Cybercrime

 

 

https://adminsm.asisonline.org/Pages/Cyber-as-Statecraft.aspxCyber as StatecraftGP0|#91bd5d60-260d-42ec-a815-5fd358f1796d;L0|#091bd5d60-260d-42ec-a815-5fd358f1796d|Cybersecurity;GTSet|#8accba12-4830-47cd-9299-2b34a43444652018-05-01T04:00:00Zhttps://adminsm.asisonline.org/pages/megan-gates.aspx, Megan Gates<p>​As organizers prepared to kick off the 2018 Winter Olympics with an opening ceremony in Pyeongchang, South Korea, featuring performers and thousands of athletes from around the world, security personnel were also hard at work behind the scenes.</p><p>Specifically, the cybersecurity team, which was responding to a cyberattack that would ultimately cause the official Winter Olympics website to be taken offline and disrupt TV and Internet systems for 12 hours. </p><p>The cyber team was able to mitigate and eventually stop the attack, which Cisco's Talos Intelligence blog assessed was designed to disrupt one of the most globally anticipated events of the year. "During destructive attacks like these there often has to be a thought given to the nature of the attack," according to Talos' analysis. "Disruption is the clear objective in this type of attack and it leaves us confident in thinking that the actors behind this were after embarrassment of the Olympic committee during the opening ceremony."</p><p>A post-incident investigation would later claim that Russia was behind the cyberattack, which was designed to appear to originate in North Korea. Some speculated that Russia targeted the Olympics because it was banned from participating in the 2018 games due to a major doping scandal involving its athletes and drug testing facilities.</p><p>The hack demonstrates a new threat era where world powers are increasingly using cyber means to further their goals or punish others for their actions. "The use of cyberattacks as a foreign policy tool outside of military conflict has been mostly limited to sporadic lower-level attacks," said U.S. Director of National Intelligence Daniel R. Coats in the annual Worldwide Threat Assessment of the U.S. Intelligence Community. "Russia, Iran, and North Korea, however, are testing more aggressive cyberattacks that pose growing threats to the United States and U.S. partners."</p><p>The assessment found that the "risk of interstate conflict" is now higher than at any time since the end of the Cold War, and that actors will use any means necessary—including cyber—to influence and shape outcomes. </p><p>"The risk is growing that some adversaries will conduct cyberattacks—such as data deletion or localized and temporary disruptions of critical infrastructure—against the United States in a crisis short of war," Coats wrote.</p><p>Adversaries that pose the greatest risk to the United States and its allies on the cyber front are Russia, China, Iran, and North Korea. </p><p>"These states are using cyber operations as a low-cost tool of statecraft, and we assess that they will work to use cyber operations to achieve strategic objectives unless they face clear repercussions for their cyber operations," according to Coats' analysis.</p><p>Russia. At the forefront of the intelligence community's list is Russia, which Coats said would likely conduct "bolder and more disruptive" cyber operations in 2018, using Ukraine as a testing ground. </p><p>The intelligence community has also expressed concern about Russia's efforts to influence or interfere with elections in the United States, France, Germany, and the United Kingdom. In a hearing before the U.S. Senate Intelligence Committee, all six U.S. intelligence agencies said they view Russia as a threat to the 2018 midterm elections. </p><p>"We have seen Russian activity and intentions to have an impact on the next election cycle," said CIA Director Mike Pompeo in his testimony, and Coats added that he has not seen a change in Russia's behavior since the 2016 election cycle when it engaged in a social media influence campaign (See Security Management "Cyber War Games," April 2017).</p><p>Following the U.S. presidential election in 2016, France and Germany saw Russia engage in similar social media efforts in an attempt to influence the outcomes of their elections.</p><p>Despite this threat, U.S. President Donald Trump has not directed National Security Agency (NSA) and Cyber Command Director Admiral Mike Rogers to prevent these kinds of attacks. However, some agencies have begun working in that direction. "Based on the authority that I have as a commander, I've directed the national mission force to begin some specific work…using the authorities I retain as a mission commander in this space," Rogers said, adding that he could only go into more detail in a classified setting.</p><p>In addition to its activity around elections, Coats also said Russia is likely to continue its activities in Ukraine, including disrupting its energy-distribution networks, hack-and-leak influence operations, distributed denial of service attacks, and false flag operations.</p><p>"In the next year, Russian intelligence and security services will continue to probe U.S. and allied critical infrastructures, as well as target the United States, NATO, and allies for insights into U.S. policy," Coats said in his assessment.</p><p>China. Along with the threat from Russia, Coats also said that China will likely use cyber espionage to support its national security priorities. </p><p>"Most detected Chinese cyber operations against U.S. private industry are focused on cleared defense contractors or IT and communications firms whose products and services support government and private sector networks worldwide," Coats wrote. "China since 2015 has been advancing its cyber attack capabilities by integrating its military cyberattack and espionage resources in the Strategic Support Force (SSF), which it established in 2015."</p><p>While many details about the SSF are unknown, research by the RAND Corporation found that it was designed to integrate China's space program and cyber and electronic warfare capabilities.  </p><p>"…the creation of the SSF suggests that information warfare, including space warfare, long identified by [China's] analysts as a critical element of future military operations, appears to have entered a new phase of development…one in which an emphasis on space and information warfare, long-range precision strikes, and the requirements associated with conducting operations at greater distances from China has necessitated the establishment of a new and different type of organization," it said in its recent report, The Creation of the PLA Strategic Support Force and Its Implications for Chinese Military Space Operations.</p><p>Iran. While Iran has not been publicly linked to any major cyberattacks, the U.S. intelligence community predicts that it will continue to engage in cyber activity. Specifically, Coats' assessment said Iran will focus on penetrating U.S. and allied networks to position itself for future attacks.</p><p>"Tehran probably views cyberattacks as a versatile tool to respond to perceived provocations, despite Iran's recent restraint from conducting cyberattacks on the United States or Western allies," Coats wrote. "Iran's cyberattacks against Saudi Arabia in late 2016 and 2017 involved data deletion on dozens of networks across government and the private sector."</p><p>Those attacks, for instance, were on Saudi Aramco and used malware to manipulate corporate safety systems and cause physical damage to company sites, according to analysis by cyber firm FireEye.</p><p>"The targeting of critical infrastructure to disrupt, degrade, or destroy systems is consistent with numerous attack and reconnaissance activities carried out globally by Russian, Iranian, North Korean, U.S., and Israeli nation state actors," FireEye said in a blog post about the incident. "Intrusions of this nature do not necessarily indicate an immediate threat to disrupt targeted systems and may be preparation for a contingency."</p><p>North Korea. As of <em>Security Managemen</em>t's press time, U.S. President Trump had agreed to meet with North Korean Leader Kim Jong-un to discuss denuclearization efforts. However, the intelligence community continues to view the North Korean regime as a threat.</p><p>In its analysis, it said that North Korea would likely use cyber means to raise funds and gather intelligence, or launch attacks on South Korea and the United States. </p><p>For instance, several nations—including the United States—have accused North Korea of developing and launching the WannaCry ransomware attack that spread across the globe, hitting scores of organizations and the healthcare sector. </p><p>"Pyongyang probably has a number of techniques and tools it can use to achieve a range of offensive effects with little or no warning, including distributed denial of service attacks, data deletion, and deployment of ransomware," Coats said in his analysis.</p><p>Other actors. Along with nation-state actors, Coats also expressed concerns about terrorist groups using cyber means to organize, recruit, spread propaganda, raise money, and coordinate operations. ​</p><p>"Given their current capabilities, cyber operations by terrorist groups most likely would result in personally identifiable information disclosures, website defacements, and denial-of-service attacks against poorly protected networks," Coats said.</p><p>Additionally, Coats said that criminals will continue to provide services for hire to enable cybercrime. One recent example of this was Russia's tactic of hiring threat actors to act as trolls to spread propaganda on social media in an effort to influence Western elections.</p><p>"We expect the line between criminal and nation-state activity to become increasingly blurred as states view cyber criminal tools as a relatively inexpensive and deniable means to enable their operations," declared Coats in the threat assessment.</p>

Cybercrime

 

 

https://adminsm.asisonline.org/Pages/The-Problem-with-Bots.aspx2018-04-01T04:00:00ZThe Problem with Bots
https://adminsm.asisonline.org/Pages/Global-Cyber-Awareness.aspx2018-01-01T05:00:00ZGlobal Cyber Awareness
https://adminsm.asisonline.org/Pages/Held-Hostage-.aspx2017-12-01T05:00:00ZHeld Hostage
https://adminsm.asisonline.org/Pages/An-Identity-Crisis.aspx2017-12-01T05:00:00ZAn Identity Crisis
https://adminsm.asisonline.org/Pages/Cutting-Edge-Criminals.aspx2017-12-01T05:00:00ZCutting-Edge Criminals
https://adminsm.asisonline.org/Pages/Driving-the-Business.aspx2017-10-01T04:00:00ZDriving the Business
https://adminsm.asisonline.org/Pages/Klososky-Opines-on-the-Future-of-Technology.aspx2017-09-27T04:00:00ZKlososky Opines on the Future of Technology
https://adminsm.asisonline.org/Pages/Hackers-Hit-Equifax,-Compromising-143-Million-Americans’-Data.aspx2017-09-08T04:00:00ZHackers Hit Equifax, Compromising 143 Million Americans’ Data
https://adminsm.asisonline.org/Pages/Data-Breach-Trends.aspx2017-08-01T04:00:00ZData Breach Trends
https://adminsm.asisonline.org/Pages/Book-Review---Data-Hiding.aspx2017-08-01T04:00:00ZBook Review: Data Hiding
https://adminsm.asisonline.org/Pages/Vulnerability-Rediscovery-Occurs-At-More-Than-Twice-The-Previously-Reported-Rate.aspx2017-07-21T04:00:00ZVulnerability Rediscovery Occurs At More Than Twice The Previously Reported Rate
https://adminsm.asisonline.org/Pages/Business-Theft-and-Fraud--Detection-and-Prevention.aspx2017-07-17T04:00:00ZBook Review - Business Theft and Fraud: Detection and Prevention
https://adminsm.asisonline.org/Pages/Survey-Of-InfoSec-Professionals-Paints-A-Dark-Picture-Of-Cyber-Defenses.aspx2017-07-07T04:00:00ZSurvey Of InfoSec Professionals Paints A Dark Picture Of Cyber Defenses
https://adminsm.asisonline.org/Pages/Ukraine-Among-Countries-Affected-by-Petya-Ransomware-Attack-.aspx2017-06-27T04:00:00ZUkraine Among Countries Affected by Petya Ransomware Attack
https://adminsm.asisonline.org/Pages/Average-Cost-of-Data-Breach-Declines-Globally-First-Time.aspx2017-06-20T04:00:00ZAverage Cost of Data Breach Declines Globally for First Time
https://adminsm.asisonline.org/Pages/EU-Needs-Comprehensive-Strategy-To-Address-Cybersecurity-Risks,-Think-Tank-Finds.aspx2017-06-09T04:00:00ZEU Needs Comprehensive Strategy To Address Cybersecurity Risks, Think Tank Finds
https://adminsm.asisonline.org/Pages/Most-Companies-Take-More-Than-A-Month-To-Detect-Cyberattackers.aspx2017-06-02T04:00:00ZMost Companies Take More Than A Month To Detect Cyberattackers
https://adminsm.asisonline.org/Pages/Hacking-Culture.aspx2017-06-01T04:00:00ZHacking Culture
https://adminsm.asisonline.org/Pages/IT-Security-Professionals-Admit-To-Hiding-Data-Breaches,-Survey-Finds--.aspx2017-05-09T04:00:00ZIT Security Professionals Admit To Hiding Data Breaches in New Survey
https://adminsm.asisonline.org/Pages/Cyber-War-Games.aspx2017-04-01T04:00:00ZCyber War Games

 You May Also Like...

 

 

https://adminsm.asisonline.org/Pages/Book-Review---Emergency-Planning-for-Nuclear-Power-Plants-.aspxBook Review: Emergency Planning for Nuclear Power Plants <p>​Published by Routledge; crcpress.com; 362 pages; $105.</p><p>Starting with a sound historical platform, <em>Emergency Planning for Nuclear Power Plants </em>prepares the reader to understand the complex nature and evolution of emergency preparedness requirements for nuclear power plants. The author focuses on the technical basis for nuclear emergency planning and provides the reader with a good understanding of issues and risks from a radiological dose perspective. He also leaves room to apply emergency management principles, such as fire and security, that also play a role in response planning. </p><p>The book explains how certain directions taken by the U.S. Nuclear Regulatory Commission have helped shape the industry abroad. A key example is a discussion on reactor consequence analysis and the probabilistic risk assessment that is used widely across the industry. The author's focus is on U.S. regulations, although one could argue that difference in regulation today across countries is not significant, thus increasing the relevance of the book to industry emergency managers around the world. </p><p>The discussion centers on emergency planning considerations that address the issues associated with two reactor types—pressurized water reactors and boiling water reactors—that are prevalent in the United States. Some risks attributed to other reactor types are not fully addressed in the book.</p><p>By effectively deploying mitigation strategies developed since the Fukushima nuclear accident in 2011, the expected radiological dose from large-scale nuclear accidents can be significantly reduced. The author provides good explanations of all aspects of emergency planning. However, too much detail in some sections might confuse the reader. Still, this book is a must-read for all nuclear industry emergency planning managers.</p><p><em>Reviewer: Dan McArthur has more than 30 years of experience in the nuclear industry and now serves as senior strategist at Bruce Power, where he focuses on regulatory and government affairs pertaining to emergency management policy. He is a member of the Canadian Standards Association providing technical input and guidance on emergency preparedness requirements for nuclear power plants in Canada.</em></p>GP0|#21788f65-8908-49e8-9957-45375db8bd4f;L0|#021788f65-8908-49e8-9957-45375db8bd4f|National Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://adminsm.asisonline.org/Pages/Space-Jam.aspxSpace Jam<p>​Much of the western United States was put on notice earlier this year when the U.S. Air Force announced that it would be blocking GPS signals on its base south of Las Vegas, Nevada. The tactic—which occurred during an annual month-long military training exercise—could cause air traffic disruption and potentially require flight rerouting due to inconsistent GPS, the notice stated. While the Air Force would not confirm that the GPS disruption was a part of its yearly exercises, experts believe that the military is training its pilots to fly in conditions where GPS signals are inaccurate or nonexistent—a scenario that has become increasingly common.</p><p>Thirty-one satellites currently orbiting the earth transmit signals to civilian and military terrestrial receivers, essentially using time signals to run location-based devices and activities and syncing networks around the world. The satellites—called the GPS constellation—are owned by the United States and operated by the Air Force. Since 1978, the satellites have provided location, navigation, and timing capabilities to the military, and an unencrypted version became available for public use in the 1980s. Over the years, the signals from the GPS constellation have become critical for a variety of applications, including communications, precise time measurements, and critical infrastructure technologies—in addition to its military uses of navigation, target tracking, and missile guidance. </p><p>However, the signal—which is inherently weak—is susce​ptible to outside interference. Anything from space weather to malfunctioning machinery to malicious actors can cause problems with GPS, including blocking the signal—called jamming—and sending false signals, known as spoofing. Even small interferences can cause big headaches.<img src="/ASIS%20SM%20Callout%20Images/0518%20NS%20Chart.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;width:466px;" /> </p><p>For example, a man who drove a company car purchased a GPS jammer to keep his boss from knowing his whereabouts, but when he passed near Newark airport in New Jersey, the jammer blocked signals from reaching the air traffic controller system. Although the sale and use of jammers is illegal in the United States, they can be purchased online for less than $50 and can successfully hide a vehicle's location.</p><p>In January 2016, a routine equipment switch caused a series of 13-microsecond timing errors in half of the GPS constellation satellites, which triggered about 12 hours of confusion for computers, networks, and timing devices around the world. </p><p>The U.S. government has referred to GPS as a single point of failure for critical infrastructure and, in 2004, called for the U.S. Department of Transportation to acquire a backup capability for GPS. However, an alternative has never come to fruition. </p><p>U.S. President Donald Trump reemphasized the need for redundancy by including a section in the 2018 National Defense Authorization Act that requires the U.S. Departments of Defense, Transportation, and Homeland Security to demonstrate a GPS backup capability within the next 18 months.</p><p>"We were concerned that the federal government was not doing all of the things it said it would do in order to protect GPS signals, which are being interfered with on a regular basis," says Dana Goward, the president of the Resilient Navigation and Timing Foundation (RNTF). He established the nonprofit in 2013 to protect, toughen, and augment GPS signals. "Since we started, over the last five years, GPS has been interfered with more and more," he notes.</p><p>Goward and other members of RNTF are also members of the National Space-Based Positioning, Navigation, and Timing (PNT) Advisory Board, which has existed since the call for a GPS backup capability was issued in 2004. </p><p>It's hard to tell exactly how big an impact a widespread GPS outage would have on critical infrastructure sectors around the world, but Goward notes that glitches such as the January 2016 blip can foreshadow what systems might be affected. "The implementation and use of GPS signals is so widely spread for so many different things it was never intended to be used for that it's really impossible to outline all the bad things that would happen and the sequence in which they would occur," he says. "But there are some things we do know." </p><p>Say a terrorist plants a high-powered GPS jammer hidden in a suitcase in the middle of a city. Transportation will probably be the first system visibly affected, which could quickly impact an entire metropolitan area, Goward says. Traffic lights will become desynchronized and GPS-based apps will no longer function, creating distracted and dangerous driving conditions. Airplanes and other forms of mass transportation will have to slow down or alter routes to stay in contact with people who can keep them on course. Package delivery routes as well as land, sea, and air-based supply chain operations will be disrupted. "All forms of transportation will be forced to carry less capacity in the area," Goward notes.</p><p>Countless systems that rely on GPS's perfectly synchronized timing—including data networks, financial activities, the electric grid, and other utilities—will slowly become out of sync, causing system failures. </p><p>"When the networks start to fall apart, it's hard to tell how much of a cascading failure you're going to see," Goward notes. "Networks depend on each other. It's really such a vast and hyper complex system, the structures of which are not known and may not be knowable."</p><p>Preventing GPS glitches is a multifaceted challenge. The GPS satellites themselves are fairly resilient—they are replaced on a rotating basis depending on their estimated operational life. Still, mechanical glitches like the one that caused the January 2016 blip are possible. The signals transmitted from the satellites are even weaker than cosmic background noise, and Goward notes that even upgraded equipment won't substantially change the strength.</p><p>"The basic problem is fundamental physics," Goward says. "Satellites are 12,500 miles up in space and powered by solar panels and transmitting all the time—unlike other satellites that can store up their solar power, GPS satellites have to transmit all the time. They will always be really weak and easy to interfere with."</p><p>An inherent area of weakness is the equipment used to receive the GPS signal sent by the satellites—anything from cell phones to networks to military ground stations that encrypt the signal.</p><p>"Most GPS receivers in use right now are very vulnerable to jamming and spoofing," Goward notes. "The technology in terms of antennas and software is available to make them much less susceptible to jamming and spoofing, but it costs a little extra and users don't feel motivated to incorporate anti-jamming and spoofing technology into their receivers and systems, even when they involve and support critical infrastructure like phone and IT networks."</p><p>RNTF is working with the government to establish guidance or best practices to improve GPS receiver security.While a fix is relatively simple, Goward says he doubts most companies will make the upgrade unless they are told to do so or they experience a GPS-induced crisis. "We think that for critical infrastructure applications there's a government role there to advocate for, encourage, and perhaps require users to have the latest anti-jamming and spoofing technology."</p><p>Military-level encrypted GPS signals aren't exempt from jamming or spoofing, either. While the use of a secured ground system to control the broadcast of an encrypted signal, along with military-grade receivers, provides an inherent level of protection, it's not foolproof—and it only works when it's used properly.</p><p>"Because of the encryption, that makes military receivers as a practical matter more difficult to use, so we had seen any number of photographs of military folks in the field with GPS receivers they bought at Walmart strapped to their arms and using them instead of military receivers," Goward notes. Encrypted equipment tends to be stored under lock and key—and is usually unwieldy—making it more cumbersome to use. </p><p>It's suspected that the infamous straying of a U.S. naval ship into Iranian waters in 2016 was a result of the sailors using unencrypted receivers that allowed Iran to spoof the signal and direct them into the country's territory. And headlines were made when the movements of U.S. military personnel at several overseas bases could be tracked via a GPS-based fitness app—no jamming or spoofing required.  </p><p>The U.S. Department of Defense (DoD) is in the middle of upgrading the military ground systems and replacing the current GPS constellation—which is near the end of its intended operational life—but the efforts have faced a series of setbacks. The new generation of satellites, called GPS III, are expected to provide a stronger signal that is more resistant to spoofing and jamming and will permit interoperability with other global navigation systems. But, according to the U.S. Government Accountability Office (GAO), the acquisition and timeline of deploying the new satellites has run into several roadblocks, delaying the launch of the new equipment. </p><p>For example, the first GPS III satellite built, which is slated to become operational in 2019, includes energy storage devices that had not been appropriately tested by the subcontractor. When the Air Force discovered the failure to test the equipment, it made the subcontractor remove the devices from the second and third satellites currently being built, but "decided to accept the first satellite and launch it 'as is' with the questionable capacitors installed," the GAO reports. The rest of the GPS III satellites are expected to be launched and operational—replacing the current devices—by 2021.</p><p>Three components of the upgrade—the new ground control systems, GPS III satellites, and contingency operations programs—are expected to face "numerous challenges" over the next 18 months, GAO notes. "If any of the three programs cannot resolve their challenges, the operation of the first GPS III satellite—and constellation sustainment—may be delayed."</p><p>Meanwhile, Goward and the RNTF are continuing to encourage the government to promote more secure GPS receiver technology and build a backup capability when—not if—the GPS signal fails. </p><p>"We are concerned that the federal government does not have a central point of accountability for protecting GPS," Goward explains. "It's possible that this lack of responsibility and governance will mean that nothing is going to happen until the nation has suffered substantial damage because of the failure to protect, toughen, and augment GPS." ​</p>GP0|#21788f65-8908-49e8-9957-45375db8bd4f;L0|#021788f65-8908-49e8-9957-45375db8bd4f|National Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://adminsm.asisonline.org/Pages/Hacked-Again.aspxBook Review: Hacked Again<p>​ScottSchober.com Publishing; ScottSchober.com, 202 pages; $34.95</p><p>If you are seeking useful security advice on how to mitigate or prevent cybersecurity breaches, <em>Hacked Again</em> is a good resource to have in your library. </p><p>Author Scott Schober, a business owner and wireless technology expert, discusses pitfalls that all businesses face and the strategies used to mitigate cyberattacks. He discusses malware, email scams, identity theft, social engineering, passwords, and the Dark Web. </p><p> Another important concept is having systems in place to enable information access both as the data breach is occurring and afterwards. Most companies’ IT departments will have an incident response team; however, the individual user needs to know what to do when breached. Schober offers advice for that. </p><p> The abundance of personal information on social media is another concern of the author’s. He states that we are twice as likely to be victims of identity theft from these sites. He also reminds us that no matter how we try to eliminate risk, we’re never completely protected from a cyberattack. </p><p> Many cybersecurity books are more advanced, but Schober’s style is easy to follow, and he explains concepts and theories without confusing the reader. When concepts become overly technical, he incorporates scenarios to explain what these technical terms mean. Students, IT professionals, and novices would benefit from this book. They will learn that everyone must be aware of cybersecurity and stay on top of evolving trends.</p><p>--</p><p><em><strong>Reviewer: Kevin Cassidy</strong> is a professor in the security, fire, and emergency management department at John Jay College of Criminal Justice. He is a member of ASIS.</em><br></p>GP0|#91bd5d60-260d-42ec-a815-5fd358f1796d;L0|#091bd5d60-260d-42ec-a815-5fd358f1796d|Cybersecurity;GTSet|#8accba12-4830-47cd-9299-2b34a4344465