Monthly Archives: February 2018

ISIS May Be on the Run But What’s Our Message to Prevent Its Re-Grouping?

With the near-defeat of ISIS’ ground presence, speculation is that the group will rely more on cyberspace to maintain its relevancy.  This is unsurprising as ISIS has continuously demonstrated its proficiency on the Internet, particularly for propaganda and recruitment campaigns.  The group achieved considerable success in influencing target audiences, and at one time, was credited with being able to disseminate approximately 90,000 messages a day.  Many of the hacking incidents attributed to ISIS or its sympathizers focused on exploiting global news organizations, inserting pro-ISIS messages on websites and Twitter accounts.  Perhaps more impressively, individuals associated with the extremist organization were suspected of hacking the United States Central Command’s Twitter account, posting propaganda videos and threatening messages.

 

ISIS propaganda machine remains a cornerstone of the group’s resilience and survivability, making any attempts to eliminate individual accounts akin to what some have called “whack-a-mole” futility.  In 2017, ISIS supporters used more than 400 separate online platforms to pump out propaganda despite laudable efforts by social media platforms like Facebook and Twitter that actively search for and suspend suspected terrorist/extremist accounts.  Such hinderances have encouraged the development of technologies to assist in this effort.  The United Kingdom, for example, is leveraging software able to detect 94 percent of ISIS propaganda, scanning millions of video and audio files with a 99 percent accuracy rate.

 

While these efforts are very promising in reducing ISIS’ and other extremist groups’ presence in global social media platforms, they don’t address the root of the problem – the message itself.  This has been an ongoing problem for governments and one that has continually challenged U.S. counter-messaging strategies.  The lack of success by any government to mitigate the influence of ISIS propaganda has led some to conclude that perhaps governments’ tactics of trying to deny ISIS’ ability to use cyberspace may not be the key to success.

 

Indeed, these individuals have proven adept at using advanced technologies to such a degree that it may not be possible to truly mitigate their use of the Internet.  ISIS members and associates have been reported to use the latest and greatest  technologies including: anonymous-enabling communications, virtual private networks, encrypted e-mail services, and encrypted messengers, among others.  Short of trying to institute an authoritarian grip on all available technologies (which does not guarantee success), there are too many alternatives that are available or being developed to make denying use of cyber-related devices a credible course of action for the long term.

 

That leaves having the right message that can compete with the one being spread by ISIS and other extremist groups.  Thus far, nothing has proven effective in curbing recruitment or attracting lone-wolf actors to commit horrible acts of violence.  In order to understand why propaganda works, it’s necessary to understand its intended audience, the psychological effects of propaganda on the intended target, and the socio-political effects it will have both on the target and the surrounding environment.  Any counter-messaging strategy must take into account all of these considerations.  More importantly, there can be no “one size fits all” messaging, as any content needs to be tailored to address the unique diverse backgrounds and cultures of ISIS’ members and followers.  And that may be where previous efforts have fallen short.

 

There is an opportunity to investigate what causes people from different countries to respond to radical ideology, and to understand what in the message is attractive enough to unite different socio-cultural backgrounds under the banner of an extremist world view.   We must not be satisfied with having put ISIS on the run.  Instead, we should invest this time in interviewing the persons involved to get a better idea of why they committed to extremism in the hopes of preventing another group like ISIS to emerge.

This is a guest post written by Emilio Iasiello

The post ISIS May Be on the Run But What’s Our Message to Prevent Its Re-Grouping? appeared first on cyberdb.co.

INVESTIGATION ON WINTER OLYMPICS CYBER-ATTACK HAS BEGUN



IN BRIEF: Following the cyber-attack on Winter Olympics, security teams and experts from South Korea's defence ministry, plus four other ministries, formed part of a taskforce investigating the shutdown.
----------------------------
The official Winter Olympics website was taken down after being hit by a cyber-attack (Denial Of Service attack, DOS), officials have confirmed.

The site was affected just before the beginning of the opening ceremony in Pyeongchang, South Korea.

Internal internet and Wi-Fi systems crashed at about 7:15 pm (1015 GMT) on Friday, though operations were restored about 12 hours later - Games organisers said.

However, a spokesman said that the International Olympic Committee would not be commenting on who might have been behind the incident.


"Maintaining secure operations is our purpose," said Mark Adams.
He added that the issue was being dealt with but that he was not aware who had carried out the attack.


Cyber-security teams and experts from South Korea's defence ministry, plus four other ministries, formed part of a taskforce investigating the shutdown.

RUSSIA RESPONDS

Prior to the Games, some cyber-security experts had expressed concern that countries like Russia and North Korea might try to target the event.


But the Russian Foreign Ministry has denied rumours that Russian hackers were involved.

"We know that Western media are planning pseudo-investigations on the theme of 'Russian fingerprints' in hacking attacks on information resources related to the hosting of the Winter Olympic Games in the Republic of Korea," the foreign ministry said.
"Of course, no evidence will be presented to the world."

There have been concerns for months that the Games and spectators could be targeted by cyber-attacks.

Earlier this month, the US Department of Homeland Security published a warning to travellers.

"At high-profile events, cyber-activists may take advantage of the large audience to spread their message," it said.

"There is also the possibility that mobile or other communications will be monitored."
The Pyeongchang Games are certainly not the first to be targeted by hackers.


In January, Konstantinos Karagiannis, BT's chief technology officer for security consulting, tweeted that during the 2012 London Olympics he and his team, "fought back quite a cyber-onslaught".

5G Network – Will The USG Throwing It’s Hat into the Ring?

According to recent reports, the United States government is considering building a 5G network, a step designed to bolster the country’s cyber security posture and guard against attacks, particularly from nation states believed to be conducting hostile acts of espionage.  This information is alleged to have come from sensitive documents obtained by Axios. Per these documents, there appears some question as to whether the government would build and run it, leasing out access to national telecommunications carriers, or that wireless providers in the United States build their own 5G networks that would compete with one another.  Another news source, reported similar findings, conveying that the government is interested in building a secure 5G network and will work with industry to accomplish this objective.

 

5G networks are wireless networks designed to improve connectivity for home broadband networks, as well as mobile devices such as smartphones and tablets and even self-driving cars – essentially Internet of Things devices.  There are some indications that speed will improve 10 times that of current 4G capability.  To provide some perspective to this marker, that’s sufficient to stream “8K” video or download a 3D movie in 30 seconds, according to one news outlet.  A very substantial advantage is the closing the lag time between devices, making communication more streamlined and efficient.

There is skepticism if the government will actually fund such an endeavor, with estimated costs expected to balloon to hundreds of millions of dollars.  Making connections stronger and communications more fluid would require more technology to be installed almost everywhere.  Some believe that 5G networks will bolster current 4G network architecture supporting existing technology, indicating that a full 5G adoption an unlikely result.

Nevertheless, whether the government gets involved in this process or not, the four main carriers in the United States – Verizon, ATT&T, T-Mobile, and Sprint – are all engaged in developing 5G technology meaning that the move toward the fifth generation of mobile networks is forthcoming.  In late 2017, the first 5G specification was officially completed, covering a range of spectrum from 600 and 700 MHz bands to millimeter wave of the spectrum at 50 GHz.

Propelling forward on implementing a 5G network has been touted as a security consideration.  Being able to develop a secure 5G network has been categorized as helping to curb hostile nation threats posed by governments like China that have been accused of conducting industrial and traditional espionage against U.S. public and private interests.

But it is also seen as a way to compete with China, which is considered as the leader in developing 5G technology.  According to a company that tailors analysis and commentary for its clients, 5G technology will be in place by 2020 with more than a billion users by 2023, and more than half of that based in China.

It remains to be seen the extent – if any – of the United States government in spearheading a 5G rollout.  In December 2017’s National Security Strategy statement, the president promised to improve “America’s digital infrastructure by deploying a secure 5G Internet capability nationwide.”  Thus far, the president has tried to fulfill his promises, intimating that government may find a role for itself someplace in this effort.  However, potential government intervention is not without its detractors.  Critics, including the head of the Federal Communications Commission, believe that government involvement would be meddlesome, potentially hampering innovation and investment.

There are always reasons why something can’t happen – insurmountable obstacles, cost, disrupting the norm.  Unfortunately, as history has proven, these often have trumped security considerations.  Therefore, any government discussions of creating  a new network with security in mind at the design level rather than after its completion and installment is very promising.  Many times, new technologies are brought to market at the expense of its users for the sake of being the first and displaying innovation.  Security continues to take a back seat to capitalizing on market share and making profit.  This cycle needs to be broken if there is any true interest in improving cyber security.  In this regard, government working closely with the telecommunications carriers in creating a 5G network would be advantageous, as long as it ensures that 5G network security remains a priority.

This is a guest post written by Emilio Iasiello

The post 5G Network – Will The USG Throwing It’s Hat into the Ring? appeared first on cyberdb.co.

ANGALIZO KWA MABENKI DHIDI YA UHALIFU WA ATM JACKPOTING


KWA UFUPI: ATM jackpotting imgonga Hodi Nchini Marekani ambapo imesababisha upotevu mkubwa wa fedha zinazo kadiriwa kuzidi kiasi cha Dola milioni moja hadi sasa.
----------
Kumekua na aina nyingi za uhalifu mtandao unaolenga mashine za ATM ambao umekua ukiathiri mabenki mengi maeneo mengi duniani.


Mataifa ya Afrika yamesha kumbwa na changamoto za uhalifu katika mashine za ATM kama vile “card skimming” ambapo wahalifu mtandao mara kadhaa wamekua wakiripotiwa kughushi kadi za ATM zilizopelekea upotevu wa fedha kupitia mashine za ATM.


Toka mwaka 2014, Kumeendelea kuibuka aina nyingine za uhalifu unao athiri Mashine za ATM maeneo mbali mbali – Itakumbukwa Niliwahi kutoa taarifa inayosemaka hapa: TYUPKINYATIKISA MASHINE ZA ATM

Ilipo gundulika chanzo cha uhalifu huo kulipelekea kutolewa maelekezo ya namana ya kujilinda ambapo Mabenki mengi hayakuzingatia – Kitu kilichopelekea kuibuka kwa uhalifu mwingine aina ya ATM Jackpotting, Ambapo mwaka 2015 Nchi za bara la Asia, Ulaya na marekeani ya Kusini walikumbwa na Uhalifu aina ya Remote ATM Jackpotting (RAJ)

Maelekezo Zaidi yalitolewa na baadhi ya Nchi zikachukulia uzito ulinzi mtandao katika mashine za ATM ikiwa ni pamoja na kufanyia kazi maelekezo yaliyotolewa.

Toka mwaka Jana ATM jackpotting imeendelea kukumba mataifa ya Marekani kusini ingawa sio kwa kiasi kikubwa.

Na Mwaka Huu wa 2018, ATM jackpotting ikagonga Hodi Nchini Marekani ambapo imesababisha upotevu mkubwa wa fedha zinazo kadiriwa kuzidi kiasi cha Dola milioni moja hadi sasa.



Natumia nafasi hii kukumbusha mabenki yetu mambo makuu ma tatu kwa sasa.

Moja, ELIMU YA UELEWA (Awareness) – Tumehimiza elimu kubwa ya uelewa ifanyike katika taasisi za kifedha ikiwa ni pamoja na kuwaelimisha wafanyakazi wa taasisi hizo juu ya kutambua na kujilinda dhidi ya uhalifu kama Social engineering, Key loggers, Phishing na aina nyingine zozote zinazoweza kupelekea benki husika kukumbwa na uhalifu wa ATM Jackpotting pamoja na aina nyingine za kihalifu.

Aidha, Elimu kwa watumiaji wa Mashine na mifumo mingine ya kibenki inapaswa kufanyika pia.


Mbili, MIFUMO YA UFATILIAJI (Implementation of Monitoring tools) – Kampuni nyingi zinazojihusisha na usalama mitandao zimekua zikiwekeza kwenye uzalishaji wa mifumo inayo saidia kufuatilia na kubaini aina yoyote ya viashiria vinavyoweza kupelekea uhalifu wowote wa kimtandao katika taasisi zetu.

Naziasa taasisi za fedha kuhakiki zinachukua hatua za muhimu kuweka na kuimarisha mifumo iyo ili iwe ni usaidizi wa kubaini viashiria vyovyote vya uhalifu mtandao.


Tatu, KUONDOKANA NA MATUMIZI YA WINDOW XP KATIKA MASHINE ZA ATM – Hili tumekua tukizungumza toka kuonekana ya kua uhalifu wa Tyupkin uliathiri Zaidi mashine za ATM ambazo zilikua na Window XP. Wito ni kua kuna kila sababu wa Taasisi za kifedha kufanya operation ya haraka kuhakiki ina angazia mashine zake zote za ATM na kuziboresha kwa kuweka mifumo iliyo juu ya window XP.


Ni moja ya mafunzo ambayo mataifa tumeyahimiza ya jifunze ili kuweza kubaini, kuzuia na kujilinda na uhalifu mtandao - Mafunzo haya yameanza kutolewa katika mataifa mengi ikiwa ni pamoja na mataifa ya Bara la Afrika.