Posts Tagged ‘cybercrime internet security internet revenues’

Target breach update – how were HVAC passwords stolen?

Thursday, February 6th, 2014

As we learned from Krebs a few days ago in a Target breach update, the original entry point of the malicious software was Target’s HVAC company. Yes, that means the folks who handle their air conditioning and heating. I’m guessing in the aftermath of this admission, scads of large companies are scrambling to ensure there are no “touch points” between “building Maintenance GuyMaintenance Guymanagement” systems and their treasured business networks. It makes sense to me that the building manager would MP900383000Maintenance Guywant to have “heating and lights” right there under the same “pane of glass” as “inventory” but if that’s how companies have been operating, it’s time to rethink it.

Those of us in cybersecurity eagerly await more details. Fortunately we won’t have long to wait since Krebs is on the case. But in the meantime, are there security lessons to be learned from this aspect of the Target breach too (aside from the obvious: keep supplier networks separate)? The big question on everyone’s mind is: how is it that the HVAC company’s password was discovered by the cybercriminals?

Even without knowing any more that we do right now, the answer almost always comes down to the same few possibilities. Here are the six most common ways in which passwords are stolen: (more…)

The real reason Mitt Romney released his tax returns – his accountants got hacked

Sunday, October 7th, 2012

I’m not saying that Wikipedia is the ultimate authority on all things, but let’s agree that at least it’s a fabulous starting point.  There’s obviously something powerful about “anonymous” collaboration.

Some of you may have heard about the allegation that a group of hackers successfully stole the Romney’s tax returns, forcing them to release them.  Here’s how an “anonymous” editor sums it up on the Wikipedia profile of Price Waterhouse:Dark-haired man with graying hair at the temples, dressed in dark suit, at a nighttime indoor event

___________

Mitt & Ann Romney tax returns

On September 4, 2012,[64] an anonymous group of hackers claimed on Pastebin.com, a popular website for hacking groups such as Anonymous, to have gained access to PwC’s “network file system” at their Franklin, Tennessee office and copied documents relating to Republican presidential candidate Mitt Romney and his wife Ann’s tax returns before 2010, which the candidate has refused to release.[65] The group demanded that the company pay $1,000,000 USD in Bitcoin electronic cash. The group said that failure to meet their demands will result in the release of the material to “all major media outlets,” on September 28.[64]

____________

So is it just a huge coincidence that the Romneys released their returns on September 24th?  Allow me to add another data point: Today – October 7th, 2012 – Price Waterhouse posted over ten job openings on dice.com with titles like “Cybercrime Manager”.

(more…)

The Pitch for Paying Attention to Internet Safety

Sunday, September 30th, 2012

I’ve been busy this month giving webinars on cybercrime for my day job at Kaspersky.  Here’s a link to the latest one.  It is called “Top Cybercrime Threats 2012” and it also promised “10 tips to better internet security”.

But it could have been “Twenty Tips”.  Or even “Thirty”.  Because there are at least this many small things we could do to be more secure.  However, people don’t have infinite amounts of time to watch webinars, even if it’s about their own security.  So I’ll continue to work on slicing and dicing the information into small, consumable chunks for the non-security geeks in the world.

Here are two fun facts I want to share:

connected world

*  in the year 2000, there were 316 million people on the internet worldwide

*  in the year 2011, there were 2.3 billion

Stunning change in just a decade, isn’t it?  Never have so many people become connected and enabled so fast.  And with so much money continuing to fund this growth – high-tech as a whole, plus all the charities we support – it shows no sign of slowing down.  So how long will it be until 70% of the world is connected?

 

(more…)

Mixing it Up: Sand, Sunshine and Security

Monday, June 25th, 2012

Last week we had a work meeting on the island of Cyprus.  On our final day, as I meandered down the beach, I snapped this pic of what passes for security there.

Obviously it’s not a very effective barrier.  So why bother?  Well, it turns out that they are attempting to solve a problem which is quite analogous to policing the internet.

beach security in Cyprus

In order to grasp the analogy, it’s helpful to consider the following question about physical security.

Which of these three problems is the hardest to solve?

a.)    Keeping everyone out  – imagine an area which is nuclear-contaminated or ecologically fragile

b.)    Only let in a trusted few – Area 51 or any other military base

c.)     Let everyone in, except for a distrusted few – example: a shopping mall during a “high alert” situation (where threats have been called in)

The first one is fairly simple: your goal is to make potential trespassers give up and go away.  Erect some barbwire, add cameras, throw in a few landmines and you’re done.  (more…)