Turbotodd

Ruminations on tech, the digital media, and some golf thrown in for good measure.

Archive for the ‘cybersecurity’ Category

The Spy Who Tracked Me

with one comment

This is a juicy headline from Bloomberg: U.K. Reveals its First Major Cyber-Attack Was Against IS

GCHQ isn’t typically known for advertising its very-much-behind-the-scenes-on-the-down-low headline making when it comes to espionage, cyber or otherwise.

But according to this Bloomberg report, Britain “carried out its first major cyber-attack in 2017, disrupting Islamic State’s communications and propaganda for much of the year.”

“This is the first time the U.K. has systematically and persistently degraded an adversary’s online efforts as part of a wider military campaign,” [GCHQ Director Jeremy] Fleming told a cybersecurity conference in Manchester, England, “Did it work? I think it did.”

Fleming (great last night for a spy head, right?) also mentioned Russia in his comments:

The use of a nerve agent against former double agent Sergei Skripal, he said, “demonstrates how reckless Russia is prepared to be, how little the Kremlin cares for the international rules-based order.” Russia “widely uses its cyber capabilities,” Fleming said, “blurring the boundaries between criminal and state activity” and deploying “industrial-scale disinformation to sway public opinion.”

Written by turbotodd

April 12, 2018 at 12:59 pm

Atlanta’s Cyber Attack

leave a comment »

In case you hadn’t heard or read, the city of Atlanta has been hamstrung by a ransomware attack that began last Thursday.

The New York Times’ Alan Blinder and Nicole Perlroth provided an update yesterday.  The key facts thus far:

  • This was one of the most “sustained and consequential cyberattacks ever mounted against a major American city.”
  • It “laid bare once again the vulnerabilities of governments as they rely on computer networks for day-to-day operations.”
  • The attackers, the “SamSam” hacking crew, locked up the city’s files, and gave the city a week to pay ~ $51,000 in ransom via Bitcoin.
  • While the attack didn’t impact Atlanta’s 911 calls or wastewater treatment, “other arms of city government have been scrambled for days.” 
  • But the Atlanta Municipal Court has been unable to validate warrants, police officers have been writing reports by hand, and the city has stopped taking employment applications.
  • Dell SecureWorks and Cisco Security are working to restore the city’s systems, and the city’s mayor, Keisha Lance Bottoms, has not yet indicated whether the city would pay the ransom.

The Times also cited a 2016 survey of CIOs for jurisdictions across the country found that obtaining ransom was the “most common purpose of cyberattacks on a city or county government, accounting for nearly one-third of all attacks.”

In the meantime, many of Atlanta’s core public services are being delivered by that trusty and dependable standby, pen and paper.

If you’re interested in learning more about how to contend with ransomware, IBM Incident Response Services published this “Ransomeware Response Guide (Registration required).” 

Written by turbotodd

March 28, 2018 at 10:02 am

Saudi Cyber

leave a comment »

Don’t miss this doozy of a story from The New York Times’ Nicole Perlroth and Clifford Krauss about last year’s cyberattack in Saudi Arabia.

The executive summary: Last August, a petrochemical plant in Saudi Arabia was struck by a cyberassault that intended to sabotage the firm’s operations and trigger an explosion.

The only thing that prevented the explosion was a mistake in the attackers’ computer code. 

For cyber warriors on the front line, it’s a must read.

On the flip side, Google recently released its “Android Security 2017 Year in Review” report earlier today, and it cited that 60.3 percent of Potentially Harmful Apps were detected via machine learning.

As reported by VentureBeat, its detection is done by a service called Google Play Protect, which is enabled on over 2 billion devices (running Android 4.3 and up) to constantly scan Android apps for malicious activity.

In other words, artificial intelligence and machine learning are the future of cyber monitoring, and the future has already arrived.

Speaking of the future and cybersecurity, at next week’s IBM Think 2018 conference in Las Vegas, you’ll be able to tune in to over 100 sessions LIVE via the IBM UStream. 

Be sure to check out the schedule here, and to case the cyber keynote from 12:30-1:10 PST on Tuesday, March 20th, entitled “Ready for Anything: Build a Cyber Resilient Organization.”

Written by turbotodd

March 15, 2018 at 10:16 am

KRACK

leave a comment »

I just got back from chasing a little white ball around the Texas Hill Country for a week.

Upon my return, I discovered the wonderful news about the KRACK attack (who comes up with these names??!).

First, the Equifax breach, now this.

If you’re not familiar, the KRACK exploit has to do with a serious weakness discovered in the WPA2 protocol (wifi).

According to a rundown in Ars Technica, the exploit allows attackers within range of vulnerable device or access points to intercept passwords, emails, and other data presumed to be encrypted. In some cases, the report goes on, it could allow perpetrators to inject ransomware or other malicious content into a website a client is visiting.

You can learn more details about the exploit and fallout here.

FYI, it won’t help to change your wifi password. Microsoft has issued a Windows patch for the exploit, Mac has beta fixes in developer releases of iOS, macOS, tvOS and watchOS, and Android is expected to have a fix in the coming weeks.

Now, on to the more positive news. Yesterday, IBM announced a new blockchain banking solution that will help financial institutions address the processes of universal cross-border payments, designed to reduce the settlement time and lower the cost of completing global payments for businesses and consumers.

TechCrunch captures the current situation and the blockchain remedy:

Currently, international transactions take days, if not weeks, to be completed. Frustration with that has seen services like TransferWise rise, but, great as they are, they remain solutions for savvy consumers or small businesses rather than all. A blockchain solution for banks addresses the root cause, and it could minimize the potential for errors thanks to the ledger-based system while also providing transparency and flexibility to banks. In one example, IBM said its service could be used to connect a farmer in Samoa with a buyer based in Indonesia, while covering more than just the payment itself. “The blockchain would be used to record the terms of the contract, manage trade documentation, allow the farmer to put up collateral, obtain letters of credit, and finalize transaction terms with immediate payment, conducting global trade with transparency and relative ease,” it said.
– via TechCrunch

Very cool stuff.

If you’re not yet on the blockchain, you can learn more here.

Written by turbotodd

October 17, 2017 at 8:32 am

New IBM Linux-only Mainframe Delivers Breakthrough Security

leave a comment »

IBM has unveiled the IBM LinuxONE Emperor II, the next generation of its family of Linux-only enterprise systems, which delivers new capabilities aimed at helping organizations achieve very high levels of security and data privacy assurance while rapidly addressing unpredictable data and transaction growth.

A key feature of the new LinuxONE Emperor II, IBM Secure Service Container is an exclusive LinuxONE technology that represents a significant leap forward in data privacy and security capabilities.

Last year, more than four billion data records were lost or stolen, a 556 percent increase over 2015. Of the more than nine billion records breached during the past five years, only four percent were encrypted – or securely scrambled — leaving most of that data exposed and vulnerable to attackers.

With IBM Secure Service Container, for the first time, data can be protected against internal threats at the system level from users with elevated credentials or hackers who obtain a user’s credentials, as well as external threats.

Software developers benefit by not having to create proprietary dependencies in their code to take advantage of these advanced security capabilities. An application only needs to be put into a Docker container to be ready for Secure Service Container deployment, and the application can be managed using the Docker and Kubernetes tools that are included to make Secure Service Container environments easy to consume.

Developers and clients can learn more and apply to participate in the beta at: http://ibm.biz/sscbeta. Developers can access new technologies, open source code and documentation on containers, mainframe development and more with IBM Developer Journeys: https://developer.ibm.com/code/journey/.

The most advanced enterprise Linux platform for data

The new LinuxONE Emperor II is the world’s most advanced enterprise Linux platform, featuring the industry’s fastest microprocessor and a unique I/O architecture with up to 640 cores dedicated to I/O processing. The vertical scale, shared-everything system design allows LinuxONE Emperor II to:

  • Scale-up a single MongoDB instance to 17 TB in a single system and get 2.4x more throughput and 2.3x lower latency on LinuxONE Emperor II leveraging the additional memory available compared to LinuxONE Emperor – providing applications faster, more secure access to data while enabling greater scale at reduced complexity.
  • Provide up to 2.6x better Java performance than x86 alternatives, and integrated hardware for pause-less garbage collection, enabling mission-critical Java workloads — which require consistent high-throughput and low-latency processing — to minimize unpredictable transaction delays due to garbage collection.
  • Provide a Docker-certified infrastructure for Docker EE with integrated management and scale tested up to two million Docker containers – allowing developers to compose high-performance applications and embrace a micro-services architecture without latency or scale constraints.

Learn more about IBM LinuxONE.

Written by turbotodd

September 12, 2017 at 9:09 am

Worried About Equifax Breach? Put a Security Freeze on Your Credit Files!

leave a comment »

After blowing my top when learning about this latest data breach at Equifax, where roughly 44 percent of Americans’ personal information — including Social Security, driver’s license, and credit card numbers were put at risk — well, I decided I’m mad as hell, and I’m not going to take this anymore!

Rather than spend a monthly fee paying one of these credit companies a fee to protect the very information they traffic in, I went one better: I put a security freeze on my credit file with each of the four major credit vendors in the U.S.: Experian, Equifax, TransUnion, and Innovis.

So what did this involve?

It was much easier than people might have you think, and for the full details, we have Krebs on Security to thank for the full instructions.

Here’s the bottom line:

A security credit freeze basically blocks any potential creditors from able to view or "pull" your credit file, unless you affirmatively unfreeze or thaw your file first. So, if you need to have a credit line inquiry anytime soon, this option’s not for you.

On the other hand, if you’re sick and tired of being sick and tired worrying about these data breaches, this is the option for you.

Depending on your state, it’s a modest fee to put a security freeze on your credit file for each of the previously mentioned vendors. (In Texas, each freeze costs $10, although for some reason Innovis was free.)

What does this freeze do?

First, ID thieves can still apply for credit in your name, but they won’t succeed in getting new lines of credit because few if any creditors will extend that credit without first being able to gauge your risk worthiness.

Also, the freeze can help protect your credit score, because as you’ve probably heard, every credit inquiry made by a creditor can negatively impact your credit score.

How do you do all this? It’s easier than it looks.

Go to each of the websites (www.experian.com, etc.) and search for "security freeze." You then should be able to find each vendor’s direct link with directions on how to impose the freeze.

If you or someone you know has been the victim of identity theft, you well know that $30-50 is a small price to pay to gain some piece of mind and to frustrate the hackers looking to benefit from your prior naivete.

Take your personal info and credit back into your own hands.

Do it, and do it now!

Written by turbotodd

September 8, 2017 at 4:04 pm

Hurricanes, Earthquakes, and Data Breaches

leave a comment »

First things first. TGIF (Thank God it’s Friday).

Although if I were hanging out in Key West at the moment, I’d probably be thinking about more than just another margarita and earth-bending sunset.

Hurricane Irma has already wracked devastation across the Caribbean, hammering Antigua, Barbuda, Puerto Rico, and now passing through the Turks and Caicos, the northern coast of Cuba, and the southern Bahamas before making landfall in south Florida.

The New York Times’ characterized Irma overnight as an “extremely dangerous” Category 4 storm with sustained winds of up to 155 miles an hour. The National Hurrican Center has the latest probable path here.

Meanwhile, an 8.2 magnitude earthquake struck off the Pacific Coast of Mexico late last night, killing at least 32 and sending people in Mexico City fleeing into the streets.

Effects of the quake were felt through the southern states of Oaxaca and Chiapas, and on into Guetemala. Last night’s quake was said to be more powerful than the one that killed nearly 10,000 in 1985, after which construction codes were bolstered significantly.

The Mexican government issued a tsunami warning off the coast of Oaxaca and Chiapas, but neither appeared to have been impacted by waves.

And then there was the man-made disaster. Credit reporting agency Equifax announced on Thursday that hackers had gained access to company data and potentially compromised sensitive information for 143 million American consumers (~44 percent of the U.S. population!), including Social Security numbers, driver’s license numbers, credit card numbers, and other personally-identifiable information.

The company’s press release indicated that “criminals exploited a U.S. website application vulnerability to gain access to certain files.”

As if having a web exploit endanger the personal information of about one-third of the American population weren’t bad enough, Bloomberg is reporting that three of Equifax’s senior executives sold shares worth almost $1.8 million in the days after the company discovered the security breach.

Coincidence?

If you believe that, I’ve got some credit card numbers I’ll be happy to sell you at a rock bottom price!

The hack is so gargantuan that Equifax is offering ALL U.S. consumers free credit file monitoring and identity theft protection for one year through its TrustedID Premier service.

It’s the least they can do.

Read Krebs post to learn more about the breach and its aftermath.

In the meantime, take matters into your own hands. Check all your credit card statements online to ensure no suspicious charges are starting to get racked up, and consider putting a freeze on your credit until you’re confident you’re not a victim of this “incident.”

Written by turbotodd

September 8, 2017 at 9:40 am

%d bloggers like this: