We attended the RSA Conference in San Francisco this week. There are two giant convention halls filled with latest in information security. In addition to the in-booth presentations, there are continuous presentations and panels discussing security. Jeh Johnson, the Secretary of the Department of Homeland Security, was a keynote speaker. Yet, in this sea of the new, the most interesting thing was something patented almost a century ago. In the NSA’s booth (yes, that NSA) was this: A wooden box about the size of a toaster oven — an Enigma machine. The Enigma machine was patented in 1919. The Germans [...]
This week, FireEye released their latest APT report - APT30: The Mechanics Behind a Decade Long Cyber Espionage Operation. The sub-title summarizes the findings: How a Cyber Threat Group Exploited Governments and Commercial Entities across Southeast Asia and India for over a Decade. What are the surprises in APT30? There are no surprises in APT30. The bad guys engage in anti-forensics to avoid detection. APT30 tells us that the bad guys use spearphishing to make their initial infiltration: APT30 LEVERAGES MAJOR POLITICAL TRANSITION AS PHISHING LURE CONTENT IN CAMPAIGN GEARED TO KEY POLITICAL STAKEHOLDERS This is a sample of the lures used to [...]
Russian hackers used compromised systems at the Executive Office of the President to access the President's schedule. How could Russian hackers get to the President's schedule? CNN reports: As in many hacks, investigators believe the White House intrusion began with a phishing email that was launched using a State Department email account that the hackers had taken over, according to the U.S. officials. All the advanced cyber-defenses used to protect the White House were defeated by tricking users with deceptive emails. Spearphishing is not a casual hit and miss activity, it is the precise application of Military Deception. This is the [...]
On April Fools' Day President Obama issued an executive order entitled, "BLOCKING THE PROPERTY OF CERTAIN PERSONS ENGAGING IN SIGNIFICANT MALICIOUS CYBER-ENABLED ACTIVITIES." This was not an April Fools' prank. In the executive order the President observes that cyber-enabled threats "constitute an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States." In the executive order, the President declares a national emergency to deal with this threat. It is well-known that the most common method used by foreign powers to infiltrate U.S. Government systems is spearphishing.