Back to the Basics
0
Dan Gavin
Back to the Basics

Hills Are Alive: In the Disney classic, “The Sound of Music,” the troublesome but optimistic nun turned nanny, Maria, is teaching the Von Trapp children how to sing since they did not know how.  She starts into song saying “Let’s start at the very beginning, a very good place to start, when you read begin with A-B-C, when you sing begin with do-re-mi.” Here at the Cyber Tripwire, we change that second part a bit to apply to cybersecurity.  “When you cyber, begin with C-I-A.”   OK, so maybe it won’t be sung by teenagers around the world and I’ll have to postpone my song writing career.

C-I-A: With cybersecurity, getting back to the basics is as easy as C-I-A … Confidentiality, Integrity, and Availability.  These are the high level basics.  Confidentiality means that only the people who are supposed to access the data have access.   Integrity means that there are no unauthorized changes to data at all during transmission, in use, or while stored.  Availability means that the computer resources are ready and can be accessed by legitimate users.  Together they are referred to as the “C-I-A Triad.”  For most organizations a chink in the armor of any of the three could cause havoc. Let’s look at each one closer.

Confidentiality: The importance of confidentiality differs depending on your industry.  If you have a secret recipe like Colonel Sanders, it is critical.  If your organization handles any personal information, the protection of that confidential information is required by law.  Here are some examples of failure to maintain confidentiality.  An unauthorized person accesses data.  An unauthorized process gains access to data. Consider a hacker that uses malware to copy your data.  An unauthorized person accesses an approximate data value, a range. For instance if someone found out that an employee’s salary is within a certain range.   Loss of confidentiality could even be an unauthorized person finding out that a piece of data exists.  If you are sending personal information over unencrypted email, the confidentiality of the data is highly at risk. 

Integrity: Integrity does not necessarily require hacker intervention to be lost.  It is possible to lose integrity through careless use by an authorized user.  For instance, a user that accidently saves unapproved modification to a file without realizing it.  Information system errors could also affect the integrity of data.  In order for data to have integrity, it needs to be precise, accurate, meaningful and useful. Modification made must use acceptable ways and only by authorized people or processes.  When a hacker captures unencrypted data, changes it, and sends it to the original recipient, the integrity of that data is lost.

Availability: Availability allows authorized users to access and use network resources, like a printer or a website.  Available resources must complete the service request in a reasonable time.  When I was in college, I remember that the telephone networks lost availability every Mother’s Day.  The telephones circuits could not handle the flood of calls.   Similar things happen today on the internet when there is an Amazon Day or occasionally during Cyber Monday.  When hackers use malware to overload a particular service or website, it is called a Denial Of Service (DOS) attack.  A DOS attack is intended to remove the availability of its victim’s resources.   As many of you know from experience, you don’t need a hacker to lose availability.  It could be lost with a malfunctioning resource, or an upgrade gone bad.

Auf Weidersehen: So there it is, the basics of cybersecurity, the C-I-A Triad.  Now, we can all go back and singing the rest of the Von Trapp family songs – “So long, farewell, auf weidersehen, good night.”

The Saga of the Stolen Stingray
0
Dan Gavin
The Saga of the Stolen Stingray

Protect It: I imagine one day I’ll own a 1970 Corvette Stingray. It will have its own garage. I’ll lock the garage doors when I’m not using it to make sure it’s safe. I’ll put an alarm on the building—to be sure. And I WON’T leave the keys in it!

Hijacked: A few months ago, my mother-in-law told me her email “broke.” For a few days, she hadn’t received any emails in her Outlook Client. So, I took a peek at her Cox webmail. I found a message stating the account was locked, due to suspicious activity. After a couple hours with tech support, we were able to get in. We found the account had been sending hundreds of spam emails every day. A criminal had hijacked her mail.

Recently I read a blog post in Dentaltown from a dentist victimized like this. His email account had become an unwitting offender. How did this happen to them? Will it happen to you? How can you prevent it?

Credential Stuffing: These email accounts fell victim to what we call a “credential stuffing attack.” It’s often performed by software known as “bots.” See, websites should be storing your username/password pairs (AKA “credentials”) in an encrypted database, but they often don’t. It’s like storing a 1970 Corvette Stingray in your garage (keys in the switch), and then leaving the door wide open. You’d never do that, but websites do—all the time!

Darkweb Dump: Criminals break into those websites and scoop out your credentials. Then, those same criminals dump your credentials on the darkweb. Other crooks snag these breached credentials from darkweb, Amazon-like sites. They then code their bots with lists of credentials, including yours. Finally, the bot logs into your email account.

Picture this:  You use your Gmail address as the username to log into scrapbook.com. Then, you use the same password for scrapbook.com that you use for your Gmail account. A criminal breaks into scrapbook.com. If the database isn’t encrypted (the doors were left open), the thieves steal your credentials. In essence, the criminal drove away in your beloved Stingray! It happened because you used the same key for every door you own: Your house, your Stingray garage, your business office, your mailbox…  You get my point? Worst of all, you left a copy of the key taped to the front door of your house, right in plain sight.

Unique Passwords: We often recommend in these articles that you make sure and use unique passwords for the bucketload of websites you log into. Certain sites are more critical, for example, your email account, as well as your bank account and other accounts containing your financial information. Use a password manager like Bitwarden. If you use a long, unique passphrase, instead of a short password,  and you use a different passphrase for each site you visit, then you reduce the chance of becoming a credential stuffing victim.

A Turkish Taxi or Going to the Cloud
0
Dan Gavin
A Turkish Taxi or Going to the Cloud

Traveling: Did you know that when you take a taxi cab in Turkey and there is an accident while you are in the car, then you, the passenger, are liable for the damages? Why? Because you hired the cab. That is what it means for your business when you “go to the cloud.” Businesses think the cloud solves all of their cybersecurity problems, but that is not the case. Your business is responsible.

Regulatory Requirements: For most businesses, they have at least one set of regulatory compliance rules to abide by when handling data. For example, if your business accepts credit cards as payment, you are subject to the Payment Card Industry Data Security Standard (PCI DSS). If you track any Personally Identifiable Information (PII) on your customers or employees, you are subject to the Privacy Act. If you are a health care provider and handle Protected Health Information (PHI), you need to be compliant with the Health Insurance Portability and Accountability Act (HIPAA). Healthcare providers have the trifecta of data protection liability – having PCI, PII, and PHI to worry about. In the cybersecurity world, regulatory requirements drive your data security plan.

Data Security: The definition of data security from technopedia.com is “protective digital privacy measures that are applied to prevent unauthorized access to computers, databases and websites.” In other words, data security is how you protect your customer’s data. Although there are many laws, regulations, and guidelines, they do not dictate HOW to implement the protective measures. THAT is up to the individual business owners to decide. This is important because the business is held legally responsible for any privacy breach that may occur whether the data is in the cloud or in your back-office data closet. You are responsible for its protection.

Cloud Absolution? No: Some business owners think that if they push their system to the cloud they will be absolved of data security. Many cloud service providers offer Software as a Service (SaaS) solutions for just about every application these days, making it a turn-key solution for many businesses. One example is Office 365. it reduces local IT costs and in most cases provides an increase in service. In many cases, the business can coordinate with the provider to pay for controls like encryption and firewalls in the cloud. Sounds great, doesn’t it? So where’s the problem?

Who’s In Charge: The cloud customer (that’s you) decides who gets access to the application. The employees are usually working from a laptop, desktop, tablet or phone to access the application.

Threats Still Exist: The cloud is NOT threat repellant. If any of your business computers get key-logger malware (malware that records your keystrokes), the hacker will steal your cloud login credentials and use them to access to your data from anywhere in the world. Your client data that you use daily is sitting on the computer memory of your local device. If the data is (heaven forbid) sent unencrypted to the cloud, you are subject to interception of your data with what’s called a man-in-the-middle attack. This happens often when using public Wi-Fi hotspots. Employees are also susceptible to social engineering where they are tricked into clicking on a malicious link or even provide their password information over the phone. As we noted in other articles, the dark web has usernames and passwords available from previous breaches. If people re-use their passwords, the hacker may get access that way too.

Due Diligence: Even in the cloud, business owners must have due diligence with data security because they are liable. Your employees need cybersecurity training. Their devices should have antivirus and endpoint detection monitoring – agents watching for unusual behavior. Businesses should have cyber insurance to transfer the risk in case a breach occurs despite best efforts.

The Bus?: So, if you are in Turkey you may want to take the bus. Using cloud services on the other hand, there isn’t any substitute for a robust security plan.

Your BlueTooth Is Showing
0
Dan Gavin
Your BlueTooth Is Showing

Is Your Bluetooth On?: I’ll bet the Bluetooth on your phone is enabled right now. How you can tell: when you get in the car and it automatically switches to the hands-free option. This is how most people operate. It’s convenient.

What Is It?: So, what is Bluetooth? It’s like Wi-Fi but for short distances and its built into nearly every smartphone. In an iPhone you use it to Airdrop files to your friends. It connects to your wireless earbuds so you can listen to Sgt. Pepper’s Lonely Hearts Club Band. It can also be used to steal files off your phone without your knowledge.

Snarfing: I’m referring to the attack tactic called Bluesnarfing. This attack exploits a weakness in some mobile phone Bluetooth implementations and it provides unauthorized access to the personal information stored on your phone.

How It Works: Here’s the scenario. You are attending an event outdoors and properly observing the government recommended social distance of six feet. Maybe you’re at the grocery store or one of the few remaining restaurants in town that still allow sit-down dining (like Dickies over by Food City). Someone sits six-feet next to you. They then create a Bluetooth connection to your smart phone, and capture the data stored on it. All without your notice or consent!

Exposure: Why is this important to you? This attack can expose your emails, contact lists, and text messages. Literally anything you store on your phone. Do you have a photo of your drivers license or social security card in there? Anything else you don’t want to become public?

What Risks?: Maybe you think the risk isn’t very high. I mean, how important are you really? In a way, this is conceptually similar to ransomware attacks. Your data is held for ransom. If an attacker gets access to any sensitive data on your phone, they can simply email you anonymously and request a few Bitcoin to have the data deleted. In case you were wondering, at the time of this writing, Bitcoin traded for $11,345.96 per coin. So yes, it’s worth the effort for someone to steal your data.

Please Stop It: Now you may be wondering how you can stop this attack, or if it’s even worth it to try. I mean, are you really at risk? Mitigation is easy. Turn off the Bluetooth when you are in public places. It takes almost no effort on your part. As for risk. Do you have sensitive data on your phone?

What Bugs You?: Now that I have your attention. Bluesnarfing isn’t the only thing that should terrify you. The really scary one is Bluebugging. Bluebugging allows an attacker to have COMPLETE control over your phone. If your phone is Bluebugged, an attacker can make and receive calls over your phone, AND eavesdrop on YOUR phone calls.

Opportunity: Some of this may have sounded like scenes from Mission Impossible, but Bluesnarfing and Bluebugging aren’t make-believe.  And you don’t need to be Ethan Hunt to become a target. As with Ransomware, sometimes all a cyber-criminal needs is an opportunity. Leaving your Bluetooth on all the time is convenient for sure. For both you AND the criminal.

Canary In A Coal Mine
0
Dan Gavin
Canary In A Coal Mine

Why Canaries?: Beginning in 1911 and all the way through 1986, coal miners would bring a small bird, usually a canary, into the mine with them.  During the blasting, the miners could be exposed to carbon monoxide or other poisonous gases.   The canaries were brought down into the mine as an early detection device.   Because the canary is much more vulnerable to airborne gases, the canary would die upon the first detection of poison.  If the miners found a dead canary, danger was in the air and it was time to get out.

Canary Tokens: In the cyber world, “canary tokens” or canary files are used in a similar manner – to see if danger is in the air.  A canary token is a digital file that contains a tracker and a trigger.  The idea is to put these files throughout your file system with enticing names like “passwords” or “HR Salary List” or something similar. If an attacker would access the system and open the file, the trigger would go off and the tracker would be able to annotate the general location of the hacker to you via email.  The general idea is that you now know if someone is snooping around on your device and you can protect yourself from the intrusion.

Try It: You can try this on your home or work computers for free.  https://canarytokens.org/ provides different types of canary tokens for your use.  You select the type of file, provide your email for notification, and a reminder where you will be putting the token.  I recently tested this and the site was able to pinpoint my location as accurately as to my neighborhood, not just the city. 

Deception: This is one aspect of an active (or proactive) cyber defense called deception.  Deception, as the name implies, is looking to deceive or fool the attacker causing the attacker to make noise as to be detected, and subsequently allowing the user to protect the assets. 

Honeypots: In some organizations, IT departments may put out a fake server on the network called a “honeypot.”  The server would not have any of the usual security protections thus purposefully making it an easy target for the hackers.  The server would be full of fake files and a labyrinth of directories to traverse.  No one in the organization has a reason to be on the server, so the only reasons to be on the server are mischievous or nefarious.   This gives the cybersecurity department an insight into the tactics and procedures that they need to defend against.  It also wastes the hacker’s time.  If the hacker is busy in the honeypot, he is not attacking your real assets.

HoneyNets: A “honeynet” is similar to a honeypot, except that it is an entire network of honeypots.  Larger organizations with critical assets may employ a honeynet to distract the hackers and cause them to make noise on the network.  Setting the traps throughout the network allows for the early detection the organization desired. 

Early Detection Is A Must: Just like the coal miners of the twentieth century, the cyber world needs the early detection of danger that the canary provides to stay safe.  

Put On Your Cyber Armor Before Your First Cup
0
Dan Gavin
Put On Your Cyber Armor Before Your First Cup

Knights Prepare: In the early Middle Ages, knights spent hours getting ready for battle putting on their armor with the help of a squire.  There were hooded coats, trousers, gloves and shoes made of chain mail. Add the helmet, shield, and sword, and they were ready for war.

Cyber Protection: In order to be safe in the cyber world, computer users need to be prepared for the cyber battle that we did not request. We need protection.   Here are two examples of attacks and how to defend your home or business.

Ransomware Attacks: To avoid having to pay the ransom for your data held hostage, your organization should be backing up data nightly or more often if operations require.  In that case, you will only lose one day’s worth of data plus the time and resources it takes to restore your infected system.    

Suncrypt: This happened to Haywood County School District in North Carolina.  Their computers were attacked by Suncrypt ransomware.  They did not pay the ransom because they had backups, however, they had to delay school for a week to restore everything.  Suncrypt uses a Windows admin utility called “PowerShell” to send a file to execute on other computers in order to rename and encrypt every folder on the infected computer. The hackers now have your data hostage.

Could It Have Been Avoided?: What could the school district have done to avoid the infection altogether? 

Admin Privileges: First, the person who clicked on the phishing email had “administrative” privileges.  Cybersecurity has a concept called “least privilege” where a user has a least amount of privilege to do her work.  All internet browsing and email reading should be done as a non-admin user.  It is critical to only use admin privileges when performing admin functions (configuration and installation).

Outbound Powershell: Second, the computer security policy allowed the use of outbound PowerShell.  The system policy should have disabled outbound PowerShell capability. Powershell is the new favorite of hackers.  According to https://news.softpedia.com/news/malware-created-with-microsoft-powershell-is-on-the-rise-503103.shtml   eighty-seven percent (87%) of common malware uses PowerShell. This one change to your system can block much of the current malware.

Controlled Folder Access: Finally, for this particular attack, and those like it, the entire attack would have been thwarted if the systems had a simple setting enabled called “Controlled Folder Access.”  This feature allows only authorized applications and users to modify folders.  This would have completely blocked Suncrypt.

Phishing Attacks:  Phishing is getting very complex.  There are new targeted phishing campaigns where emails are sent to company users claiming to be from the IT Department.  The emails explain that certain sent emails were quarantined and provides a link for the user to login and review the files.  The link takes you to a screen that looks exactly like the company login.  The hackers grab the user’s credentials when they attempt to login and fix the problem.

Don’t Click It: The lesson here is to always hover over any link.  Do NOT click the link without checking it.  When you hover over the link, the details of the link show in the bottom left-hand corner of your browser or pops out on your email application.  Verify the entire link carefully. Hackers can be creative with their domain names making them similar to the real domain names. So look closely.   When it comes to links, hover, hover, and hover again. 

Put Your Cyber Armor On: So, along with that first cup of coffee or tea in the morning, remember to put on your cyber armor before you check your emails.

Defending the Castle of Gondor
0
Dan Gavin
Defending the Castle of Gondor

The Defense: The brutal battle of the Pelennor Fields in The Lord of the Rings epic, is instructive for cyber defense. Gandalf, the White Wizard, was charged with defending Minas Tirith, and the majestic Castle of Gondor. The castle was constructed with a series of concentric castle walls for protection.  During the attack of Dark Lord Sauron’s minions, Gandalf tried to hold ground.  Eventually, the first wall was breached, so Gandalf ordered his army back behind the next wall.  The situation was bleak, but moving behind the next interior wall bought them time as they waited for Aragorn to come with reinforcements.

Cyber Defense: Cybersecurity for your organization is a lot like defending the Castle of Gondor. You need to slow down the attackers before they get to your critical assets. Protection in layers in the cyber world, much like that concentric castle, is called “defense in depth.”  An article from Force Point (https://www.forcepoint.com/cyber-edu/defense-depth) defines it well. “Defense in Depth (DiD) is an approach to cybersecurity in which a series of defensive mechanisms are layered in order to protect valuable data and information.”  With cyber DiD, like with the Castle of Gondor, if one set of defenses fails, there is another mechanism in place to impede the attack.  Sometimes the cyber DiD is called the castle defense due to the parallels between cyber warfare and physical warfare.

Make It Tough: The goal of DiD is to slow down the attacker and get them to make “noise,” so they can be detected, and the user can get reinforcements.  Unlike Gondor, where the siege was quite obvious, cyber-attacks can go undetected for weeks and even months.  This is where your cyber-layered defenses can help to slow the attacks down and make some noise.

Controls: We discussed controls last week.  A control is an action, a device, a procedure, or a technique that removes or reduces a vulnerability. Controls, when used in depth, can make severe vulnerabilities hard for attackers to take advantage of, or exploit.

One Is Not Enough: In the cyber world, there is no single control that can successfully protect against every single type of attack.  For your network, the expensive firewall is not going to stop everything, nor will the next- generation anti-virus.  You need to have a layered cyber strategy that includes preventive, detective, and deceptive controls to protect your network. 

Layered Defenses: A layered defense would start with the basics of firewalls and anti-virus/anti-malware, but it might also include an intrusion prevention system, end-point detection, centralized monitoring, encryption, web application firewalls, and access control lists, to name a few.  Besides these technical controls, you can also add procedural and policy controls – a set of rules to follow, and the proper way of doing things.  In addition, you can work on human security by adding cybersecurity training to your layered defense.  Human security is critical, as all the leading-edge technology is helpless if the end user provides the hacker the keys to the kingdom. 

Held Out Long Enough: Aragorn brought the Army of the Dead to save Minas Tirith from Sauron’s army. When it came to their defense-in-depth strategy, the sum of the protective layers was much greater than what was offered by each individual component. Just like the Castle of Gondor, your cyber defense needs overlapping and redundant defenses.  If the attackers make enough noise, you may have time to get reinforcements in place.

Your Computer is Sick
0
Dan Gavin
Your Computer is Sick

Sick Computer: Your computer is sick. Not sick in a good way. Many people believe that when they buy a brand new computer, it was designed and configured with security in mind, but it wasn’t. It was designed and configured with usability in mind. Years ago I worked for a small Wireless Internet Service Provider (WISP) in Ogden Utah. Once the owner told me that whenever a customer called his technical support line for help, the company lost the profit they would have made from that customer for the entire month. The margins were that small.

Shiny, But Not Secure: When you buy a shiny new computer, the manufacturer wants you to be able to easily set it up yourself. They have gotten much better about secure setup than they used to be. Indeed, your Microsoft Windows 10 Operating System is much more secure than the previous Windows versions, but there is still a balance that the manufacture is trying to strike. They don’t want you to call tech support.

Usability vs Security: Security is a spectrum with usability on one end and security on the other. The closer you get to security, the further you move from usability.  That is where the problem resides. YOUR goal may be to have the most secure computing experience, but the company that made your computer and the Operating System want it to be usable so you don’t call tech support.

Most end-users simply don’t have the experience to securely configure their computer. It takes time to become enough of an expert in the field to securely configure your PC or Mac. Hiring someone to secure your computer is very costly as well.

Preventive Measures: Secure configuration of your computer is preventative. You are trying to prevent threats from causing harm to your computing assets. The ways a threat can cause harm are called vulnerabilities. Bugs in software are one example. Things that reduce vulnerabilities are called “controls”. A software patch (or update) is a control to reduce the vulnerability of a software bug.

Asset, Control, Threat: You can think of it this way. It’s not unlike putting in a chain link fence (the control) to keep the javelina (the threat) out of your garden (the asset). You are not naïve enough to think the fence will keep tiny birds off the peach tree. That’s not what the fence was designed for. So you add a different control designed for birds. Many people will place a large fake owl close by. It’s a deceptive control to fool the birds into thinking a predator is lurking.

Real Life Example: Your house has controls to reduce the vulnerabilities a burglar might use to break in. Locks on the doors and windows. But a determined burglar can still get in if they have the opportunity. You may have installed motion sensors to alert the police in the event of a break-in. That’s a detective control to further reduce the vulnerability your preventative controls may fail to mitigate.

Prevention Always Fails: In the face of an advanced threat, prevention always fails. Eventually. You should consider installing some detective controls to alert you when they have.

Options: Lastly, prevention and detection are not your only recourse. You can get out in front of this dilemma by introducing a deception control. As an example, every time you visit a website, your browser announces to the web server a tremendous amount of valuable information, namely, what browser, and what Operating System you are using. This is usually enough information for a threat to deploy an attack. But you can change your browser settings to lie about it. Then when you visit a compromised website, the threat will deploy the wrong attack. This deception technique isn’t 100% foolproof, and it may cause some of your favorite websites to not display properly, but it’s something you should look into.

It’s a Risk Call: Like the WISP I worked for back in Ogden, profits are on the line. The vendor of your computer is more concerned with you having a usable experience. It’s up to you to make it secure by adding deception and detection controls to your quiver.

Dwelling on Dwell Time
0
Dan Gavin
Dwelling on Dwell Time

OPM Hack: Sierra Vista is a military town. Therefore, many of us have personal or family ties to the military. I’m sure that many of you were in the same boat I was during the summer of 2015 when we found out about the Office of Personnel Management (OPM) breach. Hackers had exfiltrated (the technical term used when hackers pilfer data) the personal information for almost 20 million people related to the security clearance background investigation applications. The attack occurred in two phases.  The first phase, called X1 by Congressional investigators, started in November, 2013.  OPM discovered it in May, 2014. The hackers had stolen very little documentation.  Before OPM could clean up the mess, the hacker obtained credentials and installed key-loggers and other malware to create a “backdoor” on May 7, 2014.  This second attack, known as X2, went unnoticed for over 11 months.  That boat I mentioned earlier? The one we were in together? It was leaking. And in the water? There were sharks.

How & How Long: While the sharks explored the OPM network they escalated their privileges so they had access to more and more information.  In December 2014, they plundered 4.2 million personnel records.  In March of 2015 they stole fingerprint data.  It wasn’t until mid-April 2015 that security personnel identified the unusual activity.  For over a year, the attackers had set up shop on the OPM network. Imagine how much damage an attacker can do to your organization with almost a year of dwell time!

What is Dwell Time: Dwell time, AKA “the breach detection gap”, is the period of time between malware executing within a network, when it is detected, and when the hemorrhaging is stopped.  During this time, adversaries have access to your organizational assets. Certain types of malware and cyber-attacks require a great deal of dwell time to escalate privileges to achieve their objectives.  Detecting the presence of malware early is critical to minimizing damage and protecting your assets.  In the cyber ocean of malware, avoiding the sharks is ideal, but early detection is a must! According to Ponemon Institute’s 2017 Cost of Data Breach Study  (http://www.ponemon.org/research/ponemon-library/security/2017-cost-of-data-breach-study-united-states.html), there is a 25% increase in the average cost of a breach found after 30 days. 

A Chain-Link Fence: Hoping anti-virus and anti-malware programs will protect you against all of this is like hoping your chain-link fence will stop mosquitoes. Anti-malware detects “signatures” of known malicious files.  However, today’s malware can easily modify its signature thereby appearing normal to antivirus engines. And attackers are creating new, advanced malware daily. Avast, McAfee, and the gang still catch most simple malware, but you need more advanced security to protect yourself from the uglies.  Similarly, firewalls and intrusion detection systems are another layer of protection. OPM had those too. The big one still made it through. It wasn’t enough.

Protect Yourself: To protect your organization, consider installing endpoint detection “agents” on your laptops and servers.  Endpoint detection agents monitor your system for unusual activity and notify the security operations center.  Some tools even offer endpoint deception, where the attacker opens a “canary” file. We call this a cyber tripwire. The canary file traps the hacker in a virtual network separate from the real network. There the hacker may wander around investigating fake data and fake networks, unbeknownst to him (think of the holodeck on the U.S.S. Enterprise). Shortening the malware dwell time for your organization means reduced risk of a breach, of a malware outbreak, or of being trapped in a botnet scheme or ransomware.  Early detection sure is better than remediation!  Ask OPM, where they will spend over $350 million in credit monitoring services alone.

Rise of the Cyber Lamb Chops
0
Dan Gavin
Rise of the Cyber Lamb Chops

Sock Puppet Fame: In the 1950s, a ventriloquist, named Shari Lewis, put a sock on her hand and became famous. Lewis created the persona of a 6-year-old sheep, named “Lamb Chop,” that spoke the punch-line to her jokes. A sockpuppet helped her rise to fame with a very popular 1990’s children’s program. Fame and fortune from a sock!

Cyber Sockpuppets: Social media today has thousands of sockpuppets. No, Lamb Chop hasn’t taken over. A sockpuppet is a phony online identity using “real” accounts for the purpose of deception. Originally, this term referred to people who responded to their own blog posts, or authors who applauded their own books, while criticizing their competition. Nowadays, sockpuppets are used for a wide range of objectives. They are used to shower praise on a person or organization or to antagonize them; they are used to manipulate public opinion, to circumvent restrictions and suspensions, or get others banned from web sites. For instance, Utah Senator Mitt Romney acknowledged operating a secret Twitter account, “Pierre Delecto,” in order to defend himself against criticism — his sockpuppet.

Impact: The impact of sockpuppets would be marginal, except for the fact that nation-states create armies of sockpuppet bots to divide people and dispense misinformation. A single operative may monitor hundreds of sockpuppets, and an organization may use hundreds or thousands of operatives. The bot may simply “re-tweet,” “like,” or “re-post” a divisive headline or comment. 

The Difference: While a human Twitter user may post a few times a day, a bot may tweet hundreds of times per day, all day, on a specific topic. One study by USC analyzed election-related tweets sent in September and October 2016 and found that 1 in 5 were sent by an automated sockpuppet. Some social media platforms have developed software to identify and block bots, so puppeteers have developed something called Cyborgs. These Cyborg accounts mix human subtleties with the 24/7 work ethic of a bot. These are much harder to identify.

U of A: Awareness of threats is a step in the right direction. Michelle Menninger, a student in the University of Arizona’s Cyber Operations program recently made this comment to me,

“Technology opens up an entire world to my kids that could easily destroy their innocence. Being in the Cyber program gives me the opportunity to speak openly with them about the dangers of technology and allows me to be in control of it, instead of letting technology control us.”

Nation States Involved: Nation-state actors use technology to attack the U.S. and spread misinformation in order to destabilize our republic. An article on Wired calls the Russian campaign of disinformation “Active Measures” (https://www.wired.com/story/a-guide-to-russias-high-tech-tool-box-for-subverting-us-democracy/). Their objective is to get Americans to argue about an issue – any issue, as long as it’s divisive. These sockpuppets may appear as someone trusted in your community to draw you into the fray and make you think there is an actual human behind an idea or a movement. They spread lies or half-lies, innuendos, and fake news. They are looking to degrade civil discussion of a given topic and inflame opposing views. For these actors, a divided America is much less of a threat than a united one. 

Be Alert: We are all susceptible to these propaganda campaigns on social media. With all the re-posting and re-tweeting, sometimes it is hard to find the origin of a comment. However, awareness that a sockpuppet army, whose intent is to manipulate public opinion, is out there may provide some protection from taking the bait.

So, the next time you are on social media responding to a post that got your blood boiling, keep in mind that you may be arguing with “Lamb Chop.”

Copyright © 2024 CyberEye Call us at: ‪(520)224-8981