(More) Cyber Craziness

data center100215

I am at the farm to get the place squared away for Hurricanes and a foot of rain this weekend. I think I have enough candles, batteries, lanterns, oil lamps and propane to get through any short-term disaster, and the tragic events in Oregon had me numb, even as the meteorologists were changing the prediction of Jouquin’s storm track away from us.

So, it has been busy. One of the nagging issues is the fact that I think I am being cyber-stalked. I have been getting phone calls- to my cell phone, no less- from some people with heavy south Asian accents. I presume it is a call center in Bangalore, India’s version of Silicon Valley. The last call was quite alarming- the woman on the phone said there were several alerts on my system that would preclude the Microsoft programs from running. They wanted me to go to my computer and turn remote control over to them. Since they seemed to think i was on a Windows machine, I demurred.

india-call-center100215

Since I have proudly boycotted Mr. Gates and his infernal operating systems for years, I sent a note to the support center for my MacKeeper security software to ask if they were attempting to contact me.

They were nice enough to send a note back that said: “No.” I don’t know what it was about- but I felt a chill that someone thousands of miles away was trying to manipulate my stupid computer in a very personal way.

I guess you are only paranoid when they actually are not out to get you. Since the data breaches of all our personal data last year, I have been suspicious of everything in the cyber world. There is good reason for that- apparently the Russians made several attacks on Hillary Clinton’s server, and the reports do not include whether someone was dumb enough to click on the link that would have activated the malware that would have installed a back door on what was, de facto, a private official State Department network containing top secret information about weddings and yoga routines.

The whole thing is creepy and personal in a deeply personal way for me, you, the Secretary, all of us. I heard that TMobile subscribers- 55 Million of them- also just lost their Social Security numbers to persons unknown.

Taken with health insurance hacks, the OPM disaster and now this, my count is nearing 200 million disclosures of personal information to persons who do not wish us well.

Having written a little on the subject, I am sometimes mistaken for someone who knows what is going on. Accordingly, a pal wrote me to ask a question about something weird that was happening to his company.

“Vic:

Do you know anything about who this organization is that is using the address of a deceased employee of ours? Any idea why they might hack our corporation? We are pretty low profile. Any suggestions on how we contact the people who have appropriated a formerly valid email address without catching a virus?

Boats”

I am a fool, but not an idiot. I immediately turned his inquiry over to Bob, a former Chief Information Officer at one of my favorite Agencies in town. I copied him on my return note:

Boats,

I don’t know much about the mechanics of the hack or the purpose, except that they may be after your intellectual property- that seems to be the motivation for much of the Chinese hacking as a tool of State Security Services, while the Russians have that approach and a significant criminal component. The organization that has appropriated one of your email addresses could be a fellow traveler of any of the three.

The smartest guy I know in the cyber business is Bob, and I am going to copy him on this for his thoughts.

For Bob: Boats is an old shipmate of long standing. He is also a driving figure on a technology company called that is using innovative technology in unique applications. A formerly valid email address has been appropriated by a political activist group for unknown purposes which could involve intellectual property theft. Your thoughts?

Vic

Bob was kind enough to write back immediately with this recommendation, which I partly understand:

“My thoughts are that you should contact law enforcement, either the FBI or Secret Service. They stay busy and might not help much but it might correlate with something else they are tracking.

Also, consider updating your corporate cybersecurity policies to be in compliance with NIST guidelines.

And review your employee training to ensure everyone is on the lookout for anomolies.

Also, upgrade your endpoint defense. Check out the Invincea Corporation for their software.

And, ensure all accounts use two-factor authentication.

Bob”

I wrote Bob to thank him for his speedy response, and saw that it had a direct impact on my pal’s company. Boats sent this to his management team:

Re: appropriation of a deceased member’s e-mail address by an extremist political organization. I’m afraid some of Bob’s advice would be appropriate to a larger organization with a real corporate computer system. As a networked organization using mostly personal e-mail addresses we probably have no need to some of the measures he describes. However, he does recommend contacting law enforcement, and suggests (probably correctly) that our eavesdroppers are after our intellectual property.

Certainly Bob’s suggestion that we all be on the look out for anomalies is spot on. It was an observation of this anomaly that led to the information that we have now. Moreover, the person that found it had to be a bit insistent with me about it to get me to really look into it.

It’s old hat, but as they say in the DHS “IF YOU SEE SOMETHING, SAY SOMETHING”. I don’t see an immediate risk here since most of our most detailed, technical stuff is not on the internet, nor do we usually transmit it by E-mail. Physical ring binders are our main technical data storage device, if you have any of them you know it, and I know it, let’s not let it get farther afield than that. Our lists of related authoritative literature have gone out only partially and piecemeal, and mostly are still confined to ring binders. I do suggest that as we move forward we be be very careful on what we put out on the internet, and send critical technical data by snail mail. Please keep all ring binders in a secure place.

I’ve said it long before we knew we were compromised, our only real protection for our intellectual property is trade secrecy. We should always communicate as if the walls have ears yet keep in mind that science has to be published for progress to occur. We simply prefer that progress be by American firms who have paid us for our efforts. Here are a few key elements in communications security that hopefully aren’t too obtrusive, will facilitate collaborative communications, and yet keep the keys to the Kingdom out of the hands of eavesdroppers.

1. When actual equations/calculations must be exchanged use snail mail not E mail. If over night surface mail is too slow consider FAX by prearrangement, as in not from your regular work fax, to a fax other than the regular work FAX of your addressee.

2. When narrative copy must be exchanged that contains details of research, especially final results suggestion No.1 above is good advice.

3. We do not want to discourage the science team from publishing, but please discuss any publication plans with me, I doubt that I will discourage publication, but I will definitely consider timing.

4. If you must use a computer for keeping your notes try to use one that is not linked into the internet. For example use a laptop not linked in and keep the data on a thumb drive not in your hard drive. Never put the thumb drive in the laptop when connected to the internet.

5. Now that we know we are compromised let’s avoid putting our personal cell phone numbers that most us use to communicate in E-mails, If you need someone’s number and don’t know it call me, and I’ll find it and get it to you. I highly doubt that any of our phones are tapped at the moment.

It seems like our present eavesdroppers are politically motivated vice professional industrial espionage practitioners. We may also always presume that U.S. Government three lettered agencies tap in on us every now and then. We ply them for grants, our work has some distant potential national security benefits possible, but we are not working anything CLASSIFIED at the moment.

If we move into a classified realm any time in the future we will have a communications stand down for training, and a complete revision of our communications systems. Meanwhile the Feds are unlikely to steal our intellectual property. In short we have nothing to hide from the Feds and they are listening, in looking for people with something to hide , not trolling for opportunities to steal intellectual property, especially since they may end up owning major parts of it through the grants we are always chasing anyway.

6. Don’t worry excessively about our being watched. Remember that we are many years away from real pay dirt. Most would be IT thieves sell to corporations that want a pay day in terms of a fiscal quarter or year at best. It will take a lot of unprofitable patience to get anything useful out of us.

7. I will do my best to confuse the issue for our illegal watchers, especially once we get the corporate blog going by putting out disinformation from time to time, raising their expense of effort. Meanwhile let’s all follow Bob’s advice and be on the look out for anomalies.

I’ll take on the task of communications security manager for the time being. Keep in mind however, that I’m basically a consultant and not a corporate officer, so if we do call in law enforcement as Bob suggests this could get a little time consuming and they will want an official decision maker to work with.

I believe this incident has been a good event in terms of raising awareness. I doubt that we have experienced any damage. I think we can all get back to the immediate task at hand which is completion of the required 4 pager preliminary doc for the DOE grant with rather minimal concern for communications safety. However we must all be aware that this concern must grow over time. This incident should serve to encourage us to get up to speed sooner rather than later. When we reach the point that we must have a consultant and purchase systems, as this e-mail chain indicates I know where to start looking.

Many thanks to Bob for responding to my inquiry so quickly. Kudos to our alert employee who spotted the anomalies and being persistent enough to make me act. I’m aware now, and accept that I’m the only one available with some understanding of “ComSec” and enough time to deal with it, though my dance card is getting very full. And now back to our regularly scheduled programming

Thanks Everyone,

Boats

I was impressed by the speed with which the policy for the company was upgraded to…essentially snail-mail for security. What a world we live in now. I wish all of us the very best of luck in this mess.

Copyright 2015 Vic Socotra
www.vicsocotra.com
Twitter: @jayare303

 

Written by Vic Socotra

Leave a comment