Something
my Computer Security students should read carefully.
Stopping
Hackers in Their Tracks
A
nightmare scenario for many organizations recently became one
Atlanta-based tech company’s reality. But the
steps the company took before and after their sensitive data was
stolen by a hacker in 2018 helped the FBI identify and
arrest the culprit.
Christian
Kight used his computer programming skills to hack into various
businesses for money while on parole for previous crimes. Kight
downloaded scripts from hacker forums and used them to attack company
networks.
In
the case of the Atlanta company, Kight spent a few weeks hacking into
the company’s network, using various tactics to hide his identity.
He then downloaded the data to his own computer and deleted it from
the company’s systems.
Once
he had the data, Kight emailed the company’s CEO to demand payment
in exchange for the data—but he insisted that it wasn’t
extortion.
“And
no, I’m really NOT an extortionist, I would like to see how much
you think it’s worth, and if it’s fair, we’ll leave it at
that,” Kight wrote, according to court documents.
But
whether you call it extortion or not, stealing data and demanding
money to have it returned is illegal.
“The
data that he took is really valuable,” said Special Agent Tyson
Fowler, who investigated this case out of the FBI’s Atlanta Field
Office. “He threatened to release this data if they didn’t pay
him the ransom.”
The
company contacted the FBI and got to work on both restoring their
data and assisting in the investigation. Fortunately, the company had
a robust backup system, so employees restored the data within days.
Additionally,
the company shared critical
information from its network’s access logs and other
records, which helped the FBI track the IP address of the hacker.
After getting a search warrant based on that information, agents
found overwhelming evidence against Kight in his San Clemente,
California home.
“In
the cyber world, it’s very hard to secure a network to the point
that it’s never breachable, but you can make it as difficult as
possible to break in,” Fowler said.
If
someone does break into a network, having strong activity logging on
the network in place beforehand can help authorities track the
hacker.
The
cooperation from the victim company was critical in this case.
Last
December, Kight pleaded guilty to extortion, computer fraud, and wire
fraud. He was sentenced in March to more than seven years in prison.
Source:
The FBI
Who
do you want to win and by how much?
Feds,
states unveil pilot program meant to secure voter databases and other
election systems
… The
pilot program will focus on making the software that’s used in
election systems more secure as it is developed, and before it is
deployed. The aim is to close a gap in security testing for the
broad set of election infrastructure outside of voting machines,
which are already the subject of voluntary
federal security guidelines.
“There
is no standard process for verifying that non-voting election
technology is secure, reliable, and usable,” said the
nonprofit Center for Internet Security, which is spearheading the
pilot program.
(Related)
Online
Voting Platform in Three U.S. States Vulnerable to Multiple Types of
Attacks
Security
researchers from the Massachusetts Institute of Technology (MIT) and
the University of Michigan found numerous security issues and
vulnerabilities within Democracy Live’s OmniBallot platform.
The
COVID-19 pandemic is pushing more states to look into the possibility
of letting constituents vote online. Some states in the U.S. already
have this option, while others are adapting existing systems to suit
their needs. The same is true for the OmniBallot platform, which is
used for blank ballot delivery, ballot marking, and (optionally)
online voting.
A
wise reversal of strategy.
Zoom
says free users will get end-to-end encryption after all
If
they can do this, what else follows?
FB
Claims Pivot from 2016 Election Tactics to one of user choice
… After
announcing
this feature earlier
this year we are now making it available as part of our preparations
for the 2020 US elections. Starting
today for some people and rolling out to everyone in the US over the
next few weeks, people will be able to turn off all social issue,
electoral or political ads from candidates, Super PACs or other
organizations that
have the “Paid
for by” political disclaimer on them.
You can do this on Facebook or Instagram directly from any political
or social issue ad or through each platform’s ad settings.
However, we
know our system isn’t perfect.
So if you’ve selected this preference and still see an ad that you
think is political, please click the upper right corner of the ad and
report it to us…”
No comments:
Post a Comment