Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.
interdiction, consists of manipulating devices as they’re in transit from manufacturer to customer. This approach is favored by U.S. spy agencies, according to documents leaked by former National Security Agency contractor Edward Snowden. The other method involves seeding changes from the very beginning.
The Chinese government didn’t directly address questions about manipulation of Supermicro servers, issuing a statement that read, in part, “Supply chain safety in cyberspace is an issue of common concern, and China is also a victim.” The FBI and the Office of the Director of National Intelligence, representing the CIA and NSA, declined to comment.
School administrators and IT staff can be super-vigilant, but the hackers are getting better and better at sneaking through security.
the most common cybersecurity threats, and how can school staff avoid them?
Eavesdropping / Man-in-the-Middle (MiTM) Attacks
What they are:It’s likely that you sometimes use a school laptop or mobile device to gain internet access via Wi-Fi networks in public places like coffee shops or airports. If so, be aware that there may be hackers eavesdropping to try and gain entry to any two-party exchange you make so they can filter and steal data.
How to avoid them:Always use a school-verified SIM card, dongle or VPN(virtual private network) to access the internet in public places.
Social Engineering Attacks
According to Verizon’s 2018 Breach Investigations report, 92 percent of malware is delivered via email, often referred to as social engineering attacks. The aim is to interact with the user and influence and manipulate their actions to gain access to systems and install harmful software. Malware uses various guises. Here are some of the most common:
Police have owned signal jamming tools to interfere with consumer drones for years. After all, it was a regular consumer drone that a member of ISIS turned into a kamikaze to bomb Kurdish fighters.
My note: from jamming devices, to raptors (birds) to hacking the apps – #BumpyRoad for drones
It’s become increasingly common for hackers to sell compromised streaming accounts for services like Netflix, HBO, and Spotify on the dark web — a section of the internet only accessible from a special web browser. These account passwords are often recovered from phishing attempts, a hacking method that involves tricking someone into giving up their account info to what appears to be a legit source.
The prowess of these three crackers also underscores the need for end users to come up with better password hygiene. Many Fortune 500 companies tightly control the types of passwords employees are allowed to use to access e-mail and company networks, and they go a long way to dampen crackers’ success.