Tag Archives: hacking

Why Insiders, Not Hackers, Are Biggest Threat to Cybersecurity

Cybersecurity

The NSA leaks perpetrated by Edward Snowden will easily go down as one of the biggest revelations of the year, if not the decade. But the episode also raises new questions about the risk that insiders pose to government and corporate cybersecurity, in spite of the attention lavished on foreign hackers.

Snowden’s case is unique in that it uncovered a previously unknown surveillance apparatus that’s massive in size and scope. It’s not unique, however, in the way the whistleblower did his deed. Two-thirds of all reported data breaches involve internal actors wittingly or unwittingly bringing sensitive information to outsiders, according to industry analysts.

“It’s not an either-or proposition,” said Mike DuBose, a former Justice Department official who led the agency’s efforts on trade-secret theft. “But amidst all the concern and discussion over foreign hacking, what gets lost is the fact that the vast majority of serious breaches involving trade secrets or other proprietary or classified information are still being committed by insiders.”

DuBose is now the head of the Cyber Investigations unit at the risk-management firm Kroll Advisory Solutions. In February, his team authored a report warning that contractors, information-technology personnel and disgruntled employees—all descriptors that fit Snowden pretty well—pose a greater threat than hackers, “both in frequency and in damage caused.”

Not everyone agrees. Even though insiders generally play an outsized role across all reported data breaches, their role in confirmed data breaches is rather small, according to an annual study by Verizon. In 2012 specifically, internal actors accounted for 14% of confirmed data breaches. Of those, system administrators were responsible for 16%.

“Our findings consistently show,” the report read, “that external actors rule.”

However common they are, cases like Snowden’s show how devastating one insider can be. The extent of the damage depends on what’s being exfiltrated, and from where, and there aren’t many standards for calculating losses. Most companies estimate the value of their trade secrets based on how much money they sank into the research and development of that knowledge. But for the government, it’s the potential impact on security that takes precedence—and that turns the question into a matter of subjective debate.

Last month, The Washington Post reported that Chinese spies compromised the designs for some of the Pentagon’s most sensitive weapons systems, including the F-35 Joint Strike Fighter, the V-22 Osprey tiltrotor aircraft and the Navy’s new Littoral Combat Ship.

If true, the report could have major consequences for national security. But Snowden’s case is equally consequential, if for different reasons, and it bolsters DuBose’s point about the relevance of insiders. Snowden may have rightfully uncovered evidence of government overreach, but if a midlevel contractor can steal top-secret information about the NSA and give it to the public in a gesture of self-sacrifice, someone else could do the same and hand the intelligence to more nefarious actors.

Image via iStockphoto, kynny

This article originally published at National Journal
here

Read more: http://mashable.com/2013/06/10/insiders-hackers-cybersecurity/

Hackers Claim To Have Almost Crashed NASA Drone Into The Sea

A hacking collective claims to have obtained hours of on-board footage from NASAs unmanned aircrafts, data from their climate observation missions and details about thousands of NASA staff. On top of this, they allege to have taken semi-partial control of a $200 million (137 million) Global Hawk drone, which they attempted to crash into the ocean.

In a Pastebin thread, whichis beingcontinuallyremoved then reuploaded, Anonsecsaid they obtained pre-planned flight route data for NASA’s drones. Thehackers said they replaced this route with their own, which they hoped would cause the drone to deviate from its set flight path and crash into the sea. However, the hackers say they lost access to the network before this was possible.

Anonsec uploaded 250GB of the obtained dataonline, including eighthours of raw footage from NASA’s aerial drone fleet.Motherboardhas uploaded 15 minutes of this footage to YouTube (below).

In the thread, members went on to explain the justification for the attack:One of the main purposes of the Operation was to bring awareness to the reality of Chemtrails/CloudSeeding/Geoengineering/WeatherModification, whatever you want to call it, they all represent the same thing.

NASA even has several missions dedicated to studying Aerosols and their affects on the environment and weather, so we targeted their systems.

Conspiracy theoriesabout chemtrails usually revolve around the idea that the streaks of water vapor left behind by airplanes are actually harmful chemical clouds. Theorists claim that these chemicals were developed by the military and used by governments to covertly push some kind of secret interest. Absolutely none of this has ever been scientifically verified or backed by legitimate scientists.

NASA has denied claims that any of their data was obtained by the group, claiming they could have found all the information through their 30,000 openly available databases.

NASA sent a statement to Forbes that read, Control of our Global Hawk aircraft was not compromised. NASA has no evidence to indicate the alleged hacked data are anything other than already publicly available data. NASA takes cybersecurity very seriously and will continue to fully investigate all of these allegations.

Read more: http://www.iflscience.com/technology/hackers-claim-have-accessed-data-nasa-drone

Comic: This Is Why Your Email Was Hacked

Even Google’s two-step authentication can’t protect you from naiveté.

Comic written by Larry Lambert, illustrated by Jerry King.