China joins the mass data breach party: lessons to learn from the OPM

China joins the mass data breach party: lessons to learn from the OPM

The massive data breach of federal employee information at the OPM could mark a significant moment in the evolution of the threat landscape

Related topics
Data
Data breach
Security

Related articles

Why nation-state cyber warfare should be keeping you up at night

Google to warn GMail users of state-sponsored attacks

Google to warn GMail users of state-sponsored attacks

Governments and businesses must act now on the Internet of Things, warns Accenture

Share article

 49  0  0  10 googleplus0

Short of time?

Print this pageEmail article

‘The Edward Snowden leaks pale in comparison to the wilful errors that made this breach possible’

If the intelligence coming through is correct, and a nation state is behind the cyber attack at the US Office of Personnel Management (OPM), then IT leaders have yet another problem to worry about.

State-sponsored hackers are not just after select pieces of geopolitically advantageous intel – they’re prepared to lift millions of records at a time from organisations to get what they’re looking for.

But what are they looking for? And how do we stop them?

Even in an industry where ‘major inflection points’ seem to come along every few months, the OPM attack is a big deal. Originally thought to have compromised the personal details of only around four million US government employees, that number may now have risen to as many as 14 million.

>See also: Why nation-state cyber warfare should be keeping you up at night

More importantly, the breach is now said to have compromised highly sensitive data on staff applying for security clearance roles in military or intelligence positions. This data could include whether an individual has a criminal record, any history of alcohol or drug abuse, filed for bankruptcy and so on, according to reports.

This is information that a foreign state would find hugely valuable. It could be used for blackmail, coercion and even for possible recruitment of spies. And let’s not forget that the wealth of personal information contained in these employee records can also be used to make follow-up spear phishing attacks even more sophisticated and hard to spot.

A chequered past

This isn’t the first time something like this has happened. In fact, an intrusion into the OPM was traced to China last year but the department seems not to have heeded an Office of the Inspector General report soon after criticising “significant” deficiencies in its security. A watchdog has now said the OPM underinvested in security for a decade. This should be a warning to organisations everywhere – you get the security you pay for.

There are also signs that the recent Anthem breach of 80 million health records, the Premera Blue Cross incident exposing 11 million customers, and an attack on Carefirst Blue Cross (1.1 million) were linked to each other and China.

We’ll probably never find out if it was a government-sanctioned mission. But so far some reports seem to suggest that this data isn’t finding its way onto the darknet, which would be a typical move if it were nabbed by cybercriminal gangs.

So what can we learn from this? IT leaders should already be on high alert about the major data theft threat posed by cybercrime gangs – and the huge resulting clean-up and legal costs, regulatory fines, and damage to brand and shareholder value.

Knowing this threat has expanded to nation-state operatives should serve as a timely reminder to get security strategies in order, especially for government contractors.

On the plus side, best practice security to mitigate the effects of an attack shouldn’t change, whether the attacker is a criminal gang or an army hacking unit.

Aim to secure systems at every step of the cyber “kill chain”, starting with human resources. Invest in education and awareness training, so more staff can spot those all-important spear-phishing emails, and react quickly to an incident.

Then look at intelligence gathering to see if you’ve become a target. After that, it’s all about good security housekeeping, including keeping up-to-date with patches to ensure software vulnerabilities can’t be exploited. Guidelines like those produced by NIST and GCHQ are there for a reason, so follow them.

It’s also important to classify and label data and apply policies accordingly – segregating if necessary according to sensitivity.

>See also: Governments and businesses must act now on the Internet of Things, warns Accenture

Some highly sensitive data may need to be kept in air-gapped data stores. Delete anything that’s no longer useful or relevant. You’ll also need to authenticate access to this data strictly, along the principle of least privilege, and put a full audit trail behind it. It can also be useful to run breach ‘war games’ from time to time to check incident response plans are working.

No business is safe from a determined attacker, but what the OPM consistently failed to do was make suitable efforts to manage the risk of a serious breach. It’s a cautionary tale we would all do well to learn from. One thing’s for certain: the Edward Snowden leaks pale in comparison to the wilful errors that made this breach possible.

Sourced from Bharat Mistry, Trend Micro

– See more at: http://www.information-age.com/technology/security/123459678/china-joins-mass-data-breach-party-lessons-learn-opm#sthash.rz3O942H.dpuf

The massive data breach of federal employee information at the OPM could mark a significant moment in the evolution of the threat landscape

‘The Edward Snowden leaks pale in comparison to the wilful errors that made this breach possible’

If the intelligence coming through is correct, and a nation state is behind the cyber attack at the US Office of Personnel Management (OPM), then IT leaders have yet another problem to worry about.

State-sponsored hackers are not just after select pieces of geopolitically advantageous intel – they’re prepared to lift millions of records at a time from organisations to get what they’re looking for.

But what are they looking for? And how do we stop them?

Even in an industry where ‘major inflection points’ seem to come along every few months, the OPM attack is a big deal. Originally thought to have compromised the personal details of only around four million US government employees, that number may now have risen to as many as 14 million. Continue reading

Cyber experts to assess Kenya’s readiness of combating cybercrime

English: Flag of Nairobi (Kenya) Español: Band...

English: Flag of Nairobi (Kenya)  (Photo credit: Wikipedia)

By Chrispinus Omar NAIROBI, (Xinhua) — Cyber security experts from the world are due to meet in Nairobi next week for an international conference aimed at assessing the readiness of Kenya to combat cybercrime.

The Kenya 2014 Cyber Security Conference will provide an opportunity to review the outcomes from the previous conference, chart a way forward as well as disseminate advancements and trends in the security sector, organizers said on Tuesday in Nairobi.

“We have noted that the trend globally is for a public private partnership approach to solving cybercrime problems,” said William Makatiani, Managing Director of Serianu Limited, a local cyber security consulting and intelligence firm.

Serianu Limited has teamed up with experts from Canada, Singapore, South Africa, India and the United States to organize the conference.

The June 11 conference is a follow up to the inaugural conference held in 2012 that provided a basis/benchmark for the state of cyber security readiness in the country and region. Continue reading

Intimidating new Internet fraud reported in AC

New type of malicious computer virus known as ‘ransomware’

There is a relatively unknown malicious computer virus going around the Internet posing as an official message from the Department of Homeland Security’s “ICE Cyber Crime Center.”

The ransomware is part of what is known as the the Troj/Reveton-Ransomware family and it displays a lock screen that requires the user to pay a ransom before they will be allowed to access their Windows desktop, applications or files. Continue reading

Cybersecurity and the Potential Need for Cyber Chairs

The true cost of cybercrime is not easy to tabulate. While many companies have experienced its wrath first hand, even more have suffered from cybercrime unknowingly through higher cost, operational issues, brand erosion and lower-quality products. Moreover, consider the lost benefit from products that never even made it to the market as a result of intellectual property theft.

As a result, boards of directors have a responsibility to take a more active role—in fact they have a duty—to ensure that management protects and maximizes the value of their digital assets both within and outside the company walls; and to position the organization for the opportunities and disruptions that arise through digital technology. These risks and opportunities may even warrant board-level leadership: a Cyber Chair.

Continue reading

Colorado Shooter Had More in Common with Paramilitary Cops than Batman

Kurt Nimmo Infowars.com July 23, 2012

clip_image002According to the official narrative now disseminated by the establishment media, James Holmes was acting out some warped fantasy about Batman when he entered a theater in Colorado and killed a dozen people.

It is said the cops found Batman paraphernalia in his apartment, which was supposedly booby-trapped with sophisticated explosives.

The corporate media has described in detail the gear he allegedly wore during the mass shooting without drawing the obvious conclusion.

Instead of a Batman fetish, Holmes was fascinated with the sort of paramilitary gear now routinely donned by cops.

Continue reading

Globalisation and transnational organised crime in South Africa

Organised crime - cash flow

Organised crime – cash flow (Photo credit: Wikipedia)

Written by Khalil Goga (1)

It is argued that in an increasingly borderless world, transnational criminal groups have developed the ability to manoeuvre, prosper and become a dangerous threat to the world system. Increasing levels of transnational criminality in a post-Cold War world and a focus on linkages between organised criminal groups and terrorist groups have brought attention to the effects of organised crime across the globe.

Within South Africa, crime in general has become a national concern since the demise of apartheid. High murder rates and significant property crime rates have led to South Africa being referred to as “the crime capital of the world” with some comparative justification.(2) While the focus on crime in South Africa has often been on the extraordinary levels of violent crime; global, regional and domestic factors have contributed to a growing awareness of the implications of transnational organised crime. A recent estimate by State Security Minister, Siyabonga Cwele, approximated that South Africa lost 10% of its gross domestic product (GDP), estimated at ZAR 178 billion (US$ 21 billion) a year, to the “illicit economy.”(3)

Globalisation has often been cited as a major cause of increasing transnational organised crime.(4) The compression of time and space (5) is seen to facilitate the exchanges of goods, people and finance across borders at a faster rate than ever before, which, in turn, facilitates illicit exchanges. Simultaneously, globalisation has also benefited states in their ability to prohibit and prosecute transnational criminals, and there have been a growing number of cooperative regional and international efforts by states to combat transnational organised crime.(6)

This paper, therefore, critically engages with the relationship between globalisation and transnational organised crime in South Africa.

Defining organised crime

Given the conflation of terminology related to both organised crime and globalisation, there is a clear definition related to the subject matter. When using the term ‘organised crime’, the focus has often been on organised criminal groups such as the Mafia or Japanese Yakuza. Moreover, the focus on these criminal groups has often been one of a hierarchal structure with a ‘godfather’ type personality who controls the organisation.(7) Whilst this has been the dominant paradigm on which organised crime literature has been built, there is increasing evidence of a smaller, more network-orientated approach by organised criminals with more fluid networks, providing criminal organisations with “diversity, flexibility, low visibility, and longevity.”(8)

Organised crime has also been used to refer to “activities.”(9) Thus, a group of criminals engaging in a criminal activity falls under an ‘activity’ and, therefore, constitutes an organised crime. In this paper, the focus is on activities rather than organised crime groups given the changing nature of organised crime groups. Furthermore, focusing on organised crime groups as a differentiation between what is perceived as organised crime and white collar/commercial crime, has been particularly misleading to researchers, because this differentiation (between white collar and organised crime) has been focused on the separation between the ‘respectable classes’ and the ‘criminal classes’ without a proper basis.(10) Often the criminal network is made up of a variety of ‘shady’ and ‘not so shady’ (11) characters, which could include members of the respectable classes (such as lawyers, accountants, politicians). Thus, a focus on organised criminal activities would provide a more critical and focused approach to a study.

Continue reading

US Blacklists Son, Ex-Wife of ‘El Chapo’

Friday, 08 June 2012 11:57 Written by  Geoffrey Ramsey

clip_image002

 

The US Treasury has added an ex-wife and son of the Sinaloa Cartel’s Joaquin “El Chapo” Guzman to the “Kingpin List,” freezing their assets in the US, and barring citizens from doing business with them.

The individuals are Maria Alejandrina Salazar Hernandez and Jesus Alfredo Guzman Salazar, whom the Treasury’s Office of Foreign Assets Control (OFAC) identifies as El Chapo’s wife and son. According to the OFAC’s press release, the two are key operatives in the Sinaloa Cartel.

Guzman Salazar was indicted on drug trafficking charges along with his father in 2009, while Salazar Hernandez “provides material support to the drug trafficking activities of her husband,” according to the OFAC.

This is the sixth time in the past year that the OFAC has singled out individuals linked to Chapo Guzman, whose net worth may be as much as $1 billion.

InSight Crime Analysis

While the OFAC press release describes Salazar Hernandez as El Chapo’s wife, she was in fact the first of his three wives. The drug lord reportedly married her in a discreet ceremony in 1977, and the two had three sons: Cesar, Ivan Archivaldo and Jesus Alfredo Guzman Salazar. The first two were added to the Kingpin List in May. Continue reading