Thursday, June 18, 2020


Something my Computer Security students should read carefully.
Stopping Hackers in Their Tracks
A nightmare scenario for many organizations recently became one Atlanta-based tech company’s reality. But the steps the company took before and after their sensitive data was stolen by a hacker in 2018 helped the FBI identify and arrest the culprit.
Christian Kight used his computer programming skills to hack into various businesses for money while on parole for previous crimes. Kight downloaded scripts from hacker forums and used them to attack company networks.
In the case of the Atlanta company, Kight spent a few weeks hacking into the company’s network, using various tactics to hide his identity. He then downloaded the data to his own computer and deleted it from the company’s systems.
Once he had the data, Kight emailed the company’s CEO to demand payment in exchange for the data—but he insisted that it wasn’t extortion.
And no, I’m really NOT an extortionist, I would like to see how much you think it’s worth, and if it’s fair, we’ll leave it at that,” Kight wrote, according to court documents.
But whether you call it extortion or not, stealing data and demanding money to have it returned is illegal.
The data that he took is really valuable,” said Special Agent Tyson Fowler, who investigated this case out of the FBI’s Atlanta Field Office. “He threatened to release this data if they didn’t pay him the ransom.”
The company contacted the FBI and got to work on both restoring their data and assisting in the investigation. Fortunately, the company had a robust backup system, so employees restored the data within days.
Additionally, the company shared critical information from its network’s access logs and other records, which helped the FBI track the IP address of the hacker. After getting a search warrant based on that information, agents found overwhelming evidence against Kight in his San Clemente, California home.
In the cyber world, it’s very hard to secure a network to the point that it’s never breachable, but you can make it as difficult as possible to break in,” Fowler said.
If someone does break into a network, having strong activity logging on the network in place beforehand can help authorities track the hacker.
The cooperation from the victim company was critical in this case.
Last December, Kight pleaded guilty to extortion, computer fraud, and wire fraud. He was sentenced in March to more than seven years in prison.
Source: The FBI




Who do you want to win and by how much?
Feds, states unveil pilot program meant to secure voter databases and other election systems
The pilot program will focus on making the software that’s used in election systems more secure as it is developed, and before it is deployed. The aim is to close a gap in security testing for the broad set of election infrastructure outside of voting machines, which are already the subject of voluntary federal security guidelines.
There is no standard process for verifying that non-voting election technology is secure, reliable, and usable,” said the nonprofit Center for Internet Security, which is spearheading the pilot program.


(Related)
Online Voting Platform in Three U.S. States Vulnerable to Multiple Types of Attacks
Security researchers from the Massachusetts Institute of Technology (MIT) and the University of Michigan found numerous security issues and vulnerabilities within Democracy Live’s OmniBallot platform.
The COVID-19 pandemic is pushing more states to look into the possibility of letting constituents vote online. Some states in the U.S. already have this option, while others are adapting existing systems to suit their needs. The same is true for the OmniBallot platform, which is used for blank ballot delivery, ballot marking, and (optionally) online voting.




A wise reversal of strategy.
Zoom says free users will get end-to-end encryption after all




If they can do this, what else follows?
FB Claims Pivot from 2016 Election Tactics to one of user choice
After announcing this feature earlier this year we are now making it available as part of our preparations for the 2020 US elections. Starting today for some people and rolling out to everyone in the US over the next few weeks, people will be able to turn off all social issue, electoral or political ads from candidates, Super PACs or other organizations that have the “Paid for by” political disclaimer on them. You can do this on Facebook or Instagram directly from any political or social issue ad or through each platform’s ad settings. However, we know our system isn’t perfect. So if you’ve selected this preference and still see an ad that you think is political, please click the upper right corner of the ad and report it to us…”



No comments: