Category Archives: russia

Sajid Javid announces overhaul of espionage and treason laws

New bill needed to tackle hostile activity by Russia and others, says home secretary

Hostile state actors – spies, assassins or hackers directed by the government of another country – are to be targeted by refreshed espionage and treason laws, the home secretary has announced.

In a speech to security officials in central London, Sajid Javid revealed plans to publish a new espionage bill to tackle increased hostile state activity from countries including but not limited to Russia.

Continue reading...

The Guardian view on hacking: a dangerous arms trade | Editorial

Cyberweapons are dangerous in themselves. Their proliferation makes them much more harmful

NSO Group, an Israeli firm that has risen to a billion-dollar valuation on the strength of the aggressive hacking tools it sells to authoritarian governments across the Arab world, is being sued by lawyers and activists who claim to be victims of its software. One of the lawyers involved in the suit was targeted some weeks ago by mysterious WhatsApp calls to his phone in the middle of the night. When he contacted technical experts, they discovered Pegasus 3, an aggressive virus that can apparently install itself on a phone without the victim taking any action at all. Once installed, it takes control of the device, recording conversations and video. It can destroy the evidence of its own arrival and existence, and control any files on the device. In effect, it turns a smartphone into the perfect spying device, which the victim will carry everywhere with them.

Similar programs are widely available to abusers of all sorts, which is one reason why many domestic violence shelters ban the use of smartphones. But the ones that can easily be bought require some action from the victim, usually a misplaced click, or else a few moments’ access to their phone. The NSO malware targeting WhatsApp is different in that it could install itself without the victim doing anything at all. To discover and exploit the programming mistakes that opened this vulnerability would take years and cost millions of dollars. That is why it’s assumed that only states, or state-backed actors, have the resources to produce them.

Continue reading...

Leaked NSA Hacking Tools

In 2016, a hacker group calling itself the Shadow Brokers released a trove of 2013 NSA hacking tools and related documents. Most people believe it is a front for the Russian government. Since, then the vulnerabilities and tools have been used by both government and criminals, and put the NSA's ability to secure its own cyberweapons seriously into question.

Now we have learned that the Chinese used the tools fourteen months before the Shadow Brokers released them.

Does this mean that both the Chinese and the Russians stole the same set of NSA tools? Did the Russians steal them from the Chinese, who stole them from us? Did it work the other way? I don't think anyone has any idea. But this certainly illustrates how dangerous it is for the NSA -- or US Cyber Command -- to hoard zero-day vulnerabilities.

EDITED TO ADD (5/16): Symantec report.

U.S. Energy Grid Experiences Possible Cyberattack

An apparent denial of service attack caused a disruption in a segment of the U.S. energy grid affecting Utah, Wyoming, and Southern California.

Little is currently known about the incident. It occurred March 5th, disabling several security devices. An unnamed utility company reported the incident to the Department of Energy.

“There was a denial-of-service attack…and that basically led operators to not be able to see what was going on in the grid,” said journalist Blake Sobczak, who initially reported the story. “As long as nothing crazy happens, you should be fine, but it certainly constitutes a disruption and a reportable event here to the Department of Energy.”

While the potential cyberattack did not lead to any known outages or interruptions in service and used a relatively unsophisticated method, it is noteworthy for being the first known incident to successfully target the nation’s energy infrastructure. Hackers targeting the U.S. energy grid have been theoretical up to this point, but security experts have long maintained that the infrastructure is poorly secured and that many utility companies are unprepared when it comes to cyber defense.

Fears of an attack on utilities have increased in the wake of Russian infiltration of U.S. critical infrastructure announced in 2018 by the Department of Homeland Security.

The post U.S. Energy Grid Experiences Possible Cyberattack appeared first on Adam Levin.

NATO’s Cyber Operations Center – Will Russia Feel Threatened?

According to recent reporting, the North Atlantic Treaty Organization (NATO) announced that its Cyber Operations Center (COC) is expected to be fully staffed and functional by 2023.  The new COC marks NATO’s understanding of the importance that cyberspace plays in conflict, particularly in times of political tensions that has resulted in cyber malfeasance that has targeted elections and critical infrastructure.  The establishment of the COC is a natural evolution in how to address cyber attacks in a more timely manner by integrating cyber actions with more conventional military capabilities.  In early 2014, after notable cyber incidents were a part of international incidents that occurred in Estonia in 2007 and Georgia in 2008, the Alliance updated its cyber defense policy to classify digital attacks as the equivalent of kinetic attacks under its collective security arrangement under Article 5 of the treaty.

In those particular instances, Russia was suspected in orchestrating or at least tacitly supporting the cyber attacks that afflicted both states.  Since then, Russia’s alleged cyber activities have only become more brazen in their scale and aggressiveness.  From suspected involvement in launching cyber attacks against Ukrainian critical infrastructure to launching a variety of cyber operations to meddle in the elections of foreign governments, Russia has taken advantage of the uncertainty of cyberspace where there is little consensus on key issues such as Internet governance, cyber norms of state behavior, or the criteria by which cyber attacks escalate to a point of war.

NATO has always provided a strong military counterpoint to Russian influence in the European region and projecting a credible threat in cyberspace is an important complement to NATO capabilities.   However, previously, NATO didn’t have any of its own cyber weapons, a significant problem given Russia’s perceived position of a near-peer level adversary of the United States.  With the establishment of the cyber command, the United States, United Kingdom, and Estonia have offered the Alliance their cyber capabilities.  As described in one news article, the alliance hopes to integrate individual nations’ cyber capabilities into alliance operations, coordinated through the COC and under the command of NATO’s top general. With this in hand, it will be interesting to see if this will serve as the deterrent it’s intended to be and how Russia may adjust their cyber activities, particularly against NATO member countries.

However, there is still the lingering problem the Alliance faces with regards to the rules of engagement.  Classifying cyber attacks under Article 5 is a start but doesn’t help provide a path forward to how NATO can and should engage and respond to cyber attacks.  While this provides NATO a certain flexibility in addressing cyber attacks allowing the Alliance to take each on a case-by-case basis in determining the extent of its response, it does not provide adversarial states an idea of tolerated and intolerable cyber activities.  This shortcoming serves only to provide states like Russia enough wiggle-room to continue their offensive cyber operations as long as they don’t cross an undefined threshold.  It’s long been hypothesized that attacks crippling critical infrastructures would meet that threshold, but as seen in Ukraine, this bar keeps being pushed a little farther each time.

The COC is a much-needed instrument in NATO’s overall toolbox, strengthening the capacity of the Alliance to deter, and where appropriate, retaliate against cyber attacks.  That said, the longer there are no clear lines of what will and will not be deemed acceptable in cyber space will keep the status quo pretty much in place.  Once fully operational, the first test of the COC will be how the it will respond and in what proportion to an attack against a member state.  And it’s at this time all eyes will turn to Russia to see how it will react and alter how and where it conducts its operations.

This is a guest post by Emilio Iasiello

The post NATO’s Cyber Operations Center – Will Russia Feel Threatened? appeared first on CyberDB.

What Cyber Malfeasance Will Rear Its Ugly Head in the 2018 Midterm Elections?

With the approach of the United States’ 2018 midterm elections, concerns have been expressed by many regarding the security and integrity of the voting process.  Given the news how suspected Russian agents actively sought to use hacking and influence operations to sway voters in a particular direction during the presidential election, the concern is legitimate, even if there was no evidence that votes were actually altered in 2016.  The preservation of the democratic voting process has been thrust into symbolic “red line” territory that needs and should be protected against foreign interference.  Indeed, the Department of Homeland Security re-enforced this by elevating election infrastructure to the status of “critical infrastructure” in early 2017.

Clearly, hacking and gaining unauthorized access to those systems and devices associated with the election process is something that deserves immediate attention.  After all, many countries would ostensibly agree that breaking into computers is a criminal offense, regardless if data is taken, destroyed, or altered.  In the 2016 U.S. presidential election, there were clear incidents where suspected Russian hackers stole data, and even compromised voter-related records, resulting an indictment of Russian nationals on a wide variety of charges ranging from conspiracy to commit fraud, money laundering, and identity theft, to name a few.

However, while it makes perfect sense that there should be no factor prohibiting, manipulating, or changing votes, trying to stop outside influences from disseminating information – whether it be false or not – is a bit more challenging, especially for those governments that support such liberties of freedom of speech and freedom of the press.  Such rights do not come with the asterisk of having to be true or objective.  After all, the dissemination of information is a hallmark of a democratic society whether an audience agrees with the subject matter or not.  Whether the audience elects to believe such information or be influenced by it is entirely a free choice.  Perhaps this is why there is evidence that Internet “trolls” have already been observed replicating the behavior that garnered so much attention after the 2016 presidential election.  As of late July 2018, Facebook said it has uncovered a coordinated disinformation operation ahead of the 2018 midterm elections.  Twitter has followed suit removing accounts the company identified as related to Iranian propaganda.

The government has gotten involved trying to be proactive in curbing this online element.  In July 2018, the Department of Justice published a report in which it detailed its efforts to improve security for U.S. elections, highlighting how foreign agents used influence operations via social media platforms. Then in August, the Federal Bureau of Investigation announced its “Protected Voices” initiative to mitigate influence operations targeting future elections.  Part of this effort is to raise awareness among political campaigns about the best ways to defend against attempts by all categories of hostile actors to infiltrate their information technology infrastructure.

Of course, the question that lingers is the one that will be answered after the fact – will this be enough?  Suffice to say, aside from the online trolling activity, the volume is greatly reduced as compared to 2016.   This is due to the fact that it is only a mid-term election of Congressional members and not the Executive Office.  Cyber malfeasance will likely keep to the trolling activities of propaganda/disinformation/misinformation, web-page defacements by hacktivist actors, and distributed denial-o-service attacks against political and election-related sites.

Establishing cyber security strategies and the implementation of security measures into election equipment is something that remains to be done.  Outdated equipment, decentralized operations, and lack of a coherent process and framework to safeguard the election process are areas that need to be addressed in the near term.  But focusing on “fake” or “misleading” news seems more like going after low-hanging fruit than putting a dent into the real problem governing election security.  Like jihadi sympathizers, trolls can create new accounts as quickly as old ones are targeted and dismantled.  Such games of “whack-a-mole” tend to favor the moles rather than the ones trying to take them out, despite gaudy data statistics.

The real test of whether the U.S. actually applied “lessons learned” will come in two years with the next presidential election, particularly if the political climate between the candidates is as contentious as it was in 2016, and the potential international implications are as equally disconcerting.  Any successful repeat of the activities that were outlined by the Intelligence Community would be an abject failure and demonstrate negligence for not mitigating known threats.  For two years the problems have been identified and discussed; let’s hope it doesn’t take another two years to start actually coming up with solutions.

This is a guest post by Emilio Iasiello

The post What Cyber Malfeasance Will Rear Its Ugly Head in the 2018 Midterm Elections? appeared first on CyberDB.

State Actor Cyber Reports Overshadow the Extensive Threat of Cyber Crime

There has been recent focus on alleged Iran cyber activity the past few weeks, spurned on by the publication of a vendor report on Iranian operations.  Per the vendor’s findings, not only was Iran likely behind the activity that was targeting government and private sector in the Middle East, it was implementing National Security Agency exploits that were stolen and dumped into the public domain by the Shadow Brokers group in April 2017.  As recently as late August 2018, Iran is suspected of trying to launch influence operations ahead of the midterm elections.  The conclusion is that Iran is increasingly using asymmetric attacks, particularly via cyberspace, as part of its tool box to conduct retaliatory attacks.

The new reporting comes at a time when Russia’s cyber malfeasance has largely dominated the press, due to its influence operations efforts and election shenanigans, not just in the United States but in other countries as well.  Prior to the Russia focus, North Korea was the focal point with its suspected cyber activities targeting cryptocurrency, and the SWIFT banking transactions before that.  Iran was propelled onto the scene with Operation Ababil

DDoS attacks against U.S. banks, as well as its suspected involvement in the wiper malware incident against Saudi AramcoSome consider Iran a powerful cyber nation on par or close to it to China and Russia.  Others, maintain that Iranian actors are much less sophisticated, preferring to implement “tried-and true tactics while targeting many individuals.”  China initially led the state-led cyber espionage activity, which largely was curbed against the United States once the “no hack” pact was agreed to in 2015.

There seems to be a perpetual “revolving door” of news-cycle focus on suspected state activity, with new reports reporting on hostile espionage and exploitation occurring against global targets.  The purpose of these appears to track the latest and greatest escapades of these governments using – in most cases – publicly available tools and exploits that are publicly accessible (see Shadow Brokers above) and using vectors that for the most part are routine for any hostile cyber actor (certainly, if a state actor is “sophisticated”, the intimation is that the activity hasn’t been detected as of yet, or the sophisticated tools/exploits haven’t been implemented yet).

Between the ongoing stories of adversarial state activity as aforementioned above and news of smaller nations looking to acquire offensive cyber capabilities, all indications are that media and vendor reporting will continue to push the “hostile state actor as monolith” narrative into the public eye.  Yet, like the saying goes, “if everything is important, nothing is important,” which rings with authenticity with regards to state cyber activity.  Actual activity or incidents that threaten to disrupt, destroy, degrade, deny, or manipulate data systems or the data resident on them deserve to be pushed to the forefront as they potentially impact everyone at all levels.

But theft of intellectual property and state secrets affect a minority, and rarely if ever will impact everyday citizens.  Such vigorous scrutiny and analysis of suspected state activity should apply to the cyber crime ecosystem whose nefarious endeavors directly impact the global population.  And while there are isolated incidents of law enforcement efforts arresting groups and individuals or taking down marketplaces, this has failed to put a dent into a global industry that was cited as the second most reported economic crime, according to a 2017 report by the same vendor.

This needs to change and it would be welcome to see such vendors with a wide and deep visibility into the cyber threat space to uncover some of the more “sophisticated” state actors, to apply that precision against a threat intent on exploiting everyone on the planet.  Some of the more notable breaches have exposed a high volume of individual data:

2013/14         Yahoo                                                 3 Billion Accounts

2016               Adult Friend Finder                          412 Million Accounts

2014               eBay                                                    145 Million Users

2017               Equifax                                               143 Million User

2008               Heartland Payment Systems            134 Million credit cards

One thing is clear – cyber criminals have proven to be as sophisticated and resourceful as state actors, often times using the same tools and techniques.  The fact that this category of cyber actor is not as robustly tracked, and information shared directly to the appropriate authorities is disappointing.

 

This is a guest post by Emilio Iasiello

The post State Actor Cyber Reports Overshadow the Extensive Threat of Cyber Crime appeared first on CyberDB.

Is the Space Force Necessary? If Done Correctly, Yes

Space Force picture, an independent military branch by 2020.  The move is designed to counter the weapons that China and Russia have already developed that threaten U.S. satellites.  The U.S. Vice President quickly assured that the force did not and would not be created from the ground up, but would leverage the personnel and material resources already existing in the service elements.  The goal is to streamline efforts and maximize efficiency, a noble endeavor given the difficulties that invariable arise when mission responsibilities traverse and overlap so many different organizations.

 

The protection of U.S. civilian and military space assets are considered a national security concern.  In December 2017, U.S. Department of Defense officials expressed concern that the United States’ anti-satellite capabilities were not up to par as some of its adversaries.  In contrast, adversary adoption of anti-satellite weapons been documented in the news.  In April 2018, a report detailing global counterspace capabilities (that include direct ascent weapons, co-orbital, directed energy, electronic warfare, and cyber warfare) underscores how adversarial nations are actively pursuing the development of such weapons and the threat that they pose to U.S. space interests.  The report reveals that such investment by these states started in the mid-2000s.

Take into consideration the Global Positioning System (GPS).  A break-through technology has caused perhaps an over-reliance on GPS to our detriment.  The military and civilian sectors rely on satellites for a variety of purposes that support communication, navigation, weather, tracking movement, precision weapon deployment, and the conducting of surreptitious surveillance.

 

Unsurprisingly, there is much criticism being applied to the force.  Some see the Space Force as a frivolous symbolic demonstration of U.S. power; others see the capability already existing in the Air Force’s Space Command; and still others stress the need for a cyber force instead (even after the elevation of U.S. Cyber Command to a fully functional combatant command).  What all of these criticisms have in common is that they don’t see the need for organizing U.S. space capabilities to better prepare for the threats that exist now, or more importantly, those that are coming down the road.  This sort of thinking has traditionally impacted readiness in terrorism and cyberspace.

 

Having aggressive acts move to space should not come as a surprise to the doubters.  Few thought that cyberspace would be exploited to the degree that it is now, as evidenced by how advancements in IT has evolved without security considerations being built into the technology.  And now our reality is to perpetually play catch-up in security our cyber postures, an endeavor seemingly so insurmountable that there is increasing preference to commit to using offensive cyber activity as a first line of defense and as a deterrent.  It is obvious that no one prepared well for how cyberspace could and did evolve.

 

Now apply that school of thought to space.  As states continue to develop counterspace capabilities, is it really so foolhardy to aggressively position the United States with a dedicated body to monitor and track current and future threats?  It took Cyber Command nearly a decade to become operational and staffed, truly cringe-worthy considering the speed with which attacks happen in the digital domain.  Would we want to repeat the same mistakes with space?

 

A Space Force needs to be established in the right way.  Thus far, as evidenced in the remarks made by the Vice President, consolidation and developing specific and non-overlapping roles and responsibilities is essential to ensuring that mission objectives are clear and how multiple parts work together to ensure that every goal is met.  Current stakeholders must all be brought under one roof.  There can’t be a space-dedicated office or entity in every major government body.

Anything short of that risks making another unnecessary bureaucratic entity in an over-bloated ecosystem.

 

Moreover, establishing a Space Force sends a message to our enterprising adversaries that demonstrates U.S. resolve not to be caught behind the proverbial eight-ball again.  The U.S. has the capability, material/financial/personnel resources to ensure its right to operate in space without interference.  That is important especially in the context of Russian election meddling, troll farms, and suspected Russian hacking critical infrastructures.  Critics have pointed out that the U.S. has not done enough in cyber space to demonstrate our resolve in not allowing unacceptable behavior to transpire.

 

But the U.S. doesn’t necessarily have to kinetically or non-kinetically strike an adversary to make the intended outcome.  The White House may benefit by taking a play from former U.S. President Ronald Reagan.  In the height of its nuclear arms race with the Soviets in the 1980s, the United States embarked on developing its Strategic Defense Initiative – the “Star Wars” missile defense program.  Star Wars was designed to protect the United States from attack by ballistic strategic nuclear weapons.  Competition to keep up with the United States proved too difficult, forcing Russia to offer to shrink its nuclear arsenal in exchange or Star Wars’ cancellation.

 

Is this the game plan now?  Perhaps.  The U.S. economy is strong while Russia’s has been stagnant and China’s is cooling as investment growth hits a record low.  Or it could just be the United States planning for the future.  Either way, a gambit is being played.  And now that the Space Force is official, the players are taking notice trying to figure out their next move.

This is a guest post by Emilio Iasiello

The post Is the Space Force Necessary? If Done Correctly, Yes appeared first on CyberDB.

A Letter to President Donald Trump regarding Global and Cyber Security

Dear President Trump,

Hello. As President of Paramount Defenses, I pen this letter most respectfully to you, the President of our Great United States.

First off, I should mention that I write neither as a Republican, nor as a Democrat, but as a fellow patriotic American citizen and a cyber security specialist, because I care, and that my desire to do so publicly is inspired by how much you Sir share publicly, and that this most respectful letter is in light of your tweet about discussing the creation of a Cyber Security Unit with Russia.

I'll do my best to keep this VERY simple.



Top-5 Global Security Risks

As President of the United States, you're likely aware of the Top-5 risks to not just America, but to the entire world today -


1. The Risk of the Use of a WMD / Nuclear War
2. The Risk of Earth's Demise, posed by Climate Change
3. The Risk of Terrorism, posed by Terror Groups Worldwide
4. The Risk of the Decline of American Leadership in the World
5. The Risk of Swift and Colossal Damage, posed by Cyber Threats

I am by no means an expert on global security, but common sense suggest that risks 1 and 2 above would be catastrophic to all of mankind, risk 3 could pose a serious threat to life and property, and that risk 4 could increase the likelihood of risks 1, 2 & 3.

As for risk 5, I do happen to know one vital area of cyber security decently well, so I'll share just a few thoughts about it, but first, I did want to take a moment to talk about risk 4 because it potentially impacts the lives of 7,000,000,000+ people worldwide.




The Importance of American Leadership

Mr. Trump, as President of the United States, you are the most powerful and influential person in the world, and most people would take such GREAT responsibility VERY seriously, since their actions and decisions could save or destroy the world.


Sir, the elections are over. You won. You are the President of the United States, and it is time to let the talking be, and start working to make America great again. This isn't reality TV, this is real life, and its a billion times more significant and serious.

If I were the President of the United States, and I deeply cared about making America great again, I likely wouldn't have a moment to watch TV, Tweet or Golf. I'd be working harder than the hardest American to make America greater and safer.

(If I may momentarily digress. speaking of making America great again, while there likely may certainly be much to be done to restore its greatness, we owe it to our future generations to do so without polluting or endangering our precious environment.)

Today more than ever, we live in a precarious, highly-connected and inter-dependent world, and the world needs strong, mature and steady American leadership to amicably address so many important and complicated issues, such as those listed above.

Speaking of which, I'd like to share a few thoughts on risk 5, the risk of swift and colossal damage posed by Cyber Threats, but before I do so, again, I'd request you to please take a few moments to comprehend the profound importance, seriousness and significance of both, the position bestowed upon you by the American people, as well as (of) the challenges that you, Sir, today have the unique privilege and responsibility of addressing for both America and the world that America is inextricably a part of.

[ Hopefully you see that the reality is that since America is inextricably a part of the world, what happens out in the world could impact us substantially, so to make America great(er and safer) again, we must maintain American leadership in the world. ]





The Cyber Risk

Mr. President, to put it most simply, Cyber Security is the Achilles' Heel of developed nations today, because over the last few decades, our reliance on computer systems and networks has increased substantially (exponentially), and sadly within them exist many systemic and component specific deficiencies (vulnerabilities) which can be exploited to inflict colossal harm.


(This risk is actually addressable, and what the world needs is a White Knight so we have a trustworthy foundation to operate on, but and until we get there i.e. until the world has such a defensive shield in place to rely on, we all have reality to deal with.)

Consequently, today from our governments to our energy grids, from our defense systems to our transportation systems, and from our banks to our industries (i.e. a nation's business organizations), literally everything is exposed to varying levels of risk.

It is thus hardly surprising that today cyber security is one of the most important challenges the world faces, an assertion best evidenced by the fact that Russia's purported cyber interference in the 2016 American elections, remains a contentious issue.


Speaking of which, while the U.S and in fact all countries and, ideally all business organizations, should certainly bolster their cyber defenses, establishing a Cyber Security Unit with the Russians might NOT be such a good idea, as also voiced by 1, 23.

By the way, those who truly understand cyber security know that there is no such thing as an "impenetrable cyber security unit".

A quick digression. Yes, indeed the Russians are very good at cyber security and likely at hacking, and they're persistent, but they're not the only ones out there trying to hack our agencies and companies, and they don't always succeed. But, I digress.


Mr. President, you may likely already have some of the world's best inputs and advice when it comes to cyber security, so I'd just like to share paramount cyber security insight with you - Trillion-Dollar Cyber Security Insight for President Donald Trump.


Mr. President, as I put my pen down, I'll only add that of the risks listed above, in the near-term, the Cyber Risk may be 2nd only to the Nuclear Risk, because its realistic probability of occurrence is substantially higher, and its potential for damage, colossal.


Mr. Trump, you have a historic opportunity to SERVE the American People, and define your legacy - its yours to embrace or squander.

Respectfully,
Sanjay.

Trillion-Dollar Cyber Security Insight for President Donald Trump

Dear Mr. Trump,

Hello. I'm Sanjay, President of Paramount Defenses. I just wanted to congratulate you on your historic win, wish you success, as did President Obama, and share VALUABLE cyber security insight that could be VITAL to your administration's success.

Before I get to it, I should mention that I write neither as a Republican, nor as a Democrat, but as a fellow patriotic U.S. citizen and a cyber security professional, and that my desire to do so publicly has been inspired by how much you Sir share publicly. Given the sheer impact of our important work across America and the world today, we are a 100% non-partisan organization.

One quick vital point - regarding all the talk of Russian hacking to influence the U.S. election, while Russia and possibly others may certainly have tried to influence it, professionally speaking i.e. as a cyber security practioner, in the grand scheme of things, it matters not as to who is trying to hack us, as much as it does that we protect ourselves from being hacked, so from that angle you're likely right that the DNC should have adequately defended itself. You see, once an entity is hacked, at that very moment the damage is done, because their data is now in someone else's hands, and the entity no longer has any control over what the perpetrators do with it. In fairness, one should also add that if indeed Russia did hack the RNC as well, but chose not to divulge their data, then reasonably speaking, that would have amounted to what is being called "an attempt to influence an election."


That said, Mr. Trump, hopefully you'll agree that given our sheer reliance and dependence on computers and technology, the success of your Presidency and your administration will GREATLY depend on the cyber security of our government agencies.

Attribution: Mr.. Trump's photo: Michael Vadon >

In that regard, I thought you should know that at the very foundation of cyber security of our entire U.S. Government (i.e. 600+ federal agencies) lies a single technology, Microsoft Active Directory, the cyber defense of which is paramount to our security.

You may or may not know this yet, but the White House, the U.S. Capitol, all our intelligence agencies, and virtually all our departments (e.g. Defense, State, Justice, Energy, Labor, Interior, Veterans Affairs etc.) all operate on Active Directory.

By the way, I must mention that none of this is classified information. This is all public knowledge. I just happen to know it first hand because I'm former Microsoft Program Manager for Active Directory Security, i.e. a "deep in the trenches" technical guy who possibly knows more about Active Directory security than most people on the planet. (I also happen to be an innovative American entrepreneur who built possibly the world's most relevant and important cyber security company, from the ground up.)

In fact, Active Directory is at the very foundation of cyber security of 85+% of all government and business organizations world-wide (The Americas, Europe, Asia, etc.) including at the foundation of virtually all of the tech companies whose CEOs recently visited you i.e. Microsoft, Amazon, Alphabet, IBM, Intel, Facebook, Tesla etc., as well as a little cyber company called Palantir.

It is very likely that thousands of business and government organizations in Russia too might be operating on Active Directory.

Sir, in all likelihood, the Trump Organization may also be operating on Active Directory. (Your IT folks could verify that for you.)


Mr. Trump, our cyber intelligence indicates that the foundational Active Directory deployments of most organizations worldwide may currently be exposed to an alarmingly vast attack surface, and thus may possibly be rather easily compromisable today.

The specific cyber security risk that most of them are all likely exposed to today is succinctly described in The Paramount Brief -


Password (case-sensitive): AreWeReallySecure?


If you're short on time, here's a very brief summary -
In every network powered by Active Directory, all administrative accounts i.e. the accounts of the individuals that possess the "Keys to the Kingdom" lie within Active Directory. It is a well known fact that if a perpetrator can compromise ANY one of these accounts, he/she could easily access and control everything. Thus, in every organization, ideally the number of such powerful accounts must be at an absolute bare minimum.
Unfortunately, in most organizations today, not only are there a HUGE number of privileged user accounts in Active Directory, NO ONE really knows exactly who they are and what power they possess. In other words, most organizations seem to be operating in the proverbial dark, & if breached, could likely be compromised in minutes.
In essence, a huge, unknown number of highly prized privileged accounts in Active Directory constitute a vast attack surface, and the compromise of any one of them would be tantamount to a system-wide compromise. 

In our professional opinion, this poses a major cyber security risk globally, especially considering the statistics, i.e. 100% of all major recently cyber security breaches involved the compromise of a single (i.e. just 1) Active Directory privileged user account.

From our side, we can certainly (and uniquely) help organizations worldwide precisely identify and reduce their attack surface, as well as empower them to mitigate this serious risk, swiftly and cost-efficiently, but we do need them to understand it first.


I must also mention with due respect to the likes of Peter Thiel, Alex Karp, Ted Schlein & others, I doubt they're familiar with this specific risk or understand the depth of its magnitude, because this is one of those you have to be "deep in the trenches" to get.

Speaking of which, in 2016, we had directly informed the CEOs of most of the world's Top 200 companies (including most of the tech CEOs that came and met you at the Trump Tower), as well as all appropriate officials at most federal and state agencies about this risk to the foundational Active Directory deployments of their organizations; they all received The Paramount Brief.

Our intelligence further indicates that as a result, many of these organizations started to look at the security of their foundational Active Directory deployments for the first time ever. While some may have started bolstering their cyber defenses, sadly, many of these organizations likely continue to remain vulnerable, especially considering how easy it is to compromise them today.

For instance, if an intruder could breach their network (and Microsoft suggests that organizations assume breach ) in many cases, he/she could just deploy Mimikatz DCSync to instantly 0wn them. (Alex/Peter should be able to explain this to you.)

Fortunately the solutions required to swiftly, effectively and cost-effectively help all impacted organizations mitigate this critical risk exist today (e.g. 1,2). However, we're finding that many organizations do not even seem to know about this risk.

We worry that unless certain basic and fundamental cyber security measures are enacted quickly, many of our government and business organizations, as well as those of our allies worldwide, will likely remain vulnerable to cyber attacks in the near future.

From our side, we're doing what we can to educate and safeguard organizations worldwide, but much more needs to be done, and quickly so. Its in that regard that your intentions give many of us in cyber security, as well as the American people, hope...



Making America Great(er and Safer) Again

In addition to making America greater, we must also make (not only) America (but also our allies) safer, not only from physical threats but also from cyber threats. In fact, given our HUGE reliance on technology, and considering how easy it is to launch a cyber attack, the cyber threat may pose a far greater threat to our national security and prosperity than do physical threats.

I've read that it is your intention to appoint a team to combat cyber attacks within 90 days of taking office. That (in your parlance) sounds WONDERFUL. I commend you for this initiative. Indeed, it is imperative and in fact paramount that we do everything we can to safeguard and adequately defend our government and business organizations from being taken out by cyber attacks.


If I had to offer some unsolicited advice, I'd suggest that one of the most important measures one could enact is Attack Surface Reduction. Simply put, the smaller one's attack surface is, the better one's chances of being able to adequately defend it.

For instance, it is so much easier to protect a building that only has one entrance than it is to protect one that has 20 entrances, and where only a few security guards have the master keys to the building, than one wherein who knows how many have them.

That's why, considering the statistics i.e. the fact that 100% of all major recent cyber security breaches involved the compromise of a single (i.e. just 1) Active Directory privileged user account, reducing the number of users that have privileged access within Active Directory to a bare minimum, then adequately protecting them, must be one of the top priorities for all organizations.

Sir, in short, provably secure (least-privileged access adherent) foundational Active Directory deployments at all our federal government agencies and at all business organizations they rely on, are likely going to be vital to your administration's success.

(As you'll likely agree, this isn't rocket science; it's common sense. If a government agency is compromised (e.g. OPM Breach), assets or initiatives it might be working on could be in jeopardy. Similarly, if a business organization (e.g. a Defense Contractor, a Builder etc.) that the government relies on for its various initiatives is compromised, those initiatives could be in jeopardy.)


Thank you, and Best Wishes

In closing, thank you for your time, congrats on your bigly win and good luck as you get ready to serve the American people.

The American people have entrusted you with the great responsibility of leading our great nation, as well as the might of American power, and they're looking to you to make their lives better and to make America greater and safer again.

In God We Trust, so wish you God Speed in your efforts to fulfill your promises to make America great(er and safer) again.

Most Respectfully,
Sanjay


PS: At Paramount Defenses, because we understand the paramount importance of cyber security to the business and national security interests of the United States and those of our allies, we care deeply about cyber security and we take it very seriously.