Showing posts with label Trojan Horse. Show all posts
Showing posts with label Trojan Horse. Show all posts

January 14, 2017

Our Assets Are Compromised

So in the games that nations play, spy games is #1 on the hit parade.

Of course, it's about using information to get a strategic advantage. 

It runs the gamut from pure espionage in terms of stealing state secrets and intellectual property to conducting stealthy subversive acts to undermine enemies and competitors. 

Whatever spies do, it's all about compromising assets...whether they be human, information, or critical infrastructure. 

From turning patriots into traitors, words into info warfare, or critical infrastructure in trojan horses ready to im/explode...whatever leads to getting the upper-hand or advantage. 

What one nation comes to rely on for their sustainment and survival is instead exploited and turned against them like a trojan horse or modern-day malware.

And with people, using money, sex, ideology, compromising material (Kompromat), or threats against loved ones--it's simply about appealing to either opportunism or extortion. 

So truly defense means protecting not only what before one's eyes, but also what in the rear and at the flanks. 

When the over 21 million personnel records and background investigations where stolen from OPM on virtually all federal employees (civilian, military, and intelligence personnel) a door was left open and the demon is still hiding and waiting to cross the threshold, infiltrate, exfiltrate, and compromise. 

As an society that meaningfully values an open and transparent democracy, we can perhaps too easily become lured or lax to common sense safeguards and vigilance, but that does not excuse negligence, incompetence or stupidity.

Rich people and countries around the world can unknowingly falter by becoming overly comfortable and full of themselves...to the point where many don't fully care about their jobs or their country, as they sit in their mansions, designer clothes, and with busting bellies.

From the need to vastly improve our competencies in cyberwarfare to defending ourselves from a tidel wave of global terrorism to upgrading the U.S. nuclear triad against resurgent superpowers and dangerous rogue dictators, we have let our guard down to compromise. 

Is expelling 35 Russian diplomats an effective strategy against their technical attempts to subvert our free and democratic elections or does it just underscore how vulnerable we continue to be?

When as a country and with our leadership, we decide to get serious rather than stay scared and war weary then we will not only stand firm again, but fight against weakness and compromise of ourselves. ;-)

(Source Photo: Rebecca Blumenthal)
Share/Save/Bookmark

August 20, 2016

A Terrorism Wake-Up Call To Western Civilization



"On her way to work one morning
Down the path alongside the lake
A tender-hearted woman saw a poor half-frozen snake
His pretty colored skin had been all frosted with the dew
"Oh well," she cried, "I'll take you in and I'll take care of you"
"Take me in oh tender woman
Take me in, for heaven's sake
Take me in oh tender woman," sighed the snake

She wrapped him up all cozy in a curvature of silk
And then laid him by the fireside with some honey and some milk 
Now she hurried home from work that night as soon as she arrived 
She found that pretty snake she'd taken in had been revived
"Take me in, oh tender woman 
Take me in, for heaven's sake
Take me in oh tender woman," sighed the snake

Now she clutched him to her bosom, "You're so beautiful," she cried
"But if I hadn't brought you in by now you might have died"
Now she stroked his pretty skin and then she kissed and held him tight 
But instead of saying thanks, that snake gave her a vicious bite
"Take me in, oh tender woman 
Take me in, for heaven's sake
Take me in oh tender woman," sighed the snake

"I saved you," cried that woman
"And you've bit me even, why?
You know your bite is poisonous and now I'm going to die"
"Oh shut up, silly woman," said the reptile with a grin 
"You knew damn well I was a snake before you took me in 
"Take me in, oh tender woman 
Take me in, for heaven's sake
Take me in oh tender woman," sighed the snake"

(Source Lyrics The Vicious Snake by Oscar Brown Jr. and the Reading By Donald Trump)
Share/Save/Bookmark

November 18, 2015

Refugee Crisis OR Something More Sinister And Deadly?

When presidential candidate, Donald Trump said, "I will build a big beautiful safe zone in Syria for the refugees"--many on the left were aghast. 

Then I got forwarded this video on what's happening in Europe or to Europe (and to a far more limited extent to America).

The basic question raised--are the throngs of people making their way from the Middle East, North Africa, and Asia to Europe (and to America):

1) REFUGEES: Is this diversity, multiculturalism, humanitarianism, and truly helping refugees in need?

OR

2) MIGRANTS: Is this the overrunning of a continent and society--driven by the desire for money, land, power, sex and religious domination--without anyone ever even firing a shot?

No one wants to think the worst--even when terror is happening around us and ISIS is claiming to be planting thousands of terrorists among the refugees (like a massive Trojan Horse)--we still want to believe that we are doing the right thing, doing good, and helping people in need by welcoming them in. 

Most of us or our families have been refugees at one time or another--seeking safety and a better life--so we know what it's like to need others and to need a chance--and we want to help others like others helped us. 

But watching the terror attacks, violence, rapes, and threats by some (or many, I don't really know) of the current waves of "refugees"--one wonders is this like prior refugees coming and needing genuine help or something we've never quite seen before? ;-)
Share/Save/Bookmark

June 19, 2013

Malware Through A Charger

Who would've thought you can get cyber attacked this way...

Forbes is reporting that Georgia Tech researchers have discovered an exploit where malware could be introduced to your computer through the plug in AC power charger. 

Based on their proof of concept, when you connect your computer and electrical plug, you could get more than an electrical charge to your Apple iOS computer--you could get hacked! 

The malicious charger has been named Mactans and in the future could be put together by inserting a miniature computer board (e.g. a BeagleBoard) right into the base of a charger plug (larger than the one shown above).

The hack attack is enabled by the USB port which is used for charging and doubles as a data port so that the malicious code would be surreptitiously inserted into your computer. 

So be careful what you plug into, because when you think you're just powering up your battery, you may end up powering down your whole computer device.

This sort of reminds me of the shoe bomber that forever changed how we view seemingly innocuous shoes at the airport.

A shoe may not just be for walking, and a AC charger may not be just a power source anymore.  ;-)

(Source Photo: here with attribution to Lee Bennett)
Share/Save/Bookmark

September 9, 2011

Now You See It, Now You Don't

Very cool new military technology by BAE Systems called Adaptiv--it's an invisibility cloak (yes, we now have the technology of the Klingon Empire at our disposal!)

Hexagonal pixel plates are affixed to tanks (and soon battle ships) and these can change temperatures to be invisible to infra-red sensors and confuse heat seeking missiles.

Moreover, onboard cameras pick up surrounding scenarios and can display this onto the vehicle's pixels, so that the military vehicles blend right into their environs.

Another trick, is that that the pixels can display alternate images to masquerade itself-- so a tank is now a simple car or even a cow (according to Wired UK, 6 Sept 2011).

Like the Trojan Horse, I can only imagine what a military power could do by fully exploiting this capability--whether through the conduct of hit and run maneuvers or by invading and conquering an unsuspecting foe.

This is the emergence of a whole new era of war-fighting capabilities, where camouflage is no longer just covering yourself with the basic elements, but rather where technology is used to create a virtual reality that masks the true physical.

On the battlefield, this technology will enable us to seemingly be there one minute, and gone the next (machines and people)--that's technology magic that even Houdini would be envious of.

And yet, this is still just the beginning...we are only now bordering on the capabilities inherent in the Star Trek holodeck--where whole alternate environments are just a simulation away.

Share/Save/Bookmark

May 15, 2010

What’s Lurking In The Update?

In defense, it is a well-known principle that you determine your critical infrastructure, and then harden those defenses—to protect it.

This is also called risk-based management, because you determine your high impact assets and the probability that they will be “hit” and deem those the high risks ones that need to be most protected.

In buttressing the defenses of our critical infrastructure, we make sure to only let in trusted agents. That’s what firewalls, anti-virus, spyware, and intrusion prevention systems are all about.

In so-called “social engineering” scams, we have become familiar with phony e-mails that contain links to devastating computer viruses. And we are on the lookout for whether these e-mails are coming from trusted agents or people we don’t know and are just trying to scam us.

What happens though when like the Trojan Horse in Greek times, the malware comes in from one of the very trusted agents that you know and rely on, for example, like from a software vendor sending you updates for your regular operating system or antivirus software?

ComputerWorld, 10 May 2010, reports that a “faulty update, released on April 21, [by McAfee] had corporate IT administrators scrambling when the new signatures [from a faulty antivirus update] quarantined a critical Windows systems file, causing some computers running Windows XP Service Pack 3 to crash and reboot repeatedly.”

While this particular flawed security file wasn’t the result of an action by a cyber-criminal, terrorist or hostile nation state, but rather a “failure of their quality control process,” it begs the question what if it was malicious rather than accidental?

The ultimate Trojan Horse for our corporate and personal computer systems are the regular updates we get from the vendors to “patch” or upgrade or systems. The doors of our systems are flung open to these updates. And the strategic placement of a virus into these updates that have open rein to our core systems could cause unbelievable havoc.

Statistics show that the greatest vulnerability to systems is by the “insider threat”—a disgruntled employee, a disturbed worker, or perhaps someone unscrupulous that has somehow circumvented or deceived their way past the security clearance process (or not) on employees and contractors and now has access from the inside.

Any well-placed “insider” in any of our major software providers could potentially place that Trojan Horse in the very updates that we embrace to keep our organizations secure.

Amrit Williams, the CTO of BIGFIX Inc. stated with regards to the faulty McAfee update last month, “You’re not talking about some obscure file from a random third party; you’re talking about a critical Windows file. The fact that it wasn’t found is extremely troubling.”

I too find this scenario unnerving and believe that our trusted software vendors must increase their quality assurance and security controls to ensure that we are not laid bare like the ancient city of Troy.

Additionally, we assume that the profit motive of our software vendors themselves will keep them as organizations “honest” and collaborative, but what if the “payoff” from crippling our systems is somehow greater than our annual license fees to them (e.g., terrorism)?

For those familiar with the science fiction television series BattleStar Galactica, what if there is a “Baltar” out there ready and willing to bring down our defenses to some lurking computer virus—whether for some distorted ideological reason, a fanatical drive to revenge, or a belief in some magnanimous payoff.

“Trust but verify” seems the operative principle for us all when it comes to the safety and security of our people, country and way of life—and this applies even to our software vendors who send us the updates we rely on.

Ideally, we need to get to the point where we have the time and resources to test the updates that we get prior to deploying them throughout our organizations.


Share/Save/Bookmark