jump to navigation

“Semper Fi?” – Marines Convicted of Selling Weapons to Gangs & China May 15, 2012

Posted by Chris Mark in News, terrorism, weapons and tactics.
Tags: , , , , , , , , ,
1 comment so far

As a former Marine, this is a difficult story for me to write. It does however highlight the importance of the concept of “trust but verify” within security.  As reported in the Jacksonville Daily News, a 2 year investigation by the Naval Criminal Investigation Service (NCIS) has uncovered an operation where 49 Marines and 21 civilians stole and then sold almost $2 million worth of weapons and equipment.  Many of the Marines were stationed at Camp Lejeune, NC and much of the gear was sold on eBay, Craigslist or in face to face meetings.    One of the Marines was a member of the elite Marines Special Operations Command and served with the 3rd Special Operations Battalion.  As stated in the article: “Sgt. Daniel Adam Reich, a former member of 3rd Marine Special Operations Battalion, was convicted of selling and attempting to sell military property and conspiracy. He was sentenced to 40 months in prison and a dishonorable discharge, MarSOC spokesman Maj. Jeff Landis said.” The investigation has since extended into the Air Force and Army. 

The point of this blog post is to show that even our military folks who take an oath of honor and are subject to very stiff penalties for violation of that oath are vulnerable to the same temptations as everyone.  It is not enough to blindly trust people to do the right thing.  While 99% may be honest and have integrity, there is always a small percentage that will give in to temptation.  This is why it is so critical to “trust but verify” in security.

“RSA Doesn’t Dine Alone” – China Suspected In Pipeline Attack May 13, 2012

Posted by Chris Mark in cybersecurity, InfoSec & Privacy, terrorism.
Tags: , , , , , , , , ,
add a comment

For background on this story, please read the previous post, as well as an earlier post titled: “Cyberattack underway against US Pipelines”. While the timing of this story is fortuitous for this author, the event is frightening.  According to the Christian Science Monitor “Those analyzing the cyberspies who are trying to infiltrate natural-gas pipeline companies have found similarities with an attack on a cybersecurity firm a year ago. At least one US government official has blamed China for that earlier attack.”  The referenced security firm is RSA.   Again quoting CSM: “Investigators hot on the trail of cyberspies trying to infiltrate the computer networks of US natural-gas pipeline companies say that the same spies were very likely involved in a major cyberespionage attack a year ago on RSA Inc., a cybersecurity company. And the RSA attack, testified the chief of the National Security Agency (NSA) before Congress recently, is tied to one nation: China.”

Anyone who doubt that the US is under attack by  China should read about the attacks against Dupont, RSA, Lockheed Martin, and more.

“Communist Chinese Cyber-Attacks, CyberEspionage and Theft of American Technology” May 13, 2012

Posted by Chris Mark in cybersecurity, Data Breach.
Tags: , , , , , , , , ,
1 comment so far

Since it is Mother’s day, I will not ramble on with inane commentary 😉  Instead, here is a link to the report of the same name as the blog title (too lazy to retype)…from the 112 Congress’ Congressional Hearing before the Subcommittee on Oversight and Investigations of the Committee of Foreign Affairs; House of Representatives.   It is very interesting and provides some valuable insight into IP theft.  Don’t forget to thank Mom today!

“I can neither confirm nor deny”; NSA + Google = Glomar Response May 12, 2012

Posted by Chris Mark in News, Risk & Risk Management, terrorism.
Tags: , , , , , , ,
add a comment

In a story on Foxnews it is revealed that a US Federal Appeals court has turned down a request under the Freedom of Information Act that would have forced the National Security Agency to disclose what, if any, relationship it has with Google and specifically a cyberattack against Google which originated in China.  According to the story: “The Electronic Privacy Information Center, which focuses on privacy and civil liberties, sought communications between Google and the NSA, which conducts worldwide electronic surveillance and protects the U.S. government from such spying. But the NSA refused to confirm or deny whether it had any relationship with Google. The NSA argued that doing so could make U.S. government information systems vulnerable to attack.”

Now for some history- In April 1968, the Soviet Union’s K129 nuclear submarine sank.  Seeing an opportunity to get some intelligence, the US CIA’s Special Activities Division came up with a plan known as Project Azorian.  Using Howard Hughes’ company as a front, they commissioned the Hughes Glomar Explorer.  Hughes claimed the ship was designed to extract minerals from the ocean floor.  The HGE was sent to pick up the remains of the submarine and return them to the US.  When the project came to light and the US Government was asked about the project, the response was: “I can neither confirm nor deny” the existence of such a project.  Thus was born the Glomar Response or Glomar Denial…

“Doing Time Before Being Convicted?” – Analyist Accuses Merchant of PCI Non-Compliance May 11, 2012

Posted by Chris Mark in cybersecurity, Data Breach, Industry News, InfoSec & Privacy.
Tags: , , , , , , ,
add a comment

I wrote this in May 2012.  Given the current position in the industry if proclaiming victims of cybercrime to be wholly responsible, I thought it appropriate to publish again.

I was reading a an article on BankInfoSecurity.com titled: “Online Retailer Breached”.  I am taken aback at the attitude of the quoted analyst.  A Gartner analyst took a very bold step of accusing the merchant of “non compliance” then seemingly qualifying his statement by adding: “The attacker was probably able to attack unencrypted card numbers,” he says. “But given the lack of details, it’s hard to say for certain.” (more…)