Infosec or Information Security 2018

[AdamG]

New thread, no pre-existing niche for this topic.

Information security, sometimes shortened to InfoSec, is the practice of preventing unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction of information.

Federal prosecutors have charged a former CIA software engineer with stealing secret material from the agency and passing it along to "an organization that purports to publicly disseminate classified, sensitive, and confidential information."

The superseding indictment announced Monday details charges against Joshua Adam Schulte, 29, pertaining to the theft and transmission of national defense information to "Organization-1" — which, though it's never named in the indictment, is widely believed to refer to WikiLeaks.

Last year, WikiLeaks published thousands of documents outlining the CIA's methods of hacking into computers, phones and other devices that connect to the Internet, in the agency's efforts to spy overseas.

All told, Schulte faces 13 counts in the indictment announced Monday — including not only the theft and transmission of government information, but also separate counts relating to alleged child pornography, copyright infringement, lying to investigators and obstruction of justice.

If convicted of all of them, he faces the possibility of up to 135 years in prison.

https://www.npr.org/2018/06/19/62133...al-information

[AdamG]

The National Security Agency has moved most of the mission data it collects, analyzes and stores into a classified cloud computing environment known as the Intelligence Community GovCloud.

The IC GovCloud is a single integrated “big data fusion environment” that allows analysts to rapidly “connect the dots” across all NSA’s data sources, according to Chief Information Officer Greg Smithberger.

The impetus for the multi-year move is getting the NSA’s data, including signals intelligence and other foreign surveillance and intelligence information it ingests from multiple repositories around the globe into a single data lake analysts from the NSA and other IC agencies can run queries against.

https://www.nextgov.com/emerging-tec...-cloud/149179/

[AdamG]

A data breach at a federally funded active shooter training center has exposed the personal data of thousands of US law enforcement officials, ZDNet has learned.
The cache of data contained identifiable information on local and state police officers, and federal agents, who sought out or underwent active shooter response training in the past few years. The backend database powers the website of Advanced Law Enforcement Rapid Response Training -- known as ALERRT -- at Texas State University.
The database dates back to April 2017 and was uploaded a year later to a web server, believed to be owned by the organization, with no password protection.

"This intelligence could be easily exploited by domestic terrorists or 'lone wolfs' to exploit the weaknesses discussed in this correspondence," he said. "For instance, an individual who wanted to push a particular state or local agency and the community it supports into a crisis need only look for an agency or community in this data that has expressed concern for their ability to respond to a active shooter."

The database has since been removed, but it's not known who else accessed it or what damage may have already been done.

https://www.zdnet.com/article/a-mass...ta-has-leaked/

[AdamG]

Russian hackers targeted control systems for electric utilities, Homeland Security says

DHS officials said the hackers last summer got access to vendors who provide computer services to electric utilities, and used that as a way in.

https://www.nbcnews.com/politics/pol...y-says-n894226

[AdamG]

Amid mounting warnings about another Russian cyberattack on the 2018 midterm elections, President Trump’s former homeland security adviser said a recent staff shakeup ordered by national security adviser John Bolton has left the White House with nobody in charge of U.S. cyber policy and raised concerns about “who is minding the store.”

“On cyber, there is no clear person and or clear driver, and there is no clear muscle memory,” said Tom Bossert, who served as White House homeland security adviser until last April, in an interview with the Yahoo News podcast Skullduggery.*

https://www.yahoo.com/news/former-tr...090017630.html

* Source may have ulterior motives for pearl clutchery.

[AdamG]

Suspected Russian “honeypot” prostitutes targeting tech execs and VCs in an infamous Silicon Valley lounge provide a salacious illustration of the region’s spy problem — but much of the espionage here looks like business as usual, according to a new report. The West Coast is seeing a “full-on epidemic of espionage” centered largely on Silicon Valley’s technology industry, the report said.

https://www.eastbaytimes.com/2018/07...cougar-nights/

[AdamG]

They can Crossfit, they just can't OPSEC.

In a memo posted by Deputy Defense Secretary Patrick Shanahan on Monday, the Pentagon revealed the new rules, which will prevent members of the US military on active duty from using fitness trackers, any applications in mobile devices which use GPS, as well as any "other devices and apps that pinpoint and track the location of individuals." The Pentagon says that the information stored by GPS-based services can be uploaded to servers which then may be shared with third-parties -- and therein lies the risk.

https://www.zdnet.com/article/pentag...ices-with-gps/