Week 14: Review of all topics

https://hbr.org/2017/12/the-internet-of-things-is-going-to-change-everything-about-cybersecurity

Cybersecurity is such a volatile industry in so many aspects. In 2016, breaches cost businesses nearly $4 billion in 2017 the number will be roughly 6 billion. The constant number of threats and attacks is becoming so mainstream that businesses are investing more than $93 billion in cyber defenses by 2018. Congress is attempting to quickly to pass laws that will hope to improve the situation.

Despite increased spending and innovation in the cybersecurity market, there is every indication that the situation will only worsen. The number of unmanaged devices being introduced onto networks daily is increasing towards 20 billion in a few years. Attacks on Internet of Things (IOT) devices were up 280% in 2017. Traditional security solutions have not be effective in addressing these devices or in protecting them from hackers. Moving toward 2020 most attacks will be toward IOT devices.

The article explained that this IOT issue is changing the security game. Executives who are preparing to handle future cybersecurity challenges with the same mindset and tools that they’ve been using all along are setting themselves up for continued failure.

Karim Baratov, a 22-year-old Kazakhstan-borm Canadian citizen has pleaded guilty to hacking charges over his involvement massive 2014 Yahoo data breach that affected over three billion Yahoo accounts.
In March, the US Justice Department charged two Russians which are Dmitry Dokuchaev and Igor Sushichim and two other hackers which are Alexsey Belan and Karim Baratov for breaking Yahoo servers in 2014.
Karim was arrested in Toronto at his Ancaster home by the Toronto Police Department in March this year, the other three suspects are still in Russia, unlikely to be extradited.
Last Tuesday, Baratov admitted to helping the Russian spies and pleaded guilty to a total of nine counts in San Francisco as following:
– One count of conspiring to violate the computer Fraud and abuse Act by stealing information from protected computers and causing damage to protected computers.
– Eight counts of aggravated identity theft.
Besides any prison sentence, Baratov has also agreed to pay compensation to the Yahoo victims and a fine up to $2,250,000 (at $250,000 per count).

https://thehackernews.com/2017/11/yahoo-email-hacker.html/

Intro to Ethical Hacking Week 2 Intro to Ethical Hacking-week-1 Intro-to-Ethical-Hacking-Week-3 Intro-to-Ethical-Hacking-Week-4 Intro-to-Ethical-Hacking-Week-5 Intro-to-Ethical-Hacking-Week-6 Intro-to-Ethical-Hacking-Week-7 Intro-to-Ethical-Hacking-Week-8 Intro-to-Ethical-Hacking-Week-9 Intro-to-Ethical-Hacking-Week-10 Intro-to-Ethical-Hacking-Week-11 Intro-to-Ethical-Hacking-Week-12 Intro-to-Ethical-Hacking-Week-13 Intro-to-Ethical-Hacking-Week-14

https://www.theregister.co.uk/2017/12/01/us_voting_machine_security_hearing/

https://oversight.house.gov/wp-content/uploads/2017/11/Blaze-UPenn-Statement-Voting-Machines-11-29.pdf

Last week Matt Blaze gave a presentation before congress related to hacking elections. I have linked both the article and the testimony. The testimony is interesting to read and isn’t very long, here is an interesting tidbit on DRE:

“Electronic voting machines and vote tallies are not the only potential
targets for such attacks. Of particular concern are the back end systems that
manage voter registration, ballot definition, and other election management
tasks. Compromising any of these systems (which are often connected,
directly or indirectly, to the Internet and therefore potentially remotely
accessible) can be sufficient to disrupt an election while the polls are open
or cast doubt on the legitimacy of the reported result”

While everyone in the media is worried about the “glass” or booth, we should be just as concerned about the backend systems. I thought this article was also relevant because Matt Blaze is a professor over at Penn and a Philadelphia local.

 

In a recently online leaked database, it has been discovered that the popular keyboard app, Ai.type, has been collecting a large amount of sensitive details on users. The information that has been collected was not necessary for the app to run and ranged from contact information, GPS location to information linked through social media. It was also revealed that user’s contact books from names to phone numbers were being collected.

https://thehackernews.com/2017/12/keyboard-data-breach.html

This is really interesting article. I think it is really important for everyone to be conscientious about cyber security. If you have a desktop technician that does not care about security even if a company has all the stuff in place to make it secure a tech can just circumvent it for a client if they really wanted to. I think that if every tech has a little bit of knowledge in security it could be really valuable to the company.

 

https://www.csoonline.com/article/3239674/it-careers/it-help-wanted-cybersecurity-experience-preferred.html

Recently, Amazon has announced that it will be offering a new service where Prime members can receive in-home delivery of packages. This can be done with the help of high-tech smart locks that allow Amazon drivers to open their front doors. The point of this service is to give customers peace knowing their orders have arrived safely to their homes.

In order for customers to receive this service, they are required to order the Amazon Key in-home kit, which included the Amazon Cloud Cam and one of the several compatible smart locked that are offered by Kwickset or Yale.

The way it works: when a driver requests access to a customer’s house, the cloud cam confirms the driver is at the correct address through an encrypted authentication process. Once authenticated, the cam starts recording the deliver and the door is unlocked. Customers have the ability to track the delivery by using the Amazon Key app where they can watch the delivery live or view a recording at a later time. The program will eventually provide features where customers can grant keyless access for family or friends and be able set the frequency and length of time for the access.

I have mixed feelings about this new service. I understand the benefits, but I easily see risks. I would like to know more about the cyber security piece to this because I can easily picture this backfiring and hacking incidents happening.

https://www.technewsworld.com/story/84911.html

https://www.technewsworld.com/story/84962.html

In this article, it speaks about how Blackberry is looking to add security to various industries. It also has the capability to provide more security and help governments than Apple or Google, which sounds good because even though it’s not smartphones they are building but security and making us believe we may see Blackberry make a comeback for the long run.

https://www.ft.com/content/d23cc752-d3b0-11e7-8c9a-d9c0a5c8d5c9

US charges three Chinese nationals over hacking

This article talks about the following: It is well known that Russia and China have been growing threats in the cybercrime space. In the latest update, the United State has accused 3 Chinese nationals of stealing critical information of Moody’s Analytics, Siemens and GPS maker Trimble. The hacking took place through network hacking and sending phishing emails to steal information.

It will be interesting to see how things unfold in the future. How can such frauds, especially data theft of some of the most critical information, be protected in the future? How can governments work together in curbing or ensuring that ethical hacking is practiced and preached across students and people who are interested in this field?

https://www.cisomag.com/uk-cops-becoming-ethical-hackers/

How UK cops are becoming ethical hackers

This article talks about the following: Cyber Crime is a growing threat and its knowledge in the security forces is limited because of lack of training systems. Because of this, the police officers in UK are getting trained on cybercrime. 80% of the police in UK is being trained on hacking, cybersecurity training, penetration testing, etc. This will enable the police officers to nab the accused at the right time

It will be interesting to see how things unfold in the future. This is an interesting move by the police departments and should be implemented by all police forces. However, will the cybersecurity systems be regularly maintained and upgraded for new threats? Will the training imparted be effective to new AI threats? This is a question that needs answers, especially in government forces