde…etc.etc.) and civil disobedience (urinating on a passport, is a good example) has certainly been used as form of protest. One has to wonder whether how much more information ‘free’ governments have kept from the public. You can see the Google removal requests here.
Collective Security & the Payment System June 11, 2012
Posted by Heather Mark in Laws and Leglslation, PCI DSS, Politics.Tags: collective security, compliance, Dr. Heather Mark, InfoSec, InfoSec & Privacy, mark consulting group, PCI, PCI DSS, treaty of westfalia
1 comment so far
I recently attended an event focused on payment security and fraud prevention. It was an outstanding event and the presentations and panels were incredibly valuable – not something that I frequently say about payment security events these days. However, one term came up a couple of times that got me thinking. That term was “collective security.” As many of you know, I have a background in public policy and my dissertation was, in fact, on US foreign policy and our strategic interests abroad, so the mention of collective security set off my poli sci radar. But I wondered if collective security was really an appropriate phrase for what we’re doing in the payments industry. To address that question, it is necessary to first define collective security in its traditional sense.
Collective security was first formally introduced by the Peace of Westphalia in 1648, a series of treaties that put an end to a number of wars that had been plaguing Europe. Very simply put, collective security is an arrangement in which all stakeholders agree that their security depends upon the security of each of the other stakeholders. (more…)
Global Security, Privacy, & Risk Management 