I can't find any details that confirm this as
“sophisticated,” but every computer security manager would like
to believe they did not fall victim to a well known and easily
countered threat. If this was a simple spearfishing attack, the real
effort might be to find everyone who clicked on the malware link and
clean their computers to keep from re-infecting.
On July 28, CNN reported:
The unclassified email network used by Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, and hundreds of military and civilian personnel was taken offline over the weekend after suspicious activity was detected, the Pentagon confirmed to CNN on Tuesday.
Yesterday, The Daily Beast reported
that the attack was much worse than we might have thought from
initial reports:
The hacking of the Joint Chiefs of Staff email network on July 27 marked the “most sophisticated” cyberbreach in U.S. military history, Department of Defense officials concede. Various government officials are working to revamp parts of their network in response. In the meantime, officials have spent the last 10 days scrubbing the system and creating mock hacking scenarios before giving military personnel access to it again.
The attack on the Joint Staff network involved “new and unseen approaches into the network,” one of the defense officials told The Daily Beast. After scrubbing it, putting in new protections and red teaming potential attacks, “we are sharing the lessons learned with the rest of government.” According to a second defense official, the attack was a spear phishing attack targeting the personal information of scores of users. The attack was so sophisticated officials are investigating whether a “state entity” was involved, the official said.
So… is there any connection between the
disclosed attack and a recently claimed Department of Defense hack by
“Remember EMAD,” a group that has been described as a “joint
Lebanese and Iranian effort – high likely state-backed” (Network
Security Report). Since August 1, when Remember EMAD said they
would be dumping data, they’ve not posted anything that I’ve
found so far, but I’m wondering whether the types of files they
describe would be found on the unclassified Joint Chiefs of Staff
network:
– deals with contractors
– products being discussed to send overseas to various geos
– id and social security of the dod personnel involved
Just a coincidence? Maybe (probably?), but if
anyone has additional details, please contact DataBreaches.net.
(Related) Maybe not so sophisticated.
Pentagon
shuts down Joint Chiefs' email network
… The Pentagon refused to release many details
about the attack, even what the "suspicious activity" was;
instead downplaying the hack as a
run-of-the-mill cyber
attack that caused minimal damage.
On those rare occasions when I venture into a
Target will they find the fact that I do not have a smartphone
threatening? Will they ask security to keep an eye on me, because
their automated systems can't?
The company is testing a network of beacons in 50
of its stores that will be able to tell where customers are in the
store and use that information to send targeted deals to their
smartphones.
… Following successes at SXSW
and NBA
games, and with companies like Apple and Facebook
pushing the technology, beacons seem poised to become the
next big thing in location technology. Retailers have
been especially interested in them. Corporations’ longstanding
dreams of Starbucks having your Frappuccino ready as soon as you’re
in the door or the Gap sending you a coupon as you walk by the
storefront are finally being made real. Or that’s what retailers
are hoping, at least.
Beacons can provide much more accurate location
information than GPS or Wi-Fi. Using GPS, a phone can tell where you
are on a street. Using
Bluetooth, a phone can tell where you are in a room —
close to a stereo that’s on sale, for example.
… It also likely means targeting customers
based on their previous shopping habits. It’s not surprising that
Target is an early adopter of beacons. It has already been so adept
at mining customer data that it could, notoriously,
predict when a customer was pregnant in order to mail them coupons.
Target is attempting to bring that kind of data to its physical
spaces and use this burgeoning technology to optimize the shopping
experience to save its customers money and time. And of course, it’s
going to learn a lot about them in the process.
Read and consider.
Dream of
Free and Open Internet Dying, Lawyer Says
… The annual Black Hat computer security
conference in Las Vegas kicked off Wednesday with a keynote address
from Jennifer Granick, director of Civil Liberties at the Stanford
Center for Internet and Society. Granick said that while the
Internet needs to be reasonably safe in order to be functional, it's
no longer the revolutionary place it was 20 years ago.
No one is murdering the dream of an open Internet,
she said, but it's withering away because no one is prioritizing its
protection. On top of that, new Internet users are coming from
countries whose citizens aren't protected by a Bill of Rights or a
First Amendment.
"Should we be worrying about another
terrorist attack in New York, or about journalists and human rights
advocates being able to do their jobs?" she asked.
Granick also railed against the federal Computer
Fraud and Abuse Act, which carries sentences of up to 10 years in
prison for a first-time offense. It does nothing to prosecute
countries like China that launch state-sponsored attacks against the
U.S. government and major companies, along with other dangerous
hackers based overseas, she said. But, she added, it often hits
small-time American hackers with unfairly harsh prison sentences.
I'm so confused. Different and differing rulings
every day.
A federal court ruled on Wednesday that the
government cannot obtain information about a cellphone's location
without a warrant.
The split
decision from the 4th Circuit Court of Appeals concluded that
warrantless searches of cellphone data are unconstitutional, a
victory for privacy advocates who have sought new protections for
people’s information.
“We conclude that the government’s warrantless
procurement of the [cell site location information] was an
unreasonable search in violation of appellants’ Fourth Amendment
rights,” Judge Andre Davis wrote on behalf of the majority of the
three-judge panel.
“Examination of a person’s historical [cell
site location information] can enable the government to trace the
movements of the cellphone and its user across public and private
spaces and thereby discover the private activities and personal
habits of the user,” he added. “Cellphone users have an
objectively reasonable expectation of privacy in this information."
For my Forensics students.
Obstructions
Vanish From Images Treated With New Software From MIT, Google
In a mesmerizing video, a researcher explains the
math behind what seems like magic — photographs in which the view
is obscured by things like chain-link fences and reflections become
free of clutter with just a few clicks.
Researchers at MIT and Google have created an
algorithm that uses multiple images taken from different angles to
separate foreground obstacles from the subject that's in the
background — anything from your favorite view or a sign in a window
on a bright day.
Europay, MasterCard, and Visa developed the
standard, and apparently used it to shift liability.
Many small
businesses not ready for EMV chip cards - Wells Fargo
In the quarterly small business survey, less than
half (49 percent) of small business owners who accept point-of-sale
card payments today report being aware of the October 1 liability
shift, the date when a card
issuer or merchant that does not support EMV chip card technology
will assume liability for any fraudulent point-of-sale card
transactions.
Tools & Techniques.
What is
Periscope and How Do I Use It?
Periscope,
the live streaming video mobile app purchased by Twitter in February
of 2015, has been the talk of the town since its official launch on
March 26.
… Simply put, Periscope enables you to “go
live” via your mobile device anytime and anywhere. The app enables
you to become your own “on the go” broadcasting station,
streaming video and audio to any viewers who join your broadcast.
… Once a broadcast is over, others can watch a
replay, and even provide feedback, within Periscope for up to 24
hours. After that, the broadcast is removed from the app.
Never fear however, each of your broadcasts can be
saved to your mobile device and, once you’ve got it there, it can
be published and shared online just like any other video.
Could be useful.
Microsoft
launches Sway out of preview along with new Windows 10 app, revamps
Docs.com for sharing Office files
Microsoft today announced
its content aggregation and presentation application Sway
has hit general availability. That means the digital storytelling
tool is launching out of preview for consumers and releasing to all
eligible Office 365 for business and
education customers worldwide. Microsoft is also
introducing a Sway app for Windows 10 and revamping Docs.com
for sharing not
only Sway files, but all
Office documents.
… Sway launched
as a preview in October 2014, becoming the first new app to join
the Office product family in years. The premise is simple: Let users
create presentations for the Web using text, pictures, and videos,
regardless of what device they’re using (phones, tablets, laptops,
PCs, and so on).
Students might use this to create Study Groups!
Naah.
Tinder’s
First Non-Dating Feature Is Speed Networking For Forbes’ 30 Under
30
… Forbes
is building a social networking app exclusively for these
millennial leaders, which will launch at its 30 Under 30 Summit in
Philadelphia on October 4. The goal is to stoke this community into
somewhat of an alumni network that attracts more powerful youngsters
to the Forbes empire. It will offer a directory of members, a feed
where they can post social media stories or polls, and the option to
message each other.
But to break the ice, Forbes worked with Tinder
and its co-founder Sean Rad who made the 30 list in 2014 to build a
speed-networking feature. Members can swipe through profiles of
fellow prodigies of both sexes, see their industry and description,
and if both people swipe right, they’ll be invited to chat.
Think supplemental if your school isn't using
these.
Open
Textbook Library
(Related)
Community
College Consortium for Open Educational Resources
My IT Governance students are giving presentations
on Saturday, I've got to remember this one! Thanks Dilbert.
No comments:
Post a Comment