NSI Security NewsWatch Banner

A weekly roundup of news, trends and insights designed exclusively for security professionals. This publication is intended for security staff only.


In this issue — Dec. 6, 2017

• British Intelligence Reportedly Foils Plot to Kill Prime Minister
• How DHS Hacks Agency Networks to Make Them Stronger
• U.S. Air Force Updates Policy on Special Access Programs
• Memo Accuses Drone-Maker of Spying for China
• When Terrorists Learn How to Hack
• Navy Commander Gets 18 Months in ‘Fat Leonard’ Scandal
• Former NSA Worker Pleads Guilty to Taking Classified Info
• NSA Braces for Perfect Storm of Cyber Risks
• FBI, DHS Warn of Hacker Mercenaries Funded by Nation-States
• Cellphones May Now Be More Mobile at the Pentagon

British Intelligence Reportedly Foils Plot To Kill Prime Minister (NPR.org, 12/6/17)

Britain's domestic intelligence agency MI5 has foiled a terrorist plot to assassinate Prime Minister Theresa May, U.K. media report. Two men have been charged with terrorism-related offenses in connection with the plot, which reportedly involved using improvised explosives to blow up the gate at No. 10 Downing St., the prime minister's residence, and to kill May in the ensuing chaos, various media say.

The men, who Sky News said were arrested last week, were scheduled to appear on Wednesday in Westminster Magistrates' Court, according to The Telegraph, which said the information was provided on Tuesday in a briefing by Andrew Parker, the head of MI5. However, the prime minister's spokesman declined to discuss details of the plot. More

How DHS hacks agency networks to make them stronger, more resilient (Fed. News Radio, 12/6/17)

In an unremarkable building in Arlington, Virginia, a group of hackers is trying to break into federal networks. They are sending fake emails loaded with malware that, if launched by the unknowing recipient, would let the hacker take over the employee’s computer and steal their data. The fake email is a spear-phishing attack, and it’s a good one. It’s not just your run-of-the-mill Nigerian lawyer scam. Rather it’s designed to trick an unsuspecting federal employee into giving up their passwords by installing a keystroke logger. It’s the kind of attack nation states, organized criminals and advanced hacker groups use every day as part of the more than 33,000 cyber incidents agencies face every year.

The thing is, these hackers in Virginia are the good guys. Their job is to educate agencies and protect federal networks by looking for the weaknesses and helping agency chief information officers and chief information security officers close the gaps to stop the bad guys. More

U.S. Air Force Updates Policy on Special Access Programs (Secrecy News, 12/6/17)

The US Air Force last month issued updated policy guidance on its “special access programs” (SAPs). Those are classified programs of exceptional sensitivity requiring safeguards and access restrictions beyond those of other categories of classified information. The new Air Force policy makes provisions for internal oversight of its SAPs, as well as limited congressional access to SAP information under some circumstances.

Notably, however, the new Air Force directive does not acknowledge the authority of the Information Security Oversight Office (ISOO) to review and oversee its SAPs. That’s an error, said ISOO director Mark Bradley. More

Memo Accuses Drone-Maker of Spying for China (CSO, 12/3/17)
A memo issued by the Department of Homeland Security that was meant for law enforcement tosses around words such as “most likely,” “moderate confidence,” and “high confidence” when accusing popular drone manufacturer DJI of spying for China.  The bulletin, written in August by the Los Angeles office of the Immigration and Customs Enforcement bureau, was leaked last week.  In it, ICE claims to have “moderate confidence that Chinese-based company DJI Science and Technology is providing U.S. critical infrastructure and law enforcement data to the Chinese government.”
It has “high confidence” that DJI “is selectively targeting government and privately owned entities within these sectors to expand its ability to collect and exploit sensitive U.S. data.”  That is just the beginning of the accusations, which eventually include how using the data collected by the unmanned aerial vehicles could help the Chinese, other foreign governments, or even terrorist groups to organize physical or cyberattacks against critical infrastructure.  More

When Terrorists Learn How to Hack (Cipher Brief, 12/3/17)
Terrorist groups are expanding their use of the internet beyond mere messaging and disseminating operational know-how, slowly adding a cyber-hacking toolset that could one day rival that of criminal or state-sponsored hacking.  To date, attacks have included website defacement, doxing of personally identifiable information, and distributed denial of service (DDoS) attacks.  But this could grow to more disruptive attacks, not only with the potential to spread fear, but also raise revenue across the far reaches of the globe.
In the early 2000s, the CIA had identified two known U.S.-designated terrorist organizations – Hezbollah and Hamas – with the capability and intent of using cyberattacks against U.S. critical infrastructure.  There were also reports of al Qaeda pursuing technically savvy recruits to hold U.S. networks at risk.  With the emergence of the Islamic State, a global pool of potential recruits that grew up with the internet and ready-made hacking toolsets available online, the likelihood of such groups turning to offensive cyber capabilities is growing. More

Navy Commander Gets 18 Months in ‘Fat Leonard’ Scandal (AP, 12/2/17)
A U.S. Navy commander was sentenced last week to 18 months in prison for his role in a fraud and bribery scheme that cost the government about $35 million.  Cmdr. Bobby Pitts, 48, of Chesapeake, Virginia, was the latest person to be sentenced in connection with a decade-long scam linked to a Singapore defense contractor known as “Fat Leonard” Francis.
Francis bribed Navy officials to help him overbill the Navy for fuel, food, and other services his company provided to ships docked in Asian ports, according to prosecutors.  The bribes allegedly ranged from cash and prostitutes to Cuban cigars and Spanish suckling pigs.  Pitts pleaded guilty in 2015 to charges that alleged he tried to obstruct a federal investigation while in charge of the Navy’s Fleet Industrial Supply Command in Singapore. More


Poor Cyber Security Habits: A Recipe for a Breach

What your employees don't know about cyber security could hurt you -- and your organization.  An analysis of 1200 data breaches within the U.S. Government found that 95% of the breaches could be traced to poor security habits and human error.  Despite this fact, security awareness training is still ignored by many organizations. If there's a common thread the experts all agree on, it’s that poor training and unaware employees lie at the root of many if not most security breaches.

So, how do you make sure that your organization's critical information is protected? The first (and best) line of defense is employee awareness.  The more they understand—and care—about how their cyber behavior affects your company’s security posture, the better off the company will be.  NSI’s SECURITYsense awareness program gives your employees the tools and information they need to make security second nature. Find out how this valuable resource can help protect your hard-earned reputation and ensure that your employees are part of the solution and not part of the problem. To know more, click here https://www.nsi.org/securitysense/what-is-securitysense.shtml


Former NSA Worker Pleads Guilty to Taking Classified Info (NYT, 12/1/17)
A former NSA employee admitted last week that he had illegally taken from the agency classified documents believed to have subsequently been stolen from his home computer by hackers working for Russian intelligence.  Nghia H. Pho, 67, of Ellicott City, Md., pleaded guilty to one count of willful retention of national defense information, an offense that carries a possible 10-year sentence.  Prosecutors agreed not to seek more than eight years, however.
Pho had been charged in secret, though some news reports had given a limited description of the case.  Officials unsealed the charges on Friday, resolving the long-running mystery of the defendant’s identity.  Pho, who worked as a software developer for the NSA, was born in Vietnam but is a naturalized United States citizen.  Prosecutors withheld from the public many details of his government work and of the criminal case against him, which is linked to a continuing investigation of Russian hacking. More

NSA Braces for Perfect Storm of Cyber Risks (Signal, 12/1/17)
A lightning strike last year delivered a new way for Marianne Bailey, the National Security Agency’s new deputy national manager for national security systems, to illuminate the cybersecurity threat.  The bolt burned Bailey’s house, and the burglar alarm was one of the last items she replaced.  “The poor burglar alarm guy was telling me about all this great capability where I can get this thing on my smartphone, and I can turn it on and turn it off,” she relates.  Her response: “I want the dumb one that’s not connected to wifi.”
Bailey now uses the incident to make a point about the cybersecurity threat.  “We’re in this perfect storm of a very sophisticated, much more pervasive threat and of adversary capabilities,” she says.  “It’s impossible to not think you’re going to be had or to think the adversary is not in your network.  We can’t get numb to that.”  Bailey, who was appointed to her position in July, has a twofold mission.  The first element is internal to the NSA.  She has mission and resource oversight authority for what the agency formerly called the Information Assurance Directorate.  The directorate was reorganized under the NSA21 initiative, launched early last year. More

FBI, DHS Warn of Hacker Mercenaries Funded by Nation-States (NextGov, 11/30/17)
Lines between government-backed hackers and cybercriminals are getting fuzzier, top officials told lawmakers last week.  That’s one message the FBI wanted to send when it indicted two Russian intelligence officers and two criminal co-defendants for a major breach of the Yahoo email service in March, Director Christopher Wray said.  “We are seeing an emergence of that kind of collaboration which used to be two separate things—nation-state actors and criminal hackers,” Wray told the House Homeland Security Committee. “Now there’s this collusion, if you will.”
DHS is also following the trend, acting Secretary Elaine Duke told the committee.  “What we’re having to do is really understand … the difference between state actors, people [who are] maybe just looking for financial gain, and those hybrid actors, and that’s become more difficult,” she said.  DHS leads civilian government cybersecurity and helps critical infrastructure providers, such as airports, banks, and hospitals, secure their computer networks.  U.S. officials have long feared that cybercriminal networks, which operate with relative impunity in parts of Russia, could be deputized for hacking operations that serve the Kremlin’s interests. More

Cellphones May Now Be More Mobile at the Pentagon (Federal News Radio, 11/30/17)
Want to know if you can use your cellphone in a room?  Try asking your boss.  A new policy put in place by the Committee on National Security Systems gives the official in charge of a secure space the authority to decide if mobile devices will be allowed in the area.  “This is a policy that determines how to appropriately use mobile devices in secure spaces,” said Therese Firmin, DoD’s deputy CISO, last week.  “These are secure spaces that include top secret, collateral, and below.  It doesn’t mandate that these devices be allowed.”
The new policy does not apply to sensitive compartmented information facilities, which are used for certain kinds of classified information.  The policy, issued last month, is a recognition of the growing use of mobile devices in the DoD workplace.  The directive stated the government relies on mobile technologies to provide departments and agencies with increased productivity and mission flexibility. More

Keep Getting This Newsletter

To ensure delivery to your inbox (not bulk or junk folders), please add NSI@nsi.org to your address book.

SUBSCRIBE: If you were sent this by a colleague and wish to subscribe to NSI's complementary Security NewsWatch e-newsletter, visit http://nsi.org/newsletter.html.


Please feel free to share this e-mail with your colleagues and encourage them to sign up to get their own copy at http://nsi.org/newsletter.html

ADVERTISERS: For information about sponsoring this e-letter, contact sburns@nsi.org or call

NSI LogoNational Security Institute
165 Main Street, Suite 215
Medway, MA 02053
Tel: 508-533-9099
Fax: 508-507-3631
Internet: http://nsi.org



Who's Worse:
Employees or Hackers?

Experts agree, well intentioned but careless employees pose just as much of a danger to your organization as faceless hackers on the outside. In fact, 95 percent of successful hack attacks or incidents are attributed to human error.

Learn how to mitigate the accidental insider threat and empower your employees to think securely with these valuable lessons:

  1. How to recognize and respond to social engineering attacks
  2. How to avoid spear-phishing and email scams
  3. How avoid becoming an easy target for hackers
  4. How to prevent human errors that cause security breaches
  5. How to protect sensitive data from hackers, spies and ID thieves

Learn More Button

Dice Man Graphic