How to defend against government hackers
By Mark Rockwell Mar 31, 2017
The 188-page “Challenging Government Hacking In Criminal Cases” report, released by the American Civil Liberties Union on March 30, addresses new amendments to Rule 41 of the Federal Rules of Criminal Procedure, which took effect last December.
Under the changes to criminal procedure rules, feds can remotely search computers in multiple jurisdictions with a single warrant. The rules are touted by law enforcement agencies as a way to streamline 100-year-old rules of criminal procedure
more on surveillance in this IMS blog
Hackers could acquire sensitive data through monitoring hard drive noises
more on hackers in this IMS blog:
More on hackers and crackers in this blog:
Learn Blockchains by Building One
The fastest way to learn how Blockchains work is to build one
Remember that a blockchain is an immutable, sequential chain of records called Blocks. They can contain transactions, files or any data you like, really. But the important thing is that they’re chained together using hashes.
If you aren’t sure what a hash is, here’s an explanation.
reading and writing some basic Python, as well as have some understanding of how HTTP requests work, since we’ll be talking to our Blockchain over HTTP.
more on blockchain in this IMS blog
Six Ways to Protect Student Data and Prevent Cyberattacks
School administrators and IT staff can be super-vigilant, but the hackers are getting better and better at sneaking through security.
the most common cybersecurity threats, and how can school staff avoid them?
Eavesdropping / Man-in-the-Middle (MiTM) Attacks
What they are: It’s likely that you sometimes use a school laptop or mobile device to gain internet access via Wi-Fi networks in public places like coffee shops or airports. If so, be aware that there may be hackers eavesdropping to try and gain entry to any two-party exchange you make so they can filter and steal data.
How to avoid them: Always use a school-verified SIM card, dongle or VPN(virtual private network) to access the internet in public places.
Social Engineering Attacks
According to Verizon’s 2018 Breach Investigations report, 92 percent of malware is delivered via email, often referred to as social engineering attacks. The aim is to interact with the user and influence and manipulate their actions to gain access to systems and install harmful software. Malware uses various guises. Here are some of the most common:
1. Phishing emails
2. Baiting attacks
3. Quid pro quo requests
4. Pretexting attacks
5. Contact with a ‘compromised’ website
After massive cyber attack, Germany’s security apparatus struggles to answer questions
Nicholas Waller JANUARY 9, 2019
Investigators traced the man through digital tracks he left on the internet, as well as by speaking to witnesses, including another unnamed 19-year-old man that the hacker had communicated with via an encrypted messaging service. The hacker, who used the pseudonyms “G0t” and “Orbit”, was arrested on January 6 after investigators searched his home.
“Bad passwords were one of the reasons he had it so easy,” Seehofer said. “I was shocked at how simple most passwords were: ‘ILoveYou’, ‘1,2,3’. A whole array of really simple things.”
The latest incident comes just over a month after German security officials detected a major cyber attack against the email accounts of German lawmakers, as well as the military, and several German embassies by a Russian hacker group with ties to Moscow’s military intelligence wing, the GRU.
That attack occurred less than a year after the BfV, Germany’s intelligence service, said the Russian government was behind a cyberattack on German computer networks that was discovered in December 2017 and was also linked to the same hacker group that carried out the November 2018 breach.
more on cybersecrurity in this IMS blog
Blockchain Disciples Have a New Goal: Running Our Next Election
Amid vote-hacking fears, election officials are jumping on the crypto bandwagon — but cybersecurity experts are sounding an alarm
At democracy’s heart lies a set of paradoxes: a delicate interplay of identity and anonymity, secrecy and transparency. To be sure you are eligible to vote and that you do so only once, the authorities need to know who you are. But when it comes time for you to mark a ballot, the government must guarantee your privacy and anonymity. After the fact, it also needs to provide some means for a third party to audit the election, while also preventing you from obtaining definitive proof of your choice, which could lead to vote selling or coercion.
Building a system that accomplishes all this at once — and does so securely — is challenging enough in the physical world. It’s even harder online, as the recent revelation that Russian intelligence operatives compromised voting systems
in multiple states makes clear.
In the decade since the elusive Satoshi Nakamoto published an infamous white paper
outlining the idea behind bitcoin, a “peer-to-peer electronic cash system” based on a mathematical “consensus mechanism,” more than 1,500 new cryptocurrencies
have come into being.
definition: Nathan Heller in the New Yorker, in which he compares the blockchain to a scarf knit with a single ball of yarn. “It’s impossible to remove part of the fabric, or to substitute a swatch, without leaving some trace,” Heller wrote. Typically, blockchains are created by a set of stakeholders working to achieve consensus at every step, so it might be even more apt to picture a knitting collective creating that single scarf together, moving forward only when a majority agrees that a given knot is acceptable.
Unlike bitcoin, a public blockchain powered by thousands of miners around the world, most voting systems, including Votem’s, employ what’s known as a “permissioned ledger,” in which a handful of approved groups (political parties, election observers, government entities) would be allowed to validate the transactions.
there’s the issue of targeted denial-of-service (DoS) attacks, in which a hacker directs so much traffic at a server that it’s overwhelmed and ceases to function.
Although a distributed ledger itself would likely withstand such an attack, the rest of the system — from voters’ personal devices to the many servers a vote would pass through on its way to the blockchain — would remain vulnerable.
there’s the so-called penetration attack, like the University of Michigan incursion, in which an adversary gains control of a server and deliberately alters the outcome of an election.
While it’s true that information recorded on a blockchain cannot be changed, a determined hacker might well find another way to disrupt the process. Bitcoin itself has never been hacked, for instance, but numerous bitcoin “wallets” have been, resulting in billions of dollars in losses
. In early June 2018, a South Korean cryptocurrency exchange was penetrated
, causing the value of bitcoin to tumble and resulting in a loss of $42 billion in market value. So although recording the vote tally on a blockchain introduces a new obstacle to penetration attacks, it still leaves holes elsewhere in the system — like putting a new lock on your front door but leaving your basement windows open.
A blockchain is only as valuable as the data stored on it. And whereas traditional paper ballots preserve an indelible record of the actual intent of each voter, digital votes “don’t produce an original hard-copy record of any kind,”
In the end, democracy always depends on a certain leap of faith, and faith can never be reduced to a mathematical formula. The Economist Intelligence Unit regularly ranks
the world’s most democratic counties. In 2017, the United States came in 21st place, after Uruguay and Malta. Meanwhile, it’s now widely believed that John F. Kennedy owed his 1960 win to election tampering in Chicago. The Supreme Court decision granting the presidency to George W. Bush rather than calling a do-over — despite Al Gore’s popular-vote win — still seems iffy. Significant doubts remain about the 2016 presidential race.
While little doubt remains that Russia favored Trump in the 2016 election, the Kremlin’s primary target appears to have been our trust in the system itself. So if the blockchain’s trendy allure can bolster trust in American democracy, maybe that’s a net positive for our national security. If someone manages to hack the system, hopefully they’ll do so quietly. Apologies to George Orwell, but sometimes ignorance really is strength.
more on blockchain in this IMS blog
FBI Warns Educators and Parents About Edtech’s Cybersecurity Risks
The FBI has released a public service announcement warning educators and parents that edtech can create cybersecurity risks for students.
In April 2017, security researchers found a flaw in Schoolzilla’s data configuration settings. And in May 2017, a hacker reportedly stole 77 million user accounts from Edmodo.
Amelia Vance, the director of the Education Privacy Project at the Future of Privacy Forum, writes in an email to EdSurge that the FBI likely wanted to make sure that as the new school year starts, parents and schools are aware of potential security risks. And while she thinks it’s “great” that the FBI is bringing more attention to this issue, she wishes the public service announcement had also addressed another crucial challenge.
“Schools across the country lack funding to provide and maintain adequate security,” she writes. “Now that the FBI has focused attention on these concerns, policymakers must step up and fund impactful security programs.”
According to Vance, a better approach might involve encouraging parents to have conversations with their children’s’ school about how it keeps student data safe.
more on cybersecurity in this IMS blog