now browsing by tag


New Jersey Digital Government Summit

General Cybersecurity Conference

 May 22 – 23, 2018 | Trenton, New Jersey, United States

Cybersecurity Conference Description 

Government Technology’s passion is helping spread best practices and spurring innovation in the public sector. The New Jersey Digital Government Summit is designed to do just that. The summit has an advisory board that gathers public sector and private sector leaders to create an agenda designed to make that passion relevant and actionable to the state and local government organizations attending the summit. Participants tell us they use inspirational keynotes, leadership discussions, networking breaks, and timely topics discussed in the numerous breakout sessions to help advance the goals of their organizations and their own career paths.

Topics Include:

– Innovation and Leadership
– Digital Government Trends
– Emerging Technologies
– Cyber Security
– Data and Analytics
– Mobility and Citizen Engagement
– Cloud Services
– Collaboration

Read More….


The post New Jersey Digital Government Summit appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Government #Cybersecurity Through #Obscurity And #Paying Attention To #Data #Lifecycles

Source: National Cyber Security News

While perhaps best known for funding academic research, the US National Science Foundation (NSF) conducts many other activities, including an annual survey of doctoral graduates called the Survey of Earned Doctorates (SED). While an important data source for understanding the societal impact of doctoral education, the way in which the NSF conducts its survey offers a case study in cybersecurity through obscurity, the importance of paying attention to the entire lifecycle of data and several useful lessons to other organizations managing sensitive data in 2018.

My own experience with the SED began last month when I received four phone calls in one month from an unknown phone number late at night claiming to be a survey company working for NSF and wanting to ask me a series of questions. In this era of constant phishing attempts and scam calls, I initially assumed the calls were phishing efforts, since any NSF survey would surely be conducted from a listed phone number (though such numbers can be easily spoofed) and that the caller would have sufficient identifying information to authenticate themselves and that they actually were working on behalf of NSF.

Instead, the caller said they had no information about me other than my name, phone number and the university I graduated from and wished me to provide them a cornucopia of sensitive information of the exact kind coveted by identity thieves.

Read More….


View full post on National Cyber Security Ventures


Source: National Cyber Security – Produced By Gregory Evans

The NSW Government is investing $2 million in a university-led cyber security network, with the aim being to protect the public sector and industry against cyberattacks.

Announced by Minister for Finance, Victor Dominello, the NSW Cyber Security Council will bring together leading scientists and engineers from seven of the state’s universities to:

Read More….

The post NSW #GOVERNMENT #COMMITS $2M TO #CYBER SECURITY appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures


Source: National Cyber Security – Produced By Gregory Evans

he county government of Mecklenburg, North Carolina, has been hacked, leaving their server files being held for a ransom of 2 bitcoins.

One of the growing problems for businesses and governments today is having their electronic files hacked and held for ransom. Last month, computer hackers targeted the Sacramento Regional Transit system, resulting in 30 million files being deleted. The ransom price demanded by the hackers for that attack was a single bitcoin. Now that ransom price is being doubled as hackers have hit the Mecklenburg, North Carolina county government and are demanding 2 bitcoins.


County Manager Dena Diorio said that the hackers got into the county’s system when an employee clicked on an email attachment they shouldn’t have. (It’s amazing in this day and age that people still click on strange email attachments.) Once the click took place, spyware and a worm were unleashed into the system, freezing all of the electronic files.

Diorio told county commissioners in a meeting that the files were being held for ransom as the hackers were demanding 2 bitcoins, which is now worth almost $25,000 (at the time of this article’s writing). The deadline for paying the ransom is 1pm EST today.

Dena Diorio told reporters that the county was considering paying the ransom, but she did express some concerns over doing so, stating:

There’s a risk you don’t get the decryption key and don’t get your files back. There’s also the chance if they think you’ll pay, they may try to get you to come back again.


Local governments and businesses do find themselves in a quandary when targeted by hackers. Is it actually cheaper to pay the hackers off to once again have access to critical files? A third-party group could restore said files, but using them could cost more than what the hackers were demanding. Of course, as Diorio mentioned above, paying off a hacker could embolden them to attack you again.

This difficult decision is summed up by Diorio when she said:

We need to determine how much it would cost (to pay) versus fixing it on our own. There are a lot of places that pay because it’s cheaper.

The short deadline is obviously putting pressure on the country commissioners to capitulate to the hackers. As of now, the county is switching to paper records for their employees today.

As for the hacking attack, County Manager Dena Diorio summed it up by saying:

I don’t think we were targeted. I don’t think we were at fault. There have been many, many institutions that have been breached. I think we do everything we can to keep our firewall secure.

The post HACKERS #HIT NORTH #CAROLINA COUNTY #GOVERNMENT AND #DEMAND TWO #BITCOIN #RANSOM appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Challenging #Government #Hacking: What’s at #Stake

Source: National Cyber Security – Produced By Gregory Evans

Challenging #Government #Hacking: What’s at #Stake

The FBI is making increasing use of an investigative technique that puts the public’s internet security at risk. This month, the ACLU filed amicus briefs in two cases to challenge the FBI’s use of this technique, which has significant cybersecurity implications for everyone.

The technique — government hacking — involves sending malware over the Internet to search computers remotely, often for information that is transmitted by or stored on anonymous targets’ computers. The malware can give investigators total control over a computer system. Absent extraordinary circumstances, courts should not grant this kind of power to law enforcement — much less with just a run-of-the-mill search warrant.

Malware — software designed to covertly damage a computer, take control of a system, or steal data — is not new to the federal government. The FBI has been deploying tools to search anonymous users’ computers since at least 2002. More recently, however, the FBI has expanded its use of this technique. Rather than deploying tailored malware against individual targets, the agency is now conducting “watering hole” operations that deliver malware to everyone who visits a particular webpage or pages. This can result in hundreds or thousands of computers being compromised, as well as the uncontrolled distribution of malware around the globe.

What the FBI didn’t disclose in court

This month, the ACLU filed briefs in the two cases pending before the Ninth Circuit Court of Appeals that involve the most recent publicly known malware investigation, aimed at users of the Playpen website. Playpen was a site primarily dedicated to disseminating child pornography, though it also hosted some lawful activities like chat and fiction forums. The FBI learned of Playpen, seized the server, and then actually ran the site out of its Virginia offices for two weeks. During that time, the federal government reportedly became one of the largest purveyors in the world of child pornography.  

The FBI took this step in an effort to identify people who visited the site, since visitors were using a privacy-protective web browser called Tor to mask their IP addresses, and thus their identities. (Playpen was designed so that only people using Tor could visit it. The U.S. government originally funded Tor, which serves as an essential tool for activism and free speech across the world. Journalists, bloggers, whistleblowers, human rights workers, and other activists have relied on the Tor network to avoid surveillance by potentially repressive regimes.) 

To obtain permission to deploy the malware —  to which the government gave the anodyne name “Network Investigative Technique,” or “NIT” — the government sought a warrant from a magistrate in the Eastern District of Virginia. The warrant granted the FBI permission to send computer instructions from Playpen to anyone who logged in with a user name and password. These instructions, the magistrate was told, would gather identifying information from the activating computers and send it to the FBI.

In Playpen, the FBI sought to search as many as 158,000 computersaround the world with this malware. As a result, there are now approximately 140 Playpen prosecutions for possession of child pornography wending their way through the federal courts. The ACLU has filed several other amicus briefs with the Electronic Frontier Foundation challenging Playpen searches on the grounds that a single warrant cannot lawfully authorize a search of more than 100,000 people, and that the searches unconstitutionally violated Federal Rule of Criminal Procedure 41, which at the time limited magistrates’ ability to authorize searches to the district in which they operate — whereas the Playpen searches were global in scope. (Rule 41 has since been modifiedand now removes that procedural obstacle for the government to hack remotely.)

In the  briefs we filed with several of our affiliates located in the Ninth Circuit this month — United States v. Tippens and United States v. Henderson — we argue that the FBI failed in its duty of candor to the magistrate judge, rendering the searches unconstitutional. What the FBI did not tell the magistrate judge, among other things, is that for its NIT to work, it had to force visitors’ computers to do something that Tor and every other web browser is not supposed to do — download, install, and run the code transmitted by a webpage. To get that to happen, the NIT used exploit code — software designed to take advantage of a flaw in the way the Tor browser works. Further, because the Tor browser runs on the Firefox Mozilla code, this exploit likely worked on millions of Firefox users.

In other words, the government became a hacker, sending exploit code around the country and the world, compromising browser security and searching computers for information. And astoundingly, it didn’t tell the court that this was how the NIT worked. It even kept secret from the magistrate the very fact that it was, through its exploit, planning to take advantage of a vulnerability in Tor (and likely Firefox).

While the public doesn’t know what the vulnerability was, it likely gave the government, in Mozilla’s words, “total control” over the users’ computers. The FBI may have chosen to use that power only to collect identifying information, as it represented in the search warrant affidavit. But it could have accessed far more — and more private — information.

Without knowing that the government’s malware contained an exploit, the court was not in a good position to closely supervise the computer searches that the FBI’s computer instructions conducted. The magistrate likely had no idea she should police the search to ensure that the government would not misuse its capabilities to search private data for which it had no probable cause. Where searches are particularly intrusive (and especially when they involve digital media like computers), Fourth Amendment case law recommends heightened standards of proof for issuing warrants, search protocols, destruction of unrelated materials, and more to ensure that legitimate government searches do not metastasize into fishing expeditions. The magistrate couldn’t have known that she might want to impose such safeguards in this case.

How FBI hacking can hurt the public

Beyond just the facts of this case, the government’s development, storage, and use of exploits create computer security risks for the public that cannot be mitigated by the warrant process. The government may lose control of malware if an insider leaks or sells the tools, if the government itself is hacked, or if a malware target identifies and publishes the code. Once a hacking tool has been disclosed outside the government, malicious actors have a window of opportunity to use it for their own nefarious purposes.

We know the risk that the government will lose control of exploits is real, because we’ve seen it happen a number of times:

In 2013, the FBI deployed malware on multiple websites hosted by a company called Freedom Hosting. This malware similarly took advantage of a Firefox security vulnerability to identify users of Tor. Innocent individuals who visited the targeted Freedom Hosting sites — which included TorMail, an encrypted email service used by all kinds of people all over the world to ensure privacy in their communications — noticed the hidden computer instructions embedded in the sites, and within days, the code was being “circulated and dissected all over the net.” Eventually, the same attack showed up “in the wild”, using essentially the same exploit the government used to compromise Freedom Hosting visitors to hack users of the Tor browser more widely.
The government’s exploits also can be stolen. In 2016, the public learned that an entity calling itself the Shadow Brokers obtained National Security Agency malware from an external NSA “staging server.” Following some initial attempts to sell the exploits, the Shadow Brokers dumped dozens of NSA hacking tools online for free in April 2017. One of the tools the Shadow Brokers released — called EternalBlue — exploited a flaw in Microsoft software. Once released, the tool was repurposed into a virulent piece of ransomware called WannaCry, which infected hundreds of thousands of computer systems worldwide in May 2017.
The very next month, another malware attack began spreading internationally after initially hitting critical infrastructure in Ukraine. Similar to WannaCry, the worm, dubbed NotPetya, made use of EternalBlue as well as another NSA exploit, called EternalRomance, also released by the Shadow Brokers. WannaCry and NotPetya infected such crucial systems as hospitals, power companies, shipping, and banking, endangering human life as well as economic activity.
Courts have said that dangerous tools used to effectuate otherwise lawful searches — tools like flashbang grenades and battering rams — can be unreasonable under the Fourth Amendment. Government malware is another such tool. Some investigative techniques are just too dangerous to use.

Cybersecurity is hard, and we are not doing a very good job of protecting the systems that we rely on. This task gets even harder if the government is an active attacker on the network with a vested interest in keeping computers insecure in case an investigator wants to conduct a search. If we aren’t careful, this powerful tool that the FBI now uses, like other powerful tools, will eventually trickle down to state and local police departments.

The government should be fighting to secure computers — not to hack them or to stockpile exploit codes that can be lost or stolen, and then misused and abused. As we told the Ninth Circuit, the Fourth Amendment needs to protect the public’s privacy and security. Secretive and unregulated government hacking endangers both.

The post Challenging #Government #Hacking: What’s at #Stake appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Russian government hackers used antivirus software to steal U.S. cyber capabilities

Source: National Cyber Security – Produced By Gregory Evans

Russian government hackers lifted details of U.S. cyber capabilities from a National Security Agency employee who was running Russian antivirus software on his computer, according to several individuals familiar with the matter. The employee had taken classified material home to work on it on his computer, and his use of…

The post Russian government hackers used antivirus software to steal U.S. cyber capabilities appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyberattack performed by Anonymous hackers on Israeli government ministry’s website

Source: National Cyber Security – Produced By Gregory Evans

Members of Anonymous hacked into the website of the Israeli Periphery Development Ministry’s Galilee Development Authority leaving a message with the organization’s symbol: “Israel is helping human terrorist groups,” they wrote. The website of the Israeli Periphery Development Ministry’s Galilee Development Authority was broken into by hackers from Anonymous, most…

The post Cyberattack performed by Anonymous hackers on Israeli government ministry’s website appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures


Source: National Cyber Security – Produced By Gregory Evans

The UK Government Has Issued Guidelines To Car Makers To Ensure Internet Connected Cars Are Protected From Hacking Vulnerabilities… THE UK GOVERNMENT has issued guidelines requiring makers of internet-connected cars to ensure are better shielded against cyber vulnerabilities. According to the British Government, it is concerned that ‘smart’ vehicles which…


View full post on National Cyber Security Ventures

Public bodies are vulnerable to hacking – government needs to step up to protect them

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans Barely a month passes in 2017 without some kind of IT failure hitting the headlines, but the hacks, leaks and breaches that make the news may represent just the tip of the iceberg. An investigation by the i newspaper has revealed that public bodies such as […] View full post on | Can You Be Hacked?

Your Company Has Been Hacked; Should You Call the Government?

Source: National Cyber Security – Produced By Gregory Evans

U.S. companies’ vulnerability to data security incidents through computer hacking has garnered unprecedented public awareness in the last 12 months. Given our increasing volume of user data generated in business and its significant value, hacking will remain a common feature in the data landscape. In one respect, the most sophisticated…

The post Your Company Has Been Hacked; Should You Call the Government? appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures