Crossroads Blog | Institute National Security and Counterterrorism

cyber attack, Cyber Exploitation

Cyber roundup (10/30): Georgia outs Russia-based hacker, FBI working on attribution, DOD and BYOD, and cyber triage

Quick survey of recent cyber news . . .

***

Fascinating article from Computerworld’s Jeremy Kirk.  Apparently the Georgian government outed a Russian hacker with ties to the Russian government by hacking back into his computer, taking his photograph, and releasing that photograph.  Kirk documented the entire incident: a very talented Russian hacker kept breaking into Georgian computer networks, stealing information and evading security measures.  The Georgians had enough of this schmuck, so they began monitoring his habits and set a honeypot trap for him.  He took the bait, and the Georgians managed to snap a picture of him via his own webcam and look into some of his documents.  Kirk explained that those documents revealed “a list of targets to infect” and “[o]ther circumstantial evidence pointing to Russian involvement.”

***

Nextgov’s Aliya Sternstein on how the FBI is stepping up its attribution game.  Sternstein referenced an FBI blog post that detailed the Next Generation Cyber Initiative.  From the FBI blog post:

 

To that end, the FBI over the past year has put in place an initiative to uncover and investigate web-based intrusion attacks and develop a cadre of specially trained computer scientists able to extract hackers’ digital signatures from mountains of malicious code. Agents are cultivating cyber-oriented relationships with the technical leads at financial, business, transportation, and other critical infrastructures on their beats.

Today, investigators in the field can send their findings to specialists in the FBI Cyber Division’s Cyber Watch command at Headquarters, who can look for patterns or similarities in cases. The 24/7 post also shares the information with partner intelligence and law enforcement agencies—like the Departments of Defense and Homeland Security and the National Security Agency—on the FBI-led National Cyber Investigative Joint Task Force.

A key aim of the Next Generation Cyber Initiative has been to expand our ability to quickly define “the attribution piece” of a cyber attack to help determine an appropriate response . . .

***


Mark A. Stokes and L.C. Russell Hsiao wrote a paper titled Countering Chinese Cyber Operations: Opportunities and Challenges for U.S. Interests for the Project 2049 Institute.  The paper took an in-depth look at the sources of Chinese cyber espionage, with a specific focus on the PLA’s General Staff Department Third Department.  From the paper:

This assessment posits that the GSD Third Department command authorities manage a complex cyber reconnaissance infrastructure that exploits vulnerable computer networks around the world, while also ensuring the integrity of classified networks within China.

***

Wired’s Noah Shachtman & David Axe on how most U.S. drone feeds are still unencrypted and vulnerable to hacking with some $26 off the shelf equipment.

However, Foreign Policy’s John Reed with an interesting thought: let’s preform a little cyber triage and prioritize the data we need to protect.  According to Reed, the U.S. Army is looking at perishable data (e.g. “voice communications during a firefight”) and considering whether an adversary can actually make use of this information in enough time to make a difference.  If they can’t, then maybe that information gets a lesser level of protection.

***

Finally, Foreign Policy’s John Reed on BYOD and DOD.  BYOD stands for “bring your own device.”  Reed explains that “the Army, along with other Pentagon agencies, is moving toward allowing its staff to bring their own smart phones, tablets, and possibly laptops to work for use on unclassified systems.”  That, of course, will raise security concerns.  The Army’s CIO suggested that personal devices would have to undergo a scan before being connected.

Leave a Reply

Bitnami