Reading Your Emails

Surveillance.jpeg

So you know you typically get a message when you log on your computer at work that there is “no expectation of privacy.”


Meaning…you’re on the corporate network and so remember that you can be monitored. 


Well we all read that warning and sort of know it by heart.


But do you really think that someone is watching you.


Well be assured that they are!


Talking to one of my colleagues and friends recently and this is what happened.


He had to fire one of his senior guys. 


And I asked him why?


He said:

“Because he was dead wood.”


I asked what he meant as this was a senior person in the organization that was being let go.


So he said:

“Well I read the last few days of his emails on his account and he was doing absolutely nothing!”


And I was like hmm, that’s amazing that you actually go into his account and read his stuff.


Yeah, I know it’s not really his employees–the guy is at work–but still it’s his email account that he uses, seriously.


So it’s not just some corporate spooks sitting in the bowls of the building in a darkened security operations center behind a lot of cool looking screens monitoring your accounts for suspicious activity.


It’s your management too that can logon and see and read your stuff, whenever.


So this guy that was fired wasn’t just dead wood, he was actually dead meat. 


“Smile you’re on camera” in more ways then one.


So if you decide to write some juicy emails today or save some salacious files on “your” computer or on the network, the expectation surely is that they are being read–you can take that to your privacy bank. 😉


(Source Photo: Andy Blumenthal)

Data 4 Ransom

Data 4 Ransom

The future of cybercrime will soon become the almost routine taking of your personal and corporate data as hostage. 


Once the hacker has control of it, with or without exfiltration, they will attach malware to it–like a ticking time bomb.


A simple threat will follow:


“I have your data. Either you pay for your data back unharmed OR your data will become vaporware! You have one hour to decide. If you call the authorities, you data is history.”


So how valuable is your data to you?  


– Your personal information–financial, medical, legal, sentimental things, etc.


– Your corporate information–proprietary trade secrets, customer lists, employee data, more.


How long would it take you to reconstitute if it’s destroyed?  How about if instead it’s sold and used for identity theft or to copy your “secret sauce” (i.e. competitive advantage) or maybe even to surpass you in the marketplace? 


Data is not just inert…it is alive!


Data is not just valuable…often it’s invaluable!


Exposed in our networks or the cloud, data is at risk of theft, distortion, or even ultimate destruction. 


When the time comes, how much will you pay to save your data?


(Source Comic: Andy Blumenthal)

Dire Warnings On Cybersecurity

Security Camera
This week Adm. Michael Rogers, the Director of the National Security Agency and head of U.S. Cyber Command issued a stark warning to the nation about the state of cybersecurity:



With our cybersecurity over the next decade, “It’s only a matter of the ‘when,’ not the ‘if,’ that we are going to see something dramatic.



The Wall Street Journal reports that he gave ” a candid acknowledgement that the U.S. ISN’T yet prepared to manage the threat!”



China and “one or two others” [i.e. Russia etc.] are infiltrating our SCADA networks that manage our industrial control systems, including our power turbines and transmission systems,.



The cyber spies from the nation states are “leaving behind computer code that could be used to disable the networks  in the future.”



Can you imagine…you must imagine, you must prepare–not if, but when. 



(Source Photo: Andy Blumenthal)

6 D’s Of Cyberwar

Cybersecurity
Popular Science had a interesting article that spelled out the six D’s of Cyberwar:



On the offensive side, you want to destroy, deny, degrade, disrupt, and deceive.



“Unlike World War II code breaking, cyber attacks offer the potential to not just read the enemy’s radio, but to seize control of the radio itself.”



– Step 1: Infiltrate the enemy’s networks and communications and gather/exfiltrate information.



– Step 2:  Compromise the enemy’s information either by:



1) Corrupting the enemy’s information, planting misinformation, sewing erroneous reports, and causing poor decision-making. 

2) Taking control of their networks, disabling or jamming them, and disrupting their command and control or harming their critical infrastructure and causing mass confusion, destruction, and death.



Examples are “not merely to destroy the enemy’s tanks, but to make them drive in circles–or even attack each other” or to cyber attack an enemies control systems for electricity, dams, transportation, banking, and so on. 

With the ability to steal information, sow misinformation, seize control, or even stop the information flow altogether, cyberwar is not just another weapon in our arsenal, but “a tool to help achieve the goals of any given operation.”



On the flip side, you want to defend against the enemy’s use of cyberspace to hurt us.



We need to continue to get serious about cyberwarfare and cybersecurity and become the masters in the information domain, and quickly. 😉



(Source Photo: Andy Blumenthal)

Remodulate The Shields For Cyber Security

I really like the concept for Cyber Security by Shape Security.

They have an appliance called a ShapeShifter that uses polymorphism to constantly change a website’s code in order to prevent scripted botnet attacks–even as the web pages themselves maintain their look and feel.

In essence they make the site a moving target, rather than a sitting duck.

This is like Star Trek’s modulating shield frequencies that would prevent enemies from obtaining the frequency of the shield emitters so they could then modify their weapons to bypass the shield and get in a deadly attack.

In real life, as hackers readily change their malware, attack vectors, and social engineering tactics, we need to be agile and adapt faster than the enemy to thwart them.

Changing defense tactics has also been used by agencies like Homeland Security to alter screening methods and throw potential terrorists off from a routine that could be more easily overcome.

I think the future of IT Security really lies in the shapeshifter strategy, where the enemy can’t easily penetrate our defenses, because we’re moving so fast that they can’t even find our vulnerabilities and design an effective attack before we change it and up our game again.

And hence, the evil Borg will be vanquished… 😉

A SCIF Can Be Yours

A SCIF Can Be Yours

A SCIF can be yours…if the wallpaper is right.

According to PC Magazine, a SCIF (Sensitive Compartment Information Facility) is a secure area where classified information can be discussed and handled. A SCIF is built to prevent information from leaking, being intercepted and compromised.

Now, your business or home office can have its own SCIF-type protection without the use of more expensive Faraday cage electromagnetic mesh (e.g. chain-link) conductive shielding or Japanese anti-Wi-Fi paint that blocks all frequencies.

BusinessWeek (31 January 2013) reports on a new wallpaper called MetaPaper that blocks Wi-Fi signals and helps “improve data security and network speeds.”
The Wi-Fi shielding wallpaper is developed by the French pulp and paper institute, Center Technique du Papier (CTP).

MetaPaper is a snowflake pattern wallpaper “printed in conductive metallic ink” that “blocks Wi-Fi signals, while still allowing FM radio and emergency frequencies to pass through.”

Its filtering is 99% effective (which may not be good enough for handling state secrets, but could be terrific for safeguarding most information) and sells for $12 per square meter.

Aside from information security, additional benefits of MetaPaper is to protect people’s health in terms of attenuating electromagnetic waves that cause genetic damage and cancer as well as socially to create quiet space, Wi-Fi free zones, such as in hospitals and movie theaters.

Here is a link to a presentation on MetaPaper’s development and benefits. 😉

Securing Transport To The Cloud

A new article by Andy Blumenthal on cyber security and cloud computing in Public CIO Magazine (June 2012) called Securing Cloud Data Means Recognizing Vulnerabilities.It’s the principle of inertia: An object in motion stays in motion unless disturbed. Just like a car on a highway, everything zips along just fine until there’s a crash. This is similar with information on the superhighway.”Let’s all do our part to secure cyberspace.Hope you enjoy!

(Source Photo: here with attribution to Kenny Holston 21)