NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.

 

In this issue — January 9, 2019

  • NCSC Starts Campaign to Help Industry Fight Foreign State Threats
  • Germany Sought NSA Help After Breach Exposed Lawmakers' Data
  • U.S. Warns Americans Against China Travel Due to Risk of Detention
  • Bipartisan Bill Seeks to Toughen Approach to China
  • Outgoing Congressman: 9/11 Memorial Vulnerable to Terrorism
  • Ohio Couple Charged In Terrorism Investigation Now Accused Of Plotting Attack
  • American Detained in Russia Is Charged With Espionage
  • FBI Investigating Fake Texts Sent to GOP House Members
  • The FBI is Trying Amazon’s Facial-Recognition Software
  • FBI Says Media Leaks Spurred Creation of Special Counter-Intel Unit
  • Hacking Group Threatens To Leak Sensitive 9/11 Documents 


NCSC Starts Campaign to Help Industry Fight Foreign State Threats (Bleeping Computer, 1/7/19)
 
The National Counterintelligence and Security Center has started to distribute informative materials, ranging from brochures to videos, to privately held companies around the country promoting increased awareness of rising cybersecurity threats from nation-state actors.  "Make no mistake, American companies are squarely in the cross-hairs of well-financed nation-state actors, who are routinely breaching private sector networks, stealing proprietary data, and compromising supply chains," stated NCSC Director William Evanina.
 
Evanina also said that "The attacks are persistent, aggressive, and cost our nation jobs, economic advantage, and hundreds of billions of dollars."  The campaign provides detailed info on the growing threat from foreign hackers.  NCSC is an Office of the Director of National Intelligence center, and it is designed to provide counterintelligence and security expertise in several areas, ranging from insider threat and supply-chain risk management to personnel security.  To fight the growing threat, NCSC decided to provide the U.S. private sector with the information it needs to understand and defend against cyber intrusions initiated by foreign governments. More

Note: Bill Evanina will be a featured speaker at the upcoming NSI IMPACT ’19 Forum on April 15-17 at the Westfields Marriott in Chantilly, VA.  He will discuss the growing threat from nation state hackers and spies along with recommended security countermeasures.  For more information, go to https://www.nsi.org/impact-2019.html


Germany Sought NSA Help After Breach Exposed Lawmakers' Data (Cyber Scoop, 1/7/19)
 
German security officials contacted the National Security Agency following a data breach that resulted in private data about many German politicians, including Chancellor Angela Merkel, being publicly published, according to German media outlets.  Germany sought help from the NSA after a Twitter account began distributing phone numbers, addressees, chat histories, and vacation photos belonging to politicians, journalists and celebrities.  Germany asked the NSA to pressure Twitter to shut down accounts that were spreading the hacked information, arguing the NSA had jurisdiction because some U.S. citizens also had their information exposed in the data dump.
 
The stolen data originated with a Twitter account called @_0rbit, which opened in mid-2017 and claimed to be based in Hamburg.  The user described his or her activities as “security researching,” “satire and irony” and “artist.”  Twitter suspended the account by Friday, telling media the company acted as soon as it was notified. More


U.S. Warns Americans Against China Travel Due to Risk of Detention (Fortune, 1/5/18)
 
The U.S. last week said China coercively prevents U.S. citizens, including dual U.S.- Chinese nationals, from exiting the country in an updated travel advisory.  The State Department’s warning follows China’s actions in recent months to prohibit visitors with U.S. passports from leaving the country for a variety of reasons.  This includes effectively banning members of a family from China to lure a relative back to the country. 
 
China’s relations with the U.S. and with Canada deteriorated following the arrest in Vancouver, British Columbia, of a top executive with Huawei, a leading Chinese electronics and telecom firm, on a U.S. warrant.  American officials said Meng Wanzhou violated U.S. sanctions on trade with Iran by misleading American financial institutions into facilitating the deals.  China has no prohibition on commerce with Iran. More


Bipartisan Bill Seeks to Toughen Approach to China (Politico, 1/4/19)
 
A bipartisan pair of Senate lawmakers proposed legislation last week to compel the Trump administration to take a stronger stance against digital and technological threats from countries such as China.  The bill from Sen. Mark Warner (D-Va.), the top Democrat on the Senate Intelligence Committee, and Sen. Marco Rubio (R-Fla.), who also serves on the panel, is the latest sign of growing, bipartisan unease with President Donald Trump's attitude toward China and worries that national security concerns will be given short shrift as the White House pursues a trade deal with Beijing.
 
Those fears grew last month when Trump suggested that he might use the case of Meng Wanzhou, the CFO of Chinese tech giant Huawei who was arrested in Vancouver for violating US sanctions on Iran, as a bargaining chip in negotiations.  “It is clear that China is determined to use every tool in its arsenal to surpass the United States technologically and dominate us economically," Warner, a former tech executive, said in a statement. More

******************************************************************************************

How to Make Sure Your Employees Don’t Undermine Your Security Program in 2019

 Protecting classified and sensitive information depends more than ever on the human element of security — employees. They can either make or break your security program. The sad fact is, employees are still the weakest link in the security chain because they’re not trained to be security-conscious. An Ernst & Young study reveals that "security awareness programs at many organizations are weak, half-hearted and ineffectual." As a result, employees ignore them.

Now you can gain visibility and buy-in for your security program with the EMPLOYEE SECURITY CONNECTION – the proven security awareness solution exclusively for cleared defense contractors and government agencies.  To learn more about how this valuable resource can help motivate your employees to practice good security habits…help you achieve better inspection results…and satisfy a major NISPOM awareness requirement… please click on the following link: http://nsi.org/es-connection.html

******************************************************************************************

Outgoing Congressman: 9/11 Memorial Vulnerable to Terrorism (Fox News, 1/5/19)
 
The outgoing New Jersey congressman who sponsored a bill to funnel $25 million a year to 9/11 memorials says the money should make the World Trade Center site less vulnerable to attack.  “That whole area is very open,” Thomas MacArthur said of the space around the National September 11 Memorial & Museum in lower Manhattan.  “Anybody could walk in there with a bomb strapped to their back and cause untold death and destruction.”
 
MacArthur, who first sponsored the 9/11 Memorial Act four years ago, said he’s fought for the measure to protect the sacred site where twin pools honor the 2,977 people killed in the Sept. 11, 2001, terror attacks.  “The 9/11 site has always been a target and New York City has enormous symbolic value for people who hate our country,” he said.  Congress passed the bill last month by a vote of 371-3, and President Trump signed it into law last week.  But some 9/11 family members fear the funds will subsidize the salaries of the private nonprofit foundation that runs the Ground Zero memorial and museum. More


Ohio Couple Charged In Terrorism Investigation Now Accused Of Plotting Attack (KDKA, 1/4/19)

Federal prosecutors say an Ohio couple charged last month in a terrorism investigation is now accused of obtaining guns and explosives in a plot to kill others.  The Department of Justice last week announced the indictments that include conspiracy charges against the pair from Toledo.
 
Authorities in court documents filed in December said both Vincent Armstrong and his girlfriend, Elizabeth Lecron, had talked about carrying out violence and had bomb-making supplies and weapons inside their home.  Investigators also say the two traveled to Colorado in 2018 to see the site of the Columbine High School massacre.  Armstrong’s attorney says she has not yet reviewed the new charges, which include conspiracy to transport or receive guns and explosives.  Another Ohio man, 21-year-old Damon Joseph, was arrested in December for allegedly planning to attack an Ohio synagogue on behalf of ISIS. More


American Detained in Russia Is Charged With Espionage (WSJ, 1/4/18)
 
Russia charged an American citizen who is detained in Moscow with espionage and said he can be held for up to two months, Russian state media reported last week.  A lawyer for the detained American, Paul Whelan, asked a local court for his client to be released on bail, the official Russian news agency, TASS, quoted the lawyer as saying.  TASS and another agency, Interfax, cited sources involved in the investigation saying Whelan was charged and he would remain in custody until Feb. 28.
 
Russia didn’t disclose details of the charges.  Whelan, 48, of Novi, Michigan, was detained Dec. 28 by Russia’s main security agency while he was “carrying out spying activities,” the FSB said in a press release published on Dec. 31.  The agency provided no further details.  Whelan’s family has said he was traveling in the country for a wedding and denied he was involved in espionage.  The family would provide no further comments.  Whelan works as a security official at a Michigan auto supplier, but was on personal travel, his company said.
 More


FBI Investigating Fake Texts Sent to GOP House Members (WSJ.com, 1/4/19)

The Federal Bureau of Investigation is investigating fake text messages sent to some House Republican lawmakers from someone impersonating a top aide to Vice President Mike Pence, according to people familiar with the matter. Several House Republicans have received the texts, and at least one member has been repeatedly engaging with the imposter, who posed as Alyssa Farah, Mr. Pence’s press secretary and a former House staffer, one of the people said.

A person familiar with the fake texts said the messages sought the whereabouts of certain lawmakers and their availability for meetings. The White House is considering the fake texts to be a potential security threat, a White House official said. The fake number has been blocked from contacting White House phones, the official said. More


The FBI is Trying Amazon’s Facial-Recognition Software (NextGov, 1/3/19)
 
The FBI is piloting Amazon’s facial matching software—Amazon Rekognition— as a means to sift through mountains of video surveillance footage the agency routinely collects during investigations.  The pilot kicked off in early 2018 following a string of high-profile counterterrorism investigations that tested the limits of the FBI’s technological capabilities, according to FBI officials.  
 
For example, in the 2017 mass shooting in Las Vegas carried out by Stephen Paddock, the law enforcement agency collected a petabyte worth of data, much of it video from cellphones and surveillance cameras.  “We had agents and analysts, eight per shift, working 24/7 for three weeks going through the video footage of everywhere Stephen Paddock was the month leading up to him coming and doing the shooting,” said FBI Deputy Assistant Director for Counterterrorism Christine Halvorsen.  Halvorsen described how the FBI is using Amazon’s cloud platforms to carry out counterterrorism investigations.  She said Amazon Rekognition could have gone through the same trove of data from the Las Vegas shooting “in 24 hours”—or three weeks faster than it took human FBI agents to find every instance of Paddock’s face in the mountain of video.  More


FBI Says Media Leaks Spurred Creation of Special Counter-Intel Unit (Washington Times, 1/3/19)
 
Complex and increasingly common leaks of classified information caused the FBI’s counterintelligence division to create a new unit devoted to countering unauthorized disclosures, internal documents revealed last week.  Obtained under the Freedom of Information Act by The Young Turks, a progressive media outlet, the heavily redacted FBI files offered a rare but limited look at the anti-leaking unit established by the DOJ during the first year of President Trump’s administration.
 
“By law, the FBI is the lead federal agency responsible for the investigation of violations of the espionage laws of the United States,” reads the “Functions and Mission Statement” section of a document.  “The complicated nature of — and rapid growth in — unauthorized disclosure and media leak threats and investigations has necessitated the establishment of a new Unit.”  Classified as “secret” prior to being scrubbed of sensitive information, nearly the rest of the 5-page document was redacted before being released. More


Hacking Group Threatens To Leak Sensitive 9/11 Documents (Forbes, 1/2/19)

Notorious hacking group The Dark Overlord is threatening to leak what it claims are highly sensitive documents relating to the September 11, 2001 attacks.  It says it will publish the material capitalizing on various conspiracy theories around the 9/11 attacks unless its ransom demands are met.  According to reports, the group is claiming to have breached several insurers and legal firms, including Hiscox Syndicates Ltd, Lloyds of London, and Silverstein Properties.
 
The Dark Overlord said in an announcement: “When major incidents like the WTC 911 incident happen, part of the litigation must involve SSI (Sensitive Security Information) and SCI (Special Compartment Information) [sic] from the likes of the FBI, CIA, TSA, FAA, DOD, and others being introduced into evidence.  But of course this can't become public, for fear of compromising a nation's security, so they temporarily release these materials to the solicitor firms involved in the litigation with the strict demand they're destroyed after their use and that they remain highly protected and confidential to only be used behind closed doors.” More


Keep Getting This Newsletter

To ensure delivery to your inbox (not bulk or junk folders), please add NSI@nsi.org to your address book.

SUBSCRIBE: If you were sent this by a colleague and wish to subscribe to NSI's complementary Security NewsWatch e-newsletter, visit http://nsi.org/newsletter.html.

UNSUBSCRIBE:

Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy at http://nsi.org/newsletter.html

ADVERTISERS: For information about sponsoring this e-letter, contact sburns@nsi.org or call
508-533-9099.

NSI LogoNational Security Institute
165 Main Street, Suite 215
Medway, MA 02053
Tel: 508-533-9099
Fax: 508-507-3631
Internet: http://nsi.org

 

 

 

Impact 2019 Banner


Who's Worse:
Employees or Hackers?

Experts agree, well intentioned but careless employees pose just as much of a danger to your organization as faceless hackers on the outside. In fact, 95 percent of successful hack attacks or incidents are attributed to human error.

Learn how to mitigate the accidental insider threat and empower your employees to think securely with these valuable lessons:

  1. How to recognize and respond to social engineering attacks
  2. How to avoid spear-phishing and email scams
  3. How avoid becoming an easy target for hackers
  4. How to prevent human errors that cause security breaches
  5. How to protect sensitive data from hackers, spies and ID thieves

Learn More Button