View Full Version : Infosec or Information Security 2018

06-20-2018, 08:46 AM
New thread, no pre-existing niche for this topic.

Information security, sometimes shortened to InfoSec, is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information.

Federal prosecutors have charged a former CIA software engineer with stealing secret material from the agency and passing it along to "an organization that purports to publicly disseminate classified, sensitive, and confidential information."

The superseding indictment announced Monday details charges against Joshua Adam Schulte, 29, pertaining to the theft and transmission of national defense information to "Organization-1" — which, though it's never named in the indictment, is widely believed to refer to WikiLeaks.

Last year, WikiLeaks published thousands of documents outlining the CIA's methods of hacking into computers, phones and other devices that connect to the Internet, in the agency's efforts to spy overseas.

All told, Schulte faces 13 counts in the indictment announced Monday — including not only the theft and transmission of government information, but also separate counts relating to alleged child pornography, copyright infringement, lying to investigators and obstruction of justice.

If convicted of all of them, he faces the possibility of up to 135 years in prison.


06-22-2018, 11:15 AM
The National Security Agency has moved most of the mission data it collects, analyzes and stores into a classified cloud computing environment known as the Intelligence Community GovCloud.

The IC GovCloud is a single integrated “big data fusion environment” that allows analysts to rapidly “connect the dots” across all NSA’s data sources, according to Chief Information Officer Greg Smithberger.

The impetus for the multi-year move is getting the NSA’s data, including signals intelligence and other foreign surveillance and intelligence information it ingests from multiple repositories around the globe into a single data lake analysts from the NSA and other IC agencies can run queries against.


06-30-2018, 01:59 AM
A data breach at a federally funded active shooter training center has exposed the personal data of thousands of US law enforcement officials, ZDNet has learned.
The cache of data contained identifiable information on local and state police officers, and federal agents, who sought out or underwent active shooter response training in the past few years. The backend database powers the website of Advanced Law Enforcement Rapid Response Training -- known as ALERRT -- at Texas State University.
The database dates back to April 2017 and was uploaded a year later to a web server, believed to be owned by the organization, with no password protection.

"This intelligence could be easily exploited by domestic terrorists or 'lone wolfs' to exploit the weaknesses discussed in this correspondence," he said. "For instance, an individual who wanted to push a particular state or local agency and the community it supports into a crisis need only look for an agency or community in this data that has expressed concern for their ability to respond to a active shooter."

The database has since been removed, but it's not known who else accessed it or what damage may have already been done.


07-25-2018, 11:12 AM
Russian hackers targeted control systems for electric utilities, Homeland Security says

DHS officials said the hackers last summer got access to vendors who provide computer services to electric utilities, and used that as a way in.

07-25-2018, 11:14 AM
Amid mounting warnings about another Russian cyberattack on the 2018 midterm elections, President Trump’s former homeland security adviser said a recent staff shakeup ordered by national security adviser John Bolton has left the White House with nobody in charge of U.S. cyber policy and raised concerns about “who is minding the store.”

“On cyber, there is no clear person and or clear driver, and there is no clear muscle memory,” said Tom Bossert, who served as White House homeland security adviser until last April, in an interview with the Yahoo News podcast Skullduggery.*


* Source may have ulterior motives for pearl clutchery.

07-29-2018, 03:23 PM
Suspected Russian “honeypot” prostitutes targeting tech execs and VCs in an infamous Silicon Valley lounge provide a salacious illustration of the region’s spy problem — but much of the espionage here looks like business as usual, according to a new report. The West Coast is seeing a “full-on epidemic of espionage” centered largely on Silicon Valley’s technology industry, the report said.


08-08-2018, 07:19 PM
They can Crossfit, they just can't OPSEC.

In a memo posted by Deputy Defense Secretary Patrick Shanahan on Monday, the Pentagon revealed the new rules, which will prevent members of the US military on active duty from using fitness trackers, any applications in mobile devices which use GPS, as well as any "other devices and apps that pinpoint and track the location of individuals." The Pentagon says that the information stored by GPS-based services can be uploaded to servers which then may be shared with third-parties -- and therein lies the risk.


09-26-2018, 04:40 AM
A 27-year-old Chinese citizen has been arrested for allegedly acting as an illegal agent for China within the United States, the Justice Department announced Tuesday. Federal prosecutors accused Ji Chaoqun, 27, of working for a “high-level intelligence officer” from a provincial arm of China’s Ministry of State Security while he was studying engineering and serving in the U.S. Army Reserves. Ji allegedly provided “information on eight individuals for possible recruitment.” “The individuals included Chinese nationals who were working as engineers and scientists in the United States, some of whom were U.S. defense contractors,” the press release states. Ji was admitted to the U.S. in 2013 to study electrical engineering at the Illinois Institute of Technology in Chicago and went on to serve in the Reserves, where he worked to recruit “certain legal aliens whose skills are considered vital” to U.S. national interests. Ji was arrested in Chicago and faces up to 10 years in prison.

09-26-2018, 04:45 AM
A 20-year employee of [Sen Diane] Feinstein’s, the agent had been reporting back to China’s Ministry of State Security for well over a decade before he was caught in 2013, according to the FBI.

A Chinese-American who doubled as both an office staffer and Feinstein’s personal driver, the agent reportedly was handled by officials based out of the People’s Republic of China’s consulate in San Francisco, which Feinstein helped set up when she was mayor of that city. He even attended consulate functions for the senator.

Feinstein says she took the staffer off her payroll “immediately” after the FBI informed her five years ago that her office had been infiltrated by Chinese intelligence, and agents had identified the mole in a briefing. In a statement, the Democratic senator insisted he had “no access to sensitive information” and that he was never charged with espionage.

In June 1996 — after the staffer had begun working for Feinstein — the FBI detected that the Chinese government was attempting to seek favor with the senator, who at the time sat on the East Asian and Pacific affairs subcommittee of the Foreign Relations Committee, which oversees US-China relations. Investigators warned her in a classified briefing that Beijing might try to influence her through illegal campaign contributions laundered through front corporations and other cutouts.