Information Assured

My friend and former colleague at Microsoft’s public sector practice, Bryan Hunt,  provides a great overview of our present threat landscape and a series of reminders with which to start the year.  Ransomware, criminal enterprise, and re-visitation of fundamental practices round out the show.  How can you spend the money necessary to get in front of the breach or assault?  What’s happening with the spike in bitcoin or other cryptocurrencies?  What’s driving that?  And what about the cost of the breach or a ransomware recovery?  Do you pay?  Do you prevent it?  How do you balance the economics?

Bryan Hunt on LinkedIn

Host: Matthew Hall, CISSP, CHFI, Security +

Apply 1.5 CEUs to any security, IT, project management continuing education certification maintenance.

Law Enforcement Round-Up Links:   Information Assured Links to Articles, Sources, Tools, and References

FBI Crime Statistics

• FBI Releases 2019 Crime Statistics — FBI

It’s that fun time of the year when we all have or will be voting.  Families, counties, and the country stand divided and under the influence of foreign intelligence services and criminal enterprise.  Our panel discusses many of these topics, including coverage on deep fakes, censorship issues, disinformation campaigns, and the real threat of foreign influence and election intervention.  How can we verify what we think we know?  How can we better discern what’s out in the environment?  In the news summary, Matt reviews the Federal Election Assistance Commission, the Google News Initiative, and a potpourri of stories that show the impacts from disinformation regarding False Claims of Hacked Voter Information Likely Intended to Cast Doubt on Legitimacy of U.S. Elections to how Twitter and other platforms censor stories related to the election.

Our panel discussion with Darren Mott, FBI Special Agent (Ret.) AKA “The Cybur Guy,” John Virden, Assistant Vice President for Security, Compliance, and Risk Management and CISO at Miami University, and Sam Horowitz, Chief Information Security Officer at UCSB, focuses on our impending election.

Show Links:  https://start.me/p/RMpwyD/information-assured-2020

It's national insider threat awareness month -- yeah, I didn't know either, but now you do too!  We take a brief survey of the Chinese perspectives on national security, including EC-8 surveillance sorties along the South China Sea, an assertion by the Chinese government that they do not interfere with US internal affairs, and the US response to alleged Chinese espionage emerging from the Houston Embassy.  A couple of arrest reports for an ex-US Army Special forces officer and a Chinese national throwing a hard drive in a dumpster complement our coverage of North Korean bank heists and $250 million in cryptocurrency seizures.

Our interview with Darren Mott, FBI Special Agent (Ret.) AKA "The Cybur Guy" focuses on Cyber Counterintelligence.

• Topics for Darren Mott, FBI Special Agent (Ret.), "The CyBUr Guy" Counterintelligence
  • Threat Actors
    • Who are the largest threat actors we face today?
    • Russia
    • Iran
    • North Korea
    • Criminal Enterprise
  • Federal Government Response
    • What is the CSOC? https://www.nationalcsoc.com/
    • Assistance to Small Contractors
    • Investigations
    • Foreign Engagement
    • Five Eyes Collaboration
  • Introductions
    • FBI Career of 21 years culminating in the Supervisory Special Agent/Private Sector Coordinator role
    • What is counterintelligence

Chinese hackers face US justice; the US Secret Service forms a permanent Cyber Crime task force; the UK’s National Crime Agency’s Operation Venetic yields 746 arrests; Fresno county identity theft arrest and a flamboyant, FBI most wanted Russian hacker’s 5 million dollar bounty rounds out the law enforcement update.  Our interview with John Virden follows the roundup.

John Virden, Assistant Vice President for Security, Compliance, and Risk Management and CISO at Miami University, and I discuss the 2020 Verizon Data Breach Investigations Report 2020. 

• Threat Actors
• Top Patterns
• Data compromised
• Incident classification patterns and subsets
• Frequency
• Actor motives
• Top Controls

Host: Matthew Hall, CISSP, CHFI, Security +

Apply .5 CEUs to any security, IT, project management continuing education certification maintenance.

1. Intro
2. Law Enforcement Round-Up:  https://start.me/p/RMpwyD/information-assured-2020
   1. Chinese Malicious Cyber Activity | CISA
   2. Two Chinese Hackers Charged in Global Computer Intrusion Campaign — FBI
   3. Secret Service Announces the Creation of the Cyber Fraud Task Force
   4. Secret Service Wanted Fugitive: Computer Fraud
   5. London: Can you name them? Appeal for information following sexual assaults... - Metropolitan Police
   6. UK: NCA and police smash thousands of criminal conspiracies after infiltration of encrypted communicati...
   7. Assistant Manager at Fresno County Retail Store Arrested for $100,000 in Credit Card Fraud | USAO-E...
   8. Alleged Russian Hacker Behind $100 Million Evil Corp Indicted | WIRED
   9. MAKSIM VIKTOROVICH YAKUBETS — FBI
   10. U.S. orders China to shut Houston consulate as spying accusations mount - Reuters

Tags: Security,UCSB,Miami,Russian,Hacker, Evil,Evil Corp,Virus,Crime,Cybercrime,Fraud,BEC,CEU,CISSP,CSF,Framework,Cyber,Cybersecurity,Infosec,InformationAssurance,Virden,Ransomware,Ransom, China,FBI,Most Wanted

Categories:  Security,UCSB,SECLAB,CSF,CISSP,CEU  

AWS denial of service, on-going investigations $4.7million business email compromise scam, a student-led missing person cyber investigation initiative, NZ’s seizure of $90 million in assets of alleged Russian criminal enterprise, DDOS service for hire sentencing, and mapping out the deep fake landscape rounds out the law enforcement update.  Our interview with Giovanni Vigna follows the roundup.

Professor and security entrepreneur Giovanni Vigna (UCSB Sec Lab and Founder of Lastline TDI) and I discuss contemporary issues related to his research and experience regarding the current cybersecurity threat landscape: 

• Nation-State Threats
• Criminal Enterprise
• Insider Threat
• Political Threat
• Other Threats

IoT threats, drones, privacy, surveillance, the society meets tech, deep fakes, corporate and personal Protections, and his background as a security entrepreneur round out the interview.

Host: Matthew Hall, CISSP, CHFI, Security +

Apply .5 CEUs to any security, IT, project management continuing education certification maintenance.

Drones snooping on royals, FBI announces an insider threat conviction, more COVID 19 fraud prevention resources from both Google and the UK Government, cybercrime unit announced in Cumbria, and how Apple approached looting theft from its retail outlets, round out our law enforcement and technology section followed by a conversation with TBI’s Assistant Director for Technology and Innovation, Rich Littlehale.  

We talk through the International Association of Chiefs of Police Digital Evidence Taskforce on issues ranging from encryption, sensor data, personal data, policy considerations, and extra-territorial data custody.  We start off with a discussion related to the importance of digital transformation in law enforcement.

Rich and I discuss 

• Rich’s career at the TBI
• The latest IACP Technology and Cybercrime Issues
• Encryption
• Sensor Data
• Personal Data
• Policy Considerations
• Extra-Territorial Data Custody

Host: Matthew Hall, CISSP, CHFI, Security +

Apply .5 CEUs to any security, IT, project management continuing education certification maintenance.

1. Intro
2. Law Enforcement Round-Up:  https://start.me/p/RMpwyD/information-assured-2020
   1. FBI: Man Arrested in Connection with an Attempt to Kidnap Law Enforcement — FBI
   2. IT manager sentenced for hacking into and sabotaging his former employer’s computer network | USAO-...
   3. Man sentenced to death in Singapore on Zoom call - Reuters
   4. Google Scam Spotter
   5. Coronavirus (COVID-19): fraud and cyber crime - GOV.UK
   6. Apple Warns Looters With Stolen iPhones: You Are Being Tracked
   7. A year since the launch of cybercrime unit in Cumbria | The Westmorland Gazette
   8. Harry & Meghan Call Police After Drones Fly Over Their LA Home: Report | E! News
   9. Google deal with the Department of Defense 
   10. Michigan Launches Cybercrime Hotline - Infosecurity Magazine
   11. Search Discord Servers | DISBOARD: Discord Server List
3. Conversation with Rich  -- LinkedIn for more information at https://www.linkedin.com/in/rich-littlehale-57b4aa9/.

COVID fraud warnings, the UK’s National Cyber Security Centre's suspicious email reporting service,  Dubai’s police deal with COVID fraud, Microsoft tracks ransomware groups, a fake FBI special agent starts dating, porn blackmail, counter-drone tech, and the Metropolitan Police force’s virtual police academy highlight our law enforcement round-up followed by a conversation with retired FBI Supervisory Special Agent Scott Augenbaum the author of The Secret to Cybersecurity: A Simple Plan to Protect Your Family and Business from Cybercrime.  As a generous nod to our listeners, Scott will send you a personal copy of his book if you are one of the first five to send him an email: Information Assured Podcast as the title (email available address on the show website).

Scott and I discuss 

• Scott’s career at the FBI
• The story of his book
• Fraud
• Personal Protection
• Corporate Protections
• Nation-States and our Economy

Scott reveals his four truths of cybersecurity during our conversation, and he delivers with an energy and enthusiasm I think you’ll appreciate.  I’ve had the pleasure of working with Scott for many years, and he was indirectly responsible for my training and professional experiences with ENCASE and FTK through a regional ICAC team in Tennessee.

1. Law Enforcement Round-Up:  ONLINE EXTORTION SCAMS INCREASING DURING THE COVID-19 CRISIS 
2. Law Enforcement Round-Up:  Citizens flagged over 160,000 suspicious emails to NCSC in two weeks 
3. Law Enforcement Round-Up:  Coronavirus: Hackers pose as Dubai Police to steal bank details 
4. Law Enforcement Round-Up:  Ransomware groups continue to target healthcare, critical services; here's how to reduce risk 
5. Law Enforcement Round-Up:  Monroe Woman Who Posed As An FBI Agent On Dating Websites Is Sentenced To Prison 
6. Law Enforcement Round-Up:  Met welcomes 320 new recruits
7. Law Enforcement Round-Up: How the Justice Department is Permitted to Use Counter-Drone Technology 
8. Conversation with retired FBI Supervisory Special Agent Scott Augenbaum the author of The Secret to Cybersecurity: A Simple Plan to Protect Your Family and Business from Cybercrime.
9. Closing Remarks

Overview 

Fraud warnings, rapid DNA tests for arrestees, electronic facial identification, London cold case, serial child porn conviction, Russian hacking e-commerce platform takedown, and Chinese espionage highlight our law enforcement round-up followed by a conversation on the NIST Cybersecurity Framework with Salvador Ortega.

Salvador and I walk through the NIST Cybersecurity Framework’s significant functions and categories and discuss our operational perspectives emerging under each function, category, and sub-category.  “The Framework is voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications amongst both internal and external organizational stakeholders.”

Salvador Ortega, CISSP, Director of Cybersecurity at Vanderbilt University Medical Center, joins me to discuss the Framework in the context of his 13 years at VUMC.  I’ve had the pleasure of working with Sal for many years, and he’s demonstrated a fact-based approach to analyzing security risks and vulnerabilities. It’s a pleasure to have this experienced practitioner for our discussion.

Host: Matthew Hall, CISSP, CHFI, Security +

Apply .5 CEUs to any security, IT, project management continuing education certification maintenance.

Outline

1. Intro
2. Law Enforcement Round-Up:  California Attorney General March 26th Consumer Alert for Charity Fraud  
3. Law Enforcement Round-Up:   US Secret Service March 20th, 2020, COVID Virus Phishing Advisory 
4. Law Enforcement Round-Up:  Florida Department of Law Enforcement February 26th, 2020 FDLE, LCSO unveils nation’s first automated rapid DNA collection 
5. What is EFIT?  
6. Law Enforcement Round-Up: London Metropolitan Police April 2nd, 2020, Electronic Facial Identification Technique for 2005 Rape Case
7. Law Enforcement Round-Up:   London Metropolitan Police March 5th,2020, Man convicted of making indecent images of children for the second time
8. Law Enforcement Round-Up:   FBI March 24th, 2020, FBI Takes Down a Russian-based Hacker Platform; Arrests Suspected Russian Site Administrator
9. Law Enforcement Round-Up:  US Department of Justice,  February 27th, 2020,  Chinese National Sentenced for Stealing Trade Secrets Worth $1 Billion
10. What is the National Institute of Standards and Technology (NIST)?
11. What is the NIST Cybersecurity Framework (CSF)? 
12. NIST CSF Discussion with Vanderbilt University’s Salvador Ortega
13. Closing Remarks

How do you run your business when everything around you falls apart?  The idea of business continuity usually sits on the back burner until the event happens, and this event is here.  This episode covers a few February cyber-crimes and then turns to address the Coronavirus outbreak and how Lisa and I work from our central coast of California home during the crisis.  The positive news is that we will get through this event. It will change the way we conduct business and manage our workplace thanks to technologies that facilitate remote work, instruction, business, and security.

Host: Matthew Hall, CISSP, CHFI, Security +

Apply .5 CEUs to any security, IT, project management continuing education certification maintenance.

1. Intro
2. Google Trends, Bernie Sanders, and the Corona Virus
3. Law Enforcement Round-Up: Microsoft Engineer Convicted, February 2020
4. Law Enforcement Round-Up: Medical Worker Pleads Guilty to Identity Theft, January 2020
5. Law Enforcement Round-Up: Five online fraudsters sent to prison for £10m fraud
6. What is the Corona Virus and Where are We Now
7. Business Continuity in the face of a natural disaster or infectious disease
8. Lisa and Matt Discuss Real Life Covid Remote Work
9. At home Security Check
10. Closing Remarks

The monthly fraud, hacking, threat, technology, and management development recap framed through the lens of 30 years of experience in law enforcement, medicine, oil and gas,  high tech, investment banking, and higher education.

The FBI received 467,361 cybercrime complaints in 2019 including a detailed account of a case in Dallas Federal Court where the alleged perpetrators targeted corporations and lonely ladies.

“... more than $3.5 billion in losses to individual and business victims. The most frequently reported complaints were phishing and similar ploys, non-payment/non-delivery scams, and extortion. The most financially costly complaints involved business email compromise, romance or confidence fraud, and spoofing, or mimicking the account of a person or vendor known to the victim to gather personal or financial information.”

The wrap up concludes with a summary of a 2019 ransomware report and actual attack impacts on cities like Baltimore and New Orleans.  It concludes with what you can do by way of prevention and incident response recommendations.

Host: Matthew Hall, CISSP, CHFI, Security +