Tag Archives: FBI

Commentary—The Invitation You Don’t Want

Do you know that, if you care to, you can log on to Amazon and, in addition to purchasing your groceries, you can obtain: “The Hacker Playbook—A Practical Guide to Penetration”. Then I stumbled onto an article that described an incredible, worldwide cyber-attack, and realized I know minus zero about cyberspace security or even hacking. I can tell you what hacking causes because almost everyone I know has had their e-mail hacked at one time or another.

How awkward and uncomfortable I felt writing a security-bent Commentary, as I was preparing to purchase a new computer and moving at the same time. My learning curve took a dramatic turn that brought me to a slew of wonderful articles and reports that opened a new world of understanding and, above all else, caution and continuing concern.

In one extensive report, I learned that last year (2017) there was cyberattack on a power grid in the United States, and even though it was horrific in scope and import, it drifted by unnoticed by most of the people I know. It has been claimed that there are those who beyond mere curiosity but with criminal intent, have the ability to shut down all our generated power and throw us into total darkness. And by that I do not mean just the lights in your home but to affect our all aspects of our being from individual and national finance to healthcare and cooking dinner to our basic forms of daily transportation.

The scope of the breach, first reported by the cybersecurity company Symantec in September 2017, revealed much about the way these attacks work. So much was revealed in its report, that the U.S. government turned it into a high valued investigation that produced a 16 page document. A team of cyber specialists from the Department of Homeland Security and Federal Bureau of Investigation placed the hackers’ tradecraft under its investigatory microscope and then disseminated its findings in the hope that the information would help prevent similar attacks – and keep this one attack from generating further chaos.

Experts say cyberspace communication is at a crucially vulnerable time in an age when hackers, whether motivated by disruption or bent on conducting wide scale cyber warfare, are constantly finding ways to infiltrate, corrupt and weaponize whatever touches the internet – often bit by bit. As I type this page I suddenly wonder is there someone looking-in that I am unaware of and what will they do with the information learned.

“It’s important to raise awareness,” said Mark Orlando, chief technology officer for cyber services at Raytheon. “…. details, if taken by themselves, might not seem that impactful. When presented with the entire story, we can see it was part of a larger, sustained campaign, potentially causing a lot of damage.”

The prospective for that type of damage is sweeping, said Constance Douris, who studies cybersecurity for the Lexington Institute, a Washington, D.C. think tank that focuses on defense. She said hacking the power grid is essentially a newer way of attacking a traditional military target. Understand that a power grid is not merely a power vehicle for our individual and business life but constitutes a prime military target by any adversary.

“Everyone understands cyber is important, but they don’t quite understand why it needs to be protected,” she said. “Hospitals, banks, pipelines, military bases – all of these cannot operate without electricity. Protecting the grid from cyberattacks should not be neglected by any means.” Clearly, this is an understatement. Our cyberspace integrity is “crucial” to our national and individual wellbeing. It can be utilized as a silent massive attack against the United States. It is not as dramatic as three planes flying into well-known buildings but clearly and potentially more deadly.

Here’s how the cyber experts broke down the “work” of the hacker – and how businesses and by extension, individuals can protect themselves.

Hackers have the learned that the shortest distance between two points is not necessarily a straight line—thus instead of attacking the largest target (who are, by necessity and self-preservation on the alert) the hacker works his or her way through the “smaller, less secure companies” and networks. Jumping from one network to another and moving to larger networks one at a time. One of the attackers’ main strategies is to divide targets into groups. As one security expert put it: each of us must “manager our own systems and being as vigilant as you can.” And we have read in the press that the hacker can use misleading emails that will deliver malware right into your computer. Be careful of what mail you open, especially if you do not recognize the sender. The hacker knows who they are targeting by collecting as much information and intelligence that is available, so that the email received by the target is both reasonable and believable and therefore more likely to be opened. I recieve emails all the time from institutions with whom I have some business or professional relationship asking me to update information that they should not be requesting. I don’t open those messages. I receive telephone calls from people with far-east accents who tell me that I am having a problem with my computer and they can rectify the issue with a small payment and to allow them access to my computer.

Another method of crawling into your computer with malware is to corrupt a site that you visit often. When you log into that site which has been “altered to contain and reference malicious content,” the government investigation found that you will then be infected with the planted malware. Some refer to these sites as “watering-holes” where the malicious malware codes at planted. Common places are the information sites you generally turn to on a regular basis. As one person said to me: “You can catch a lot of fish that way.” Another method is by stealing the identity of an important member/employee of a target including their usernames and passwords. Here again that is usually accomplished through tricking that person with a false login page of an often utilized site.

The Department of Homeland Security and FBI uncovered yet another method of invading your computer: The hacker sends a document to its target, but it is sent in a manner in which it cannot be downloaded. The bait is to then to inform the target: “if you are having problems downloading this document”, to click “having trouble” — which takes the target to the program that contains the malware. Cleaver and destructive.

If your i-pad and i-phone are connected to your computer they are all invitations to the hacker to invade your world. Cancel those “invitations” with heightened awareness that “anyone” could be a target—anyone. And the results of those invitations can be catastrophic.

Richard Allan

The Editor

 

 

 

.

 

Comment: Terrorism and Coups

Terrorism and Coups

On the morning of Bastille Day (July 14th) I sat in a meeting with our children and wanted to complain that instead of bottled water on the conference table there should have been champagne in celebration of the French holiday. We are not French; I am a Francophile. By the end of the day the celebration and fireworks turned horrific and deadly — not in Paris but on the idyllic coast of the Mediterranean Sea in Nice. And, days later there was an attempted coup in Turkey. Unlike early commentators, to me this was not unexpected if you had studied the last months of the present regime and its ever increasing curtailment of anything resembling democratic rights and open voices. But more of that later.

These two incidents – terrorism in one country and the violation of civil rights in another– while in some instances are not related, do form a scenario. They provide us with a picture that the world is becoming edgier, angrier and employing extreme violence as a mode of expression. Years ago I would write that I fear for my children. Now I am much more concerned with the life my grandchildren will face. I am not optimistic.

A boyhood friend of mine, and no friend of Obama, believes the President is a failure when it comes to our national security. He asks in an accusatory tone: “Why hasn’t he stopped terrorism? And usually follows that with: you’re the expert; what should we do? In a New York Times op-ed article some days ago, the author, a former F.B.I special agent, writes that when “the Islamic State and Al Qaeda are finally defeated” we can prevent the next attack.

Two thoughts come to mind: Both my friend and the former FBI agent are denying reality, and equally important, ignore history and a world that has changed drastically in the last twenty-five years.

Terrorism has been with us for more than multiple decades, well before any present day mid-East conflicts, civilian revolutions and revolts in multiple countries across the globe and before the “dreaded” creation of the State of Israel. Terrorism and its operations are not new. The only thing that is new is their message, methods of operation and their targets.

Technology and history bring new methods, new goals and objectives and different issues. From the terrorist who initiated the fight against the Russian monarch in 1917 to today, there is a long list of terrorist groups around the world each holding a different banner and ideology.

So let us stop all the finger pointing, hype and chest thumping and false promising and understand the basic fact: No country can stop either the scope or depth of terrorism. Terrorism is a fact of life. To think otherwise is foolish and dangerous. The best we can accomplish is to interdict any attempt at its inception or to blunt its impact. You cannot wish terrorism away. You cannot legislate it away. You cannot bomb it away.

Most of us are locked in a memory curve of the past — attempting to understand the present. And this is true regardless of one’s age. I used a typewriter when I was twenty years old and it took me fifteen hours to fly to Paris; my grandsons use the most advanced forms of communication and fly around the world without thought of distance or time.

Notwithstanding Mr. Trump’s claims, we cannot control what occurs beyond our boarder, even as those events have a direct effect upon our lives. We cannot control the quiet, lonely, angry person who seeks any cause to elevate their psyche; we cannot control the small groups of people within the U.S. who feel the government conspires against their individual rights; we cannot regulate the fear or stupidity of those who need an AK45 to protect their home and, last, we cannot build a wall around our apartment and grow tomatoes in our window boxes to sustain ourselves.

What occurred in Nice was shocking only because it occurred in an unexpected place. But that is where the lone terrorist lived, and his anger evolved. What occurred in Paris earlier in the year was not shocking because that City, as is New York and London, is a natural “target” for any terrorist. By their very nature they invite the terrorist to demonstrate their skills.

What is playing out in Turkey is not unexpected. Not terrorism but because what might have started out as a democratic election process that elected its President he has turned that nation into a budding dictatorship that is stifling all forms of civil rights and dissent. It ceased being a democratic country after its most recent election and after its president began his dismantling of its democratic structures. When it comes to silencing the press, Turkey lands third place after Russia. In the latest move, after the mid-level military coup was brought to heel, the government has arrested 6000 people. You need a stadium to contain that many people and under what conditions?  President Erdogan’s swift roundup of judges and prosecutors (along with nearly 3,000 military plotters) after the failed coup indicated to the EU commissioner reviewing Turkey’s bid to membership that the government had a prepared a roundup list prior to the upheaval.

And the president of Turkey now publically demanded that U.S. merely “handover” a cleric who resides in the United States and, who he “believes” instigated the attempted coup. And Erdogan would like to bring back the death penalty. The failed, poorly executed coup will only lead to greater authoritarian control with the autocratic President Erdogan pushing his nation to a more Islamist position both locally and internationally.

Today, Turkey is an ally of convenience, because we need to have an airbase on its territory as close as possible to launching our air-strikes against ISIS. Our relations with that country will begin to slide toward its negative side with the failed coup. Last evening, one expert told me that he believes Erdogan orchestrated the failed coup to gain greater control of his country in the guise of attempting to protect his country in a state of a national emergency. You can be sure that greater reins will evolve and be imposed with the crushing of the coup and the massive arrest of suspects.

Obama cannot stop “Terrorism”, and Trump cannot seal us off from the rest of the world, because there are persons born within this Country who will commit acts of violence to express their anger. We, as a nation, cannot dictate the rule of law in other sovereign states. We can support the attempt at true democratic rule, we can’t impose it. But we must act honestly. As the Turkish coup initially unfolded, there were American diplomats who referred to Turkey as a democratic country. Clearly, today and the day before the failed coup it was not. And it will not be for the foreseeable future.

The inquiry then facing all sides to this conversation– from the time of the French Revolution until today: Who are we attempting to protect– the state or the individual? And my response is: wrong question! The question is how are we to protect both the state and the individual simultaneously in response to threats and acts of terrorism or infringements upon our individual civil rights. There is a method to balance the integrity of each without the usual cries of “slippery slope” legislation. [Terrorism: Pragmatic International Deterrence and Cooperation. Institute for East-West Security Studies, Occasional Paper Series #19, 1990] The ideas proposed in an important section of that paper are pragmatic and possible. They require only the will of Congress to enact them.

If there is one clear lesson today, and clearly it has not been learned, the death of one violent movement (and this is true in all countries) does not put an end to all violence but often inspires a successor that is more often much deadlier.

Richard Allan

The editor