On Cyber Patrol
This holiday season, don’t fall prey to a criminal’s cyber scam. Protect yourself by following a few simple guidelines when shopping online and giving to charities. Actually, these rules are good all year round as well.
Here’s an interesting look into the inner workings of international cyber criminals by virtue of covertly recorded conversation snippets. The characteristics of similar processes in Western governments, particularly here in the United States, are well known because they are described in detail in the media. Our processes exist to provide accountability, budget constraint, quality assurance and fair competition. The bad guys have a slightly different take on how to go about things.
The following is a public service announcment regarding public wireless networks.
In an intelligence coup, G2 operatives were able to secure the New Year’s Resolutions of the infamous International Cyber Criminal (ICC). Normally such information would not be released to the public in order to keep military intelligence gathering techniques and operations secure. However, as this information was taken from an unsecured social networking page of one of the ICC’s top lieutenants, the decision was made to release it for its educational value.
A soldier in harm’s way has no greater ally than other soldiers watching his or her back. That trust is the
key component of a good unit. Usually, the bond of trust that only members of the military share is built
during training and missions. That trust is priceless in theater, but what about other environments?
Dark alleys, sketchy neighborhoods, the bleachers of an away game – soldiers have that covered. But,
who has your back in cyberspace?
Some of you might find this interesting.
Below is the personal information of the author of this article and a few other goodies. It contains his full name, date and location of birth, Social Security Number, current and previous addresses for the past ten years, mother and father’s names and social security numbers, bank accounts and PINs, military CAC (including SIPR) PIN, AKO logon and PIN, entire work history and the combination to the electronic lock on his house (address provided above):
Every day there are hundreds, maybe thousands, of people searching the Internet for classified military data and the identities of military personnel and their families. However, they are not hacking into sensitive databases or trying to breach Pentagon networks. They are simply looking in locations that are filled of this type of free information: social networking sites and personal Web pages.
Can technology counteract the determined, the deceitful and the dimwitted? This is a question that has yet to be answered as the Army and other branches look at resuming the use of flash media on military networks.
This was a conversation overheard recently between a Sergeant First Class and a Private First Class. The Private needed some training support.
October is Cyber Awareness Month. This is an excellent effort to spread the word about cyber safety and to reinforce the policies, procedures and best business practices that support sound information assurance (IA). Given the consequences of compromised military networks or the loss of Personally Identifying Information (PII), any program that helps get the message across is worth the time and effort.
There is a quote used by countless writing teachers worldwide, and credited to almost as many writers, which reads, “I would have written a shorter letter, but didn't have time.” It’s time to bring that quote up to date given the way we fire off messages in a split second via email, instant messages (IMs) and “Tweets” (Twitter message). Today’s version should read, “I’m sorry that message was so dumb; I didn’t have time to make it smarter.”
Once of the most distinguishing characteristics of cyber warfare is that it is not fought on land, at sea or in the air. Cyber space is not an operational theatre that any military branch or relevant agency can lay claim to dominating. The necessities and challenges of defending the nation in the Information Age require a team approach. They also demand the ongoing sharing of ideas, best business practices and lessons learned.
Making sure your computer system satisfactorily goes through Information Assurance (IA) Certification and Accreditation (C&A) is the same as getting your car inspected. It ensures your system meets the official minimum security and IA maintenance standards. It also prevents equipment failures and crashes on the vital and very congested Army information superhighway, the LandWarNet.
- I will always be vigilant about my hardware, data and network access, even among fellow soldiers and coworkers, because stuff happens.
- I will stop putting the firewall in the safe at night because it works a lot better when left hooked to the system.
- I will implement all IAVAs in a timely manner because the word vulnerability is in IAVA for a reason.
Armed conflicts throughout the ages have had days when no spear was thrown, no bullet fired, no missile launched. Even the Hundred Years War (
How many times have you seen this scene? A very nervous individual is at an airport’s lost and found asking if anyone has turned in a thumb drive. When asked what it looks like, he replies, “I think it was blue and the size of my thumb. The person behind the counter just shakes his or her head regretfully. Or possibly worse, the person pulls out a box of drives that all look the same. The number of scenarios for disaster here are almost endless.
Now where did you put that laptop? You’d better look harder. A soon-to-be published HQDA Execution Order will direct the Army to locate, identify and categorize its information technology (IT) assets as part of an overall strategy to optimize resources and increase force protection.
Do you sleep well at night knowing your house and everything in it is safe? Have you installed the best door locks, burglar alarms and motion sensitive lights available? Is Spot, your Doberman/pit bull/wolf family pet awake, alert and a little hungry? Does your exterior resemble a bunker with siding that could withstand a category five hurricane? Then what’s that sound of something destroying your home? A possible answer: termites, the threat from within. Your mission critical data could be at as much risk.
Watching my Cousin Billy in my backyard lying in a hammock as I prepared for my 4th of July barbecue reminded me why protecting Data at the Rest (DAR) is so important. Data at rest is a lot like Billy. Most of the time it just sits around not doing much, but it will move and work if you prod it. But, it isn’t the lack of initiative that bothers me. It’s the potential for the loss of information that keeps me up at night.
Cyber threats are like rust—they never sleep. Somewhere, whether here at home or in some far-flung corner of the world, people ranging from thrill-seeking hackers to state-sponsored terrorists are cooking up new, more powerful, more insidious attacks. Some—far too many—of these will be successful. A typical reaction to such frightening news is … a yawn.
OK, listen up: Spot quiz. From the choice of acronym definitions below, select the ones that are correct, relevant, applicable and necessary for your immediate task set and strategic objectives. You will do this with someone barking/whining/sobbing/screaming in your ear, a flood of e-mails marked urgent clogging your mailbox, your phone(s) and Blackberry all going off simultaneously (with an embarrassing ring tone) and someone yelling to see you front and center immediately. For those in theatre, we’re going to lob a mortar round or two nearby for added excitement.
It is easy to say, if he had just used common sense he wouldn’t have lost his Common Access Card (CAC). She should have had the common sense not to leave her thumb drive in the coffee shop. What is common sense? It’s the knowledge and experience we start to develop as soon as we are born. For example, the pot on the stove is hot: don’t touch it; the ice is slippery: walk carefully; the information is sensitive: encrypt and protect it, etc.
Imagine you have two cabinets in your kitchen. One is labeled “Poisons,” and the other is marked “Tasty Treats.” Okay, it’s a strange kitchen. On the counter below are two identical containers. They are identical in every way—same weight, same size and same appearance. Neither container is labeled. One of the containers is near the cabinet that says Poisons, the other is near the cabinet that says Tasty Treats. It might be a fair guess that the one near the Treats cabinet is just that—something good to eat. The other one must be for rattraps.
It seems so innocent, downloading a game or other entertainment to pass the time during a tedious or stressful deployment. Yet, some of the dangerous cyber-critters that hitch a ride on many of those “fun” downloads make the fleas your dog brought home last summer seem like a welcome addition to the household.
Many threats you can recognize instantly. For example, the drunk driver careening towards you, the group of armed men forming on a nearby rooftop, a snarling dog with its ears back or your sister-in-law and her eight kids pulling into your driveway. Well, maybe the in-law and her brood are not really threats, but at least you can see them coming. Cyber threats are more insidious. They can surprise you like high blood pressure or a spot inspection.
A recent study showed that people have two great fears at work: failure and the boss. That's no big surprise. SPAN>It was that way in our parents' day. The way they handled it was to think before they acted so that mistakes were reduced and the boss was kept happy. Now these classic fears have a new critical factor – time and how little of it there seems to be. SPAN>