NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.

View in Your Browser at https://nsi.org/Security_NewsWatch/NewsWatch/12.5.18.html

In this issue — December 5, 2018

  • Navy, Marine Corps Forced to Send Sensitive Info by Mail
  • Russian Hackers Allegedly Attacked Germany and the U.S. on Same Day
  • In New Mexico, 5 May Face Federal Terrorism Charges
  • Military: EMP Attack Could Wipe Out America, 'Democracy, World Order'
  • Sextortion Scam Run by Inmates Nets $560,000 from Service Members
  • Report: China Uses Economic Espionage, Theft to Grab U.S. Tech
  • Agencies Will Soon Have a ‘Cyber Hygiene’ Score
  • After a Hiatus, China Accelerates Cyber-Spying Efforts to Obtain U.S. Technology
  • U.S. Indicts 2 Iranians over Ransomware that Hit Atlanta, Other Cities
  • Secret Service tests Facial Recognition System at the White House

Navy, Marine Corps Forced to Send Sensitive Info by Mail After Army’s Popular Sharing System Shuttered (USNI News, 12/3/18)
The abrupt shuttering of an Army-run secure document-sharing service is grinding to a snail’s pace work done by the Navy’s lawyers, doctors, personnel administrators, law enforcement and even the U.S. Naval Academy Band.  The Army turned off its Aviation and Missile Research Development and Engineering Center (AMRDEC) Safe Access File Exchange system, called SAFE by users, a month ago because of the potential security risk, a spokesperson said.  The shutdown was a preventative measure, and the Army is not aware of any data breach because of the risk.
However, without the SAFE system, users from all military branches were sent scrambling to figure out ways to securely share large documents containing sensitive but not classified information with colleagues, other government agencies, contractors and retirees.  Registered mail and courier services have suddenly become in vogue.  “There’s no sugar-coating the fact that this has a huge impact and it’s slow; it’s slower and doesn’t have the capacity of the electronic solution used in that SAFE file exchange,” a spokesman said. More

Russian Hackers Allegedly Attacked Germany and the U.S. on the Same Day (NextGov, 12/3/18)
Russian hackers seem to have been busy on Nov. 14.  Separate reports have tied the country’s hackers to attacks on officials in both the U.S. and Germany on the same day.  It’s unclear if the events were linked.  First, U.S. cybersecurity companies reported that the group known as Cozy Bear—allegedly an arm of Russia’s foreign intelligence service, best known for being the first Russian hacking team to infiltrate the Democratic National Committee—seemed to have come back to life.
The group was the likely source of new hacking attempts on U.S. government agencies, think tanks, and businesses, the companies said.  The emails purported to contain files from senior State Department official Heather Nauert, but they actually held malicious software.  Then on Thursday, Nov. 29, German authorities told Der Spiegel magazine they had detected an attack on the exact same day, targeting email accounts belonging to the country’s lawmakers, military, and embassies.  It was the second attack by Russian hackers on Germany in the space of a year, following a global attack picked up by German security services in December 2017. More

In New Mexico, 5 May Face Federal Terrorism Charges (Albuquerque Journal, 12/2/18)
The five defendants arrested after authorities found a dead child at a compound north of Taos in August are now under investigation for a specific terrorism-related charge that has never before been filed in New Mexico, according to a court filing by federal prosecutors.  While the possible charge – providing material support to terrorists – is unprecedented for New Mexico, it has been used hundreds of times across the country in cases related to jihad, said Karen Greenberg, director of the Center for National Security at Fordham Law School.
The case began as a child abuse matter in state court in northern New Mexico.  Since then, it has morphed into a case with allegations of terrorism playing out in federal court, where local prosecutors are being assisted by an attorney in the DOJ’s Counterterrorism Section.  In fact, federal prosecutors recently said that more serious charges will soon be filed, possibly for terrorism or kidnapping offenses.  Court testimony has referred to evidence involving defendant Siraj Ibn Wahhaj: international travel to countries, including Saudi Arabia and Morocco; a manual describing the “stages of a terrorist attack” that was found at the compound; and the fact that the FBI prepared a report after Wahhaj and his brother attended a Black Lives Matter march in Atlanta prior to Wahhaj and the other defendants arriving in New Mexico. More

Military: EMP Attack Could Wipe Out America, 'Democracy, World Order' (DC Examiner, 11/30/18)
In an extraordinary and sobering report meant to educate the nation on a growing threat, a new military study warns that an electromagnetic pulse weapon attack such as those developed by North Korea, Russia, and Iran could essentially challenge the United States and displace millions.  “Based on the totality of available data,” said the report from the Air Force’s Air University, “an electromagnetic spectrum attack may be a threat to the United States, democracy, and the world order.”
The report, the product of a mostly classified summit of officials from 40 agencies earlier this year, is a forceful call for a new focus on preparing for either an enemy EMP attack or a natural hit such as a solar storm.  While it is focused on the devastating impact an EMP hit would have on the military, it appears to support a congressional warning that up to 90% of the population on the East Coast would die in a year of an attack that would dismantle or interfere with electricity, transportation, food processing, and healthcare. More


Help Your Employees Connect to the “Why” in Security

Protecting classified and sensitive information depends more than ever on the human element of security — employees. The sad fact is, employees are still the weakest link in the security chain because they’re not trained to be security-conscious. A report by Ernst & Young finds that "security awareness programs at many organizations are weak, half-hearted and ineffectual." As a result, employees ignore them. Many employees are not invested in the process because they don’t understand what’s in it for them.  

What you can do about it: A simple, proven approach.
Now you can gain visibility and buy-in for your security program with the EMPLOYEE SECURITY CONNECTION – the proven security awareness solution exclusively for cleared defense contractors and government agencies.  It’s the best way to ensure your employees are prepared for your next government security inspection.  To learn more about how this valuable resource can help motivate your employees to practice good security habits…help you achieve better inspection results…and satisfy a major NISPOM awareness requirement… please click on the following link: https://nsi.org/es-connection.html


Sextortion Scam Run by Inmates Nets $560,000 from Service Members (ClearanceJobs.com, 11/29/18)
Last week, the Department of Justice unsealed the indictment of 15 persons as “Operation Surprise Party” – a sextortion ring which victimized 442 service members since 2015.  The Naval Criminal Investigative Service noted that the service members were from the Army, Navy, Air Force and Marine Corps.
A South Carolina inmate told one military service member victim that his minor daughter was traumatized by the victim’s sexually explicit messages that she needed money for counseling and medical bills – this inmate successfully extorted almost $30,000 from his victims in 2016 and 2017.  This inmate was serving time for murder, kidnapping and armed robbery and was not eligible for release until 2042.  Another South Carolina inmate, located in a separate correctional institution, and four accomplices, are alleged to have successfully run sextortion scams which netted $80,000. More

Report: China Uses Economic Espionage, Theft to Grab U.S. Tech (Fox News, 11/29/18)
A new report issued by several prominent experts on Chinese and American foreign policy claims that China is using a range of methods to misappropriate U.S. technology.  The 200-page report, entitled “Chinese Influence & American Interests: Promoting Constructive Vigilance,” warns that American intellectual property is at risk.
"In the technology sector, China is engaged in a multifaceted effort to misappropriate technologies it deems critical to its economic and military success," experts explain, in a statement accompanying the report.  "Beyond economic espionage, theft, and the forced technology transfers that are required of many joint-venture partnerships, China also captures much valuable new technology through its investments in U.S. high-tech companies and through its exploitation of the openness of American university labs." More

Agencies Will Soon Have a ‘Cyber Hygiene’ Score (Defense One, 11/29/18)
Soon, federal agencies will have a clear idea of how they are doing on basic cybersecurity and be able to compare their posture to other agencies across the government.  DHS’s Continuous Diagnostics and Mitigation program, or CDM, is providing agencies with a sophisticated suite of cybersecurity tools.  As those tools are put in place, the associated sensors are sending data to a centralized dashboard, giving DHS and agencies a holistic view of cybersecurity throughout the federal enterprise.
Now, DHS is using that data to compile cyber scores using an algorithm that measures the existence of known vulnerabilities within an agency’s systems—those that have yet to be patched—and the baseline configuration settings to give an agency an overall rating on cyber hygiene.  Kevin Cox, CDM program manager at Homeland Security, likened the score to a credit score but in reverse—a higher number generally represents a worse cyber posture.  More

After a Hiatus, China Accelerates Cyber-Spying Efforts to Obtain U.S. Technology (NYT, 11/29/18)
Three years ago, President Barack Obama struck a deal with China that few thought was possible: President Xi Jinping agreed to end his nation’s years-long practice of breaking into the computer systems of American companies, military contractors and government agencies to obtain designs, technology and corporate secrets, usually on behalf of China’s state-owned firms.
The pact was celebrated by the Obama administration as one of the first arms-control agreements for cyberspace — and for 18 months or so, the number of Chinese attacks plummeted.  But the victory was fleeting.  Soon after President Trump took office, China’s cyber-espionage picked up again and, according to intelligence officials and analysts, accelerated in the last year as trade conflicts and other tensions began to poison relations between the world’s two largest economies.  More

U.S. Indicts 2 Iranians over Ransomware that Hit Atlanta, Other Cities (Cyber Scoop, 11/28/18)
The Department of Justice unsealed indictments last week against two Iranian men for conducting ransomware attacks against more than 200 organizations inside the U.S., including municipalities, government agencies and hospitals.  Prosecutors say Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, used SamSam ransomware to lock the victims’ systems and demand bitcoin in order to decrypt their data.  Savandi and Masouri racked up more than $6 million in ransom payments and caused more than $30 million in damages, according to the indictment.
SamSam’s damage has been a public ordeal.  The indictment includes notable cases like the attacks on the city of Atlanta, the city of Newark, the Port of San Diego, the Colorado Department of Transportation, and others.  Six of the victims were healthcare-related organizations, prosecutors said.  “Many of the victims were public agencies with missions that involve saving lives and performing other critical missions for the American people,” Deputy Attorney General Rod Rosentstein said.  More

Secret Service Tests Facial Recognition System at the White House (FCW, 11/28/18)
The Secret Service started testing a facial recognition system in and around the White House last week, according to a privacy assessment released by the Department of Homeland Security.  The pilot uses a facial recognition system, unnamed in the privacy document, to pore over faces collected by the Crown closed circuit TV system that is used inside and outside the White House complex in Washington, D.C.
The goal of the project is to determine whether facial recognition capability can be used by the Secret Service to identify "known subjects of interest prior to initial contact with law enforcement" around the White House.  These subjects of interest pose potential threats to individuals under Secret Service protection.  They come to the attention of the Secret Service through their own direct communications with the White House as well as social media posts, reports from the public and the news media, as well as information from other law enforcement agencies. More

Keep Getting This Newsletter

To ensure delivery to your inbox (not bulk or junk folders), please add NSI@nsi.org to your address book.

SUBSCRIBE: If you were sent this by a colleague and wish to subscribe to NSI's complementary Security NewsWatch e-newsletter, visit http://nsi.org/newsletter.html.


Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy at http://nsi.org/newsletter.html

ADVERTISERS: For information about sponsoring this e-letter, contact sburns@nsi.org or call

NSI LogoNational Security Institute
165 Main Street, Suite 215
Medway, MA 02053
Tel: 508-533-9099
Fax: 508-507-3631
Internet: http://nsi.org




Impact 19 Banner

Who's Worse:
Employees or Hackers?

Experts agree, well intentioned but careless employees pose just as much of a danger to your organization as faceless hackers on the outside. In fact, 95 percent of successful hack attacks or incidents are attributed to human error.

Learn how to mitigate the accidental insider threat and empower your employees to think securely with these valuable lessons:

  1. How to recognize and respond to social engineering attacks
  2. How to avoid spear-phishing and email scams
  3. How avoid becoming an easy target for hackers
  4. How to prevent human errors that cause security breaches
  5. How to protect sensitive data from hackers, spies and ID thieves

Learn More Button