DOCSLIB.ORG

Cascades: the Anonymous Hack of Hbgary (Epilogue)

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cascades: the Anonymous Hack of Hbgary (Epilogue) Case Study | 2016 | RELEASE 1.0 Cascades: The Anonymous Hack of HBGary (Epilogue) OPEN TECHNOLOGY INSTITUTE | @NEWAMERICA | CASCADES (Epilogue) 1 OPEN TECHNOLOGY INSTITUTE | @NEWAMERICA | CASCADES (Epilogue) 2 This case study was created as part of the Open Technology Institute’s (OTI) effort to create a curriculum focused on how digital technology is transforming public policy and governance. It is intended for use in a classroom setting. OPEN TECHNOLOGY INSTITUTE | @NEWAMERICA | CASCADES (Epilogue) 3 CASCADES On Friday, February 4, 2011, The Financial Times The Aftermath reported that Aaron Barr, then the CEO of HBGary In the weeks after the hack, things went from bad Federal, a company that sold IT security services to worse for Barr and his firm. At first, Barr tried to the federal government, had uncovered the to downplay his research on Anonymous; in an names of senior leaders in Anonymous, a interview several days after the attack, he told prominent hacktivist collective.1 With Barr Parmy Olson, a Forbes reporter and Anonymous planning to meet with the FBI on Monday, the expert, that the document the hacktivists had hacktivists swung into action over the weekend, focused on was “an old copy of [his] research” and exploiting a series of weaknesses in the company’s that he merely planned to meet with, not sell IT defenses to gain access to Barr’s e-mails and information to, the FBI.7 But the situation did not company papers (including a document die down. Barr soon canceled his presentation at containing Barr’s research on Anonymous). They the B-Sides security conference, and by mid- also penetrated the HBGary Federal website and February the entire HBGary delegation pulled out accessed the user database for Rootkit.com, a after the company’s booth was vandalized.8 (As website created by HBGary, Inc. founder and CEO Richard Stiennon, the founder of IT-Harvest, an Greg Hoglund.2, 3 Over the weekend, Barr entered IT security analyst firm, and a widely published Anonymous chat rooms in an attempt to defuse author and veteran analyst in the IT security field, the situation; HBGary, Inc.’s President, Penny noted, those booths are extremely expensive.9) Leavy, then attempted the same tact, without success.4 Before long, the hacktivists had posted For his part, Hoglund was trying to stem the online more than 60,000 of HBGary’s e-mails. backlash. As part of that effort, he worked with a The hacktivists also took over Barr’s Twitter team of lawyers to draft a letter, which was sent to account and posted sensitive information, HBGary customers and hinted, as Olson wrote, including his social security and cell phone that the hacktivists “had gone to great lengths” to 10 numbers.5, 6 penetrate the company’s defenses. He also discussed the hack with the press, telling a With the situation spiraling out of control, Barr reporter, “They [the hacktivists] are causing me a and his colleagues were left to wonder if there was great deal of pain right now … What they’re doing anything they could do to salvage the situation. right now is not hacktivism, it’s terrorism. They’ve And as the rest of the world learned of the really crossed a line here.”11 Still, some felt escalating crisis, industry leaders, public policy HBGary Federal might have crossed a line, too: by leaders, and academics started to discuss what, if the end of the month, the company had to deal anything, they could learn from HBGary’s with calls for a Congressional probe into the experience. controversial plans of Team Themis, an alliance among three security firms Barr had established in late 2010 in an attempt to earn a contract with OPEN TECHNOLOGY INSTITUTE | @NEWAMERICA | CASCADES (Epilogue) 4 Hunton & Williams—a law firm that had several temporarily disabled websites or defaced websites clients (including the U.S. Chamber of Commerce) with a message. The former were often disruptive that reportedly might be interested in HBGary’s but according to Peter Krapp, a professor of film services.12, 13 and media studies at University of California- Irvine, are comparable to a sit in or protest that As the controversy continued to swirl, Barr made it difficult to access a company’s physical 14 announced his resignation. One year later, in late property; similarly, the latter attack was often winter 2012, HBGary, Inc. was acquired by equated with graffiti that tarnished physical ManTech International Corporation, and HBGary property.19 Publishing sensitive documents, a Federal had closed. Hoglund depicted this as a technique that technology security expert Bruce positive development for HBGary, Inc., which had Schneier called “organizational doxing,” pushed actually experienced an increase in sales since the the hacktivists’ behavior into a new, more serious hack had occurred. “This is great news,” he said. domain.20 “We have a billion-dollar company backing us.”15 Nonetheless, another school of thought suggested Nonetheless, even in the HBGary hack, the that the company Anonymous had attacked no hacktivists eventually drew the line, refusing to longer exited as an independent entity. post the social security numbers of any HBGary employees (except Barr) and not releasing any Anonymous and Hacktivism information or images connected to employees’ kids.21 This reinforced the difficulty of casting the Emboldened by the success of their takedown of hacktivists’ actions as purely unethical. As Krapp HBGary, Anonymous—and its offshoots, AntiSec argued, “In my view, the Anonymous hack of and LulzSec—undertook ambitious efforts, HBGary was neither noble…nor simply vindictive including activities connected to the 2012 Occupy or vulgar. It was a reaction to a pointed Wall Street movement and attacks against Sony, provocation.” the U.S. Senate, PBS, and the CIA.16, 17 As Stiennon observed, the Anonymous hack of HBGary However, Joseph Menn, the author of The preceded a “high-water mark” for Anonymous and Financial Times stories on HBGary, argues that it hacktivism more broadly. Nonetheless, is imperative to recognize that, amid all of the Anonymous had to wrestle with challenges, most events surrounding the HBGary hack, the notably continued scrutiny from law enforcement hacktivists were the only ones who had clearly agencies, including arrests of several hacktivists engaged in criminal behavior. He explained via e- 18 connected to the HBGary hack. mail: The HBGary hack—and the increasingly high- Yes, Barr messed up in his hype profile hacks that followed—also intensified the and more importantly in his own debate surrounding the ethics of hacktivism. On security. Yes, security firms often the one hand, by publishing sensitive documents, have stunningly bad security—there the hacktivists seemed to take their actions to have been a rash of much worse another, more dangerous level. In the past, breaches, at RSA, Bit9, VeriSign, etc. Anonymous had often launched DDoS attacks that But the core problems here, to me, are OPEN TECHNOLOGY INSTITUTE | @NEWAMERICA | CASCADES (Epilogue) 5 that there are criminal and activist being violated, because they are hackers and that the technology we highly targeted. are all saddled with is something very close to indefensible. Yes, Barr The HBGary hack—and similar incidents—also thumbed his nose at the wrong provide government officials an opportunity to people. But he did nothing criminal, think about how they can craft more effective and they did, and the world would be cybersecurity policy. Melissa Hathaway, formerly a worse place if we all avoided doing legal the acting senior director for cyberspace at the things because we were afraid of National Security Council and a cybsersecurity criminals.22 advisor to Presidents George W. Bush and Barack Obama, suggests that future policymakers The Technology Security Industry, maintain several priorities. One is remaining Public Policy, and Individual Security cognizant of the interplay of economic and security issues. New technologies, Hathaway Meanwhile, technology security experts were left emphasized, are often adopted for economic to ponder what they could do differently. One of reasons (e.g., boosting efficiency and productivity the most important takeaways, Stiennon argued or ease of use), with little regard for their security (and one that he actually felt has benefitted the implications. The risk, Hathaway suggested, is field), is that companies that are investigating (or that economic policymakers see “[IT security as] attacking) hacktivists have learned not to publicize somebody else’s job.” But from Hathaway’s point their plans, lest they prompt reprisals like the one of view, those conversations must become that HBGary experienced. Nonetheless, this comes interwoven because adopting new technologies, with another challenge: if companies cannot while potentially beneficial economically, also has market their work, it becomes harder to build a enormous security implications. She elaborated: client base. When IT is embedded in all Another crucial lesson learned is that technology operations, and you’re the person security companies need to bolster their security responsible for delivering the techniques, something which, according to business…you’re responsible for Stiennon, has not happened. He lamented: aligning both the economic of embracing it and the risk management The thing that came out of that of embracing it. And right now those apparently is the lack of good two issue areas are completely security at security vendors. It is separated…[But they are not] apparent that most security vendors separate issues. They are one and the don't heed their own doctrine. same coin, just two different sides [of They just think that they're just like that coin].”23 anybody else. They produce a software or a hardware, sell it, and Similarly, individuals are wrestling with what nobody would attack them. There are events like the HBGary hack means for them. many, many cases of security companies OPEN TECHNOLOGY INSTITUTE | @NEWAMERICA | CASCADES (Epilogue) 6 Some experts argue that it demonstrates the need sphere, we would have lost something for people to be far more circumspect vis-à-vis truly fundamental.
Load more

Recommended publications
  • (U//Fouo) Assessment of Anonymous Threat to Control Systems
    UNCLASSIFIED//FOR OFFICIAL USE ONLY A‐0020‐NCCIC / ICS‐CERT –120020110916 DISTRIBUTION NOTICE (A): THIS PRODUCT IS INTENDED FOR MISION PARTNERS AT THE “FOR OFFICIAL USE ONLY” LEVEL, ACROSS THE CYBERSECURITY, CRITICAL INFRASTRUCTURE AND / OR KEY RESOURCES COMMUNITY AT LARGE. (U//FOUO) ASSESSMENT OF ANONYMOUS THREAT TO CONTROL SYSTEMS EXECUTIVE SUMMARY (U) The loosely organized hacking collective known as Anonymous has recently expressed an interest in targeting inDustrial control systems (ICS). This proDuct characterizes Anonymous’ capabilities and intent in this area, based on expert input from DHS’s Control Systems Security Program/Industrial Control Systems Cyber Emergency Response Team (ICS‐CERT) in coordination with the other NCCIC components. (U//FOUO) While Anonymous recently expressed intent to target ICS, they have not Demonstrated a capability to inflict Damage to these systems, instead choosing to harass and embarrass their targets using rudimentary attack methoDs, readily available to the research community. Anonymous does have the ability to impact aspects of critical infrastructure that run on common, internet accessible systems (such as web‐based applications and windows systems) by employing tactics such as denial of service. Anonymous’ increased interest may indicate intent to Develop an offensive ICS capability in the future. ICS‐CERT assesses that the publically available information regarding exploitation of ICS coulD be leveraged to reDuce the amount of time to develop offensive ICS capabilities. However, the lack of centralized leadership/coordination anD specific expertise may pose challenges to this effort. DISCUSSION (U//FOUO) Several racist, homophobic, hateful, and otherwise maliciously intolerant cyber and physical inciDents throughout the past Decadea have been attributeD to Anonymous, though recently, their targets and apparent motivations have evolved to what appears to be a hacktivist1 agenda.
    [Show full text]
  • How We Became Legion: Burke's Identification and Anonymous By
    How We Became Legion: Burke's Identification and Anonymous by Débora Cristina Ramos Antunes da Silva A thesis presented to the University of Waterloo in fulfilment of the thesis requirement for the degree of Master of Arts in English - Rhetoric and Communication Design Waterloo, Ontario, Canada, 2013 © Débora Cristina Ramos Antunes da Silva 2013 I hereby declare that I am the sole author of this thesis. This is a true copy of the thesis, including any required final revisions, as accepted by my examiners. I understand that my thesis may be made electronically available to the public. ii Abstract This thesis presents a study of how identification, according to Kenneth Burke's theory, can be observed in the media-related practices promoted by the cyber-activist collective Anonymous. Identification is the capacity of community-building through the use of shared interests. Burke affirms that, as human beings are essentially social, identification is the very aim of any human interaction. Cyber-activism deeply relies on this capacity to promote and legitimise its campaigns. In the case of Anonymous, the collective became extremely popular and is now a frequent presence even in street protests, usually organised online, around the world. Here, I argue that this power was possible through the use of identification, which helped attract a large number of individuals to the collective. Anonymous was particularly skilled in its capacity to create an ideology for each campaign, which worked well to set up a perfect enemy who should be fought against by any people, despite their demographic or social status. Other forms of identification were also present and important.
    [Show full text]
  • About the Sony Hack
    All About the Sony Hack Sony Pictures Entertainment was hacked in late November by a group called the Guardians of Peace. The hackers stole a significant amount of data off of Sony’s servers, including employee conversations through email and other documents, executive salaries, and copies of unreleased January/February 2015 Sony movies. Sony’s network was down for a few days as administrators worked to assess the damage. According to the FBI, the hackers are believed have ties with the North Korean government, which has denied any involvement with the hack and has even offered to help the United States discover the identities of the hackers. Various analysts and security experts have stated that it is unlikely All About the Sony Hack that the North Korean government is involved, claiming that the government likely doesn’t have the Learn how Sony was attacked and infrastructure to succeed in a hack of this magnitude. what the potential ramifications are. The hackers quickly turned their focus to an upcoming Sony film, “The Interview,” a comedy about Securing Your Files in Cloud two Americans who assassinate North Korean leader Kim Jong-un. The hackers contacted Storage reporters on Dec. 16, threatening to commit acts of terrorism towards people going to see the Storing files in the cloud is easy movie, which was scheduled to be released on Dec. 25. Despite the lack of credible evidence that and convenient—but definitely not attacks would take place, Sony decided to postpone the movie’s release. On Dec. 19, President risk-free. Obama went on record calling the movie’s cancelation a mistake.
    [Show full text]
  • Sample Iis Publication Page
    https://doi.org/10.48009/1_iis_2012_133-143 Issues in Information Systems Volume 13, Issue 1, pp. 133-143, 2012 HACKERS GONE WILD: THE 2011 SPRING BREAK OF LULZSEC Stan Pendergrass, Robert Morris University, [email protected] ABSTRACT Computer hackers, like the group known as Anonymous, have made themselves more and more relevant to our modern life. As we create and expand more and more data within our interconnected electronic universe, the threat that they bring to its fragile structure grows as well. However Anonymous is not the only group of hackers/activists or hacktivists that have made their presence known. LulzSec was a group that wreaked havoc with information systems in 2011. This will be a case study examination of their activities so that a better understanding of five aspects can be obtained: the Timeline of activities, the Targets of attack, the Tactics the group used, the makeup of the Team and a category which will be referred to as The Twist for reasons which will be made clear at the end of the paper. Keywords: LulzSec, Hackers, Security, AntiSec, Anonymous, Sabu INTRODUCTION Information systems lie at the heart of our modern existence. We deal with them when we work, when we play and when we relax; texting, checking email, posting on Facebook, Tweeting, gaming, conducting e-commerce and e- banking have become so commonplace as to be nearly invisible in modern life. Yet, within each of these electronic interactions lies the danger that the perceived line of security and privacy might be breached and our most important information and secrets might be revealed and exploited.
    [Show full text]
  • The 2014 Sony Hack and the Role of International Law
    The 2014 Sony Hack and the Role of International Law Clare Sullivan* INTRODUCTION 2014 has been dubbed “the year of the hack” because of the number of hacks reported by the U.S. federal government and major U.S. corporations in busi- nesses ranging from retail to banking and communications. According to one report there were 1,541 incidents resulting in the breach of 1,023,108,267 records, a 78 percent increase in the number of personal data records compro- mised compared to 2013.1 However, the 2014 hack of Sony Pictures Entertain- ment Inc. (Sony) was unique in nature and in the way it was orchestrated and its effects. Based in Culver City, California, Sony is the movie making and entertain- ment unit of Sony Corporation of America,2 the U.S. arm of Japanese electron- ics company Sony Corporation.3 The hack, discovered in November 2014, did not follow the usual pattern of hackers attempting illicit activities against a business. It did not specifically target credit card and banking information, nor did the hackers appear to have the usual motive of personal financial gain. The nature of the wrong and the harm inflicted was more wide ranging and their motivation was apparently ideological. Identifying the source and nature of the wrong and harm is crucial for the allocation of legal consequences. Analysis of the wrong and the harm show that the 2014 Sony hack4 was more than a breach of privacy and a criminal act. If, as the United States maintains, the Democratic People’s Republic of Korea (herein- after North Korea) was behind the Sony hack, the incident is governed by international law.
    [Show full text]
  • Risk Report Back in October 2016, Dyn Encountered a Massive DNS Ddos Attack That Knocked
    Dyn DNS Cyberattack By Bryce Kolton 12/7/2016 | INFO 312 Introduction On October 21st 2016, a terabit sized attack took down internet connectivity for users across the globe. Over three waves, millions of users were interrupted during main business hours. The attack targeted Dyn (pronounced “dine”), a company that in part provides Domain Name Service registration for websites. Companies affected included Amazon, BBC, CNN, Comcast, Fox, GitHub, Netflix, PayPal, Reddit, Starbucks, Twitter, Verizon, Visa, Wikia and hundreds more. Credit card terminals were inoperative, news sites unavailable, and users unable to reach some of the internet’s most popular websites. The internet ground to a halt for several hours, with major Fortune 500 companies among those affected. The focus of this risk management report will be the cyberattack at large; The background, causes, previous mitigations, response, still present risks, and recommendations after one of the largest cyberattacks ever recorded. Understanding the Domain Name Service As an illustrative example, let’s say you want to visit a new grocery store your friend just told you about, “Sya’s Grocery.” You know the name, but you need to find the physical address. By using a service like Google Maps, you can transcribe the human-readable name into the destination. The Domain Name Service works much the same way, but for URLs. When you type in “google.com,” your computer is clueless to the ‘real address’ it’s supposed to go to. That’s where DNS steps in: your device asks its closes DNS server “Who is ‘google.com’?” If the server doesn’t know, it’ll pass the request along until it finds a server that does.
    [Show full text]
  • Attack on Sony 2014 Sammy Lui
    Attack on Sony 2014 Sammy Lui 1 Index • Overview • Timeline • Tools • Wiper Malware • Implications • Need for physical security • Employees – Accomplices? • Dangers of Cyberterrorism • Danger to Other Companies • Damage and Repercussions • Dangers of Malware • Defense • Reparations • Aftermath • Similar Attacks • Sony Attack 2011 • Target Attack • NotPetya • Sources 2 Overview • Attack lead by the Guardians of Peace hacker group • Stole huge amounts of data from Sony’s network and leaked it online on Wikileaks • Data leaks spanned over a few weeks • Threatening Sony to not release The Interview with a terrorist attack 3 Timeline • 11/24/14 - Employees find Terabytes of data stolen from computers and threat messages • 11/26/14 - Hackers post 5 Sony movies to file sharing networks • 12/1/14 - Hackers leak emails and password protected files • 12/3/14 – Hackers leak files with plaintext credentials and internal and external account credentials • 12/5/14 – Hackers release invitation along with financial data from Sony 4 Timeline • 12/07/14 – Hackers threaten several employees to sign statement disassociating themselves with Sony • 12/08/14 - Hackers threaten Sony to not release The Interview • 12/16/14 – Hackers leaks personal emails from employees. Last day of data leaks. • 12/25/14 - Sony releases The Interview to select movie theaters and online • 12/26/14 –No further messages from the hackers 5 Tools • Targeted attack • Inside attack • Wikileaks to leak data • The hackers used a Wiper malware to infiltrate and steal data from Sony employee
    [Show full text]
  • List of Targets of Arrested Computer Hackers 6 March 2012
    List of targets of arrested computer hackers 6 March 2012 The five computer hackers charged in New York Tribune and Los Angeles Times, using on Tuesday and a sixth who pleaded guilty are misappropriated login credentials. accused of involvement in some of the most notorious hacking incidents of the past 18 months. -- February 2011: A cyberattack on private computer security firm HBGary that involved the The following are some of the cyberattacks in theft of 60,000 emails from HBGary employees and which the two Britons, two Irishmen and two the HBGary chief executive, as well as defacing his Americans allegedly played a role as members of Twitter account. Anonymous, Lulz Security or associated groups: -- April-May 2011: A cyberattack on a Fox -- December 2010: Operation Payback. Distributed Broadcasting Company website that involved the denial of service (DDoS) attacks by members of theft of names, dates of birth, telephone numbers, Anonymous on the websites of MasterCard, email and residential addresses for more than PayPal and Visa in retaliation for their refusal to 70,000 potential contestants on the Fox television accept donations for WikiLeaks. In a DDoS attack, show the "X-Factor." a website is bombarded with traffic, slowing it down or knocking it offline completely. -- May 2011: A cyberattack on Sony Pictures Entertainment that revealed the passwords, email -- January 2011: Defacing a website of the Irish addresses, home addresses and dates of birth of political party Fine Gael after accessing computer 100,000 users of the www.sonypictures.com servers in Arizona used to maintain the website, website and a subsequent online attack against www.finegael2011.com.
    [Show full text]
  • Easier Said Than Done: Legal Reviews of Cyber Weapons
    Easier Said Than Done: Legal Reviews of Cyber Weapons Gary D. Brown* & Andrew O. Metcalf** INTRODUCTION On June 1, 2012, author and New York Times reporter David Sanger created a sensation within the cyber-law community. Just over a year previously, Vanity Fair, among other media outlets, reported that a malware package of unprec- edented complexity had effectively targeted the Iranian nuclear research pro- gram.1 The malware, which came to be known as Stuxnet, was also discovered on many computer systems outside Iran, but it did not appear to do any damage to these other systems. Just as the discussions spurred by the discovery of Stuxnet had begun to die down, the New York Times published an interview with Mr. Sanger to discuss his newest book, in which he alleged that the Stuxnet malware had been part of a U.S. planned and led covert cyber operation. The assertion that a nation state had used a “cyber attack” in support of its national objectives reinvigorated the attention of cyber-law commentators, both in and out of government. What makes Stuxnet interesting as a point of discussion is that the basic functioning of the software is easy to understand and easy to categorize. A piece of software was deliberately inserted into the target systems, and physical damage was the result. However, resulting physical damage is not characteristic of most cyber operations, and the legal analysis of Stuxnet is of limited utility when examining a broad range of cyber activities.2 A distinct lack of physical effects is much more characteristic of cyber operations, and the absence of physical effects has continued to complicate the legal analysis of cyber in the context of military operations.
    [Show full text]
  • A PRACTICAL METHOD of IDENTIFYING CYBERATTACKS February 2018 INDEX
    In Collaboration With A PRACTICAL METHOD OF IDENTIFYING CYBERATTACKS February 2018 INDEX TOPICS EXECUTIVE SUMMARY 4 OVERVIEW 5 THE RESPONSES TO A GROWING THREAT 7 DIFFERENT TYPES OF PERPETRATORS 10 THE SCOURGE OF CYBERCRIME 11 THE EVOLUTION OF CYBERWARFARE 12 CYBERACTIVISM: ACTIVE AS EVER 13 THE ATTRIBUTION PROBLEM 14 TRACKING THE ORIGINS OF CYBERATTACKS 17 CONCLUSION 20 APPENDIX: TIMELINE OF CYBERSECURITY 21 INCIDENTS 2 A Practical Method of Identifying Cyberattacks EXECUTIVE OVERVIEW SUMMARY The frequency and scope of cyberattacks Cyberattacks carried out by a range of entities are continue to grow, and yet despite the seriousness a growing threat to the security of governments of the problem, it remains extremely difficult to and their citizens. There are three main sources differentiate between the various sources of an of attacks; activists, criminals and governments, attack. This paper aims to shed light on the main and - based on the evidence - it is sometimes types of cyberattacks and provides examples hard to differentiate them. Indeed, they may of each. In particular, a high level framework sometimes work together when their interests for investigation is presented, aimed at helping are aligned. The increasing frequency and severity analysts in gaining a better understanding of the of the attacks makes it more important than ever origins of threats, the motive of the attacker, the to understand the source. Knowing who planned technical origin of the attack, the information an attack might make it easier to capture the contained in the coding of the malware and culprits or frame an appropriate response. the attacker’s modus operandi.
    [Show full text]
  • Analysis of Human Factors in Cyber Security: a Case Study of Anonymous Attack on Hbgary
    Analysis of Human Factors in Cyber Security: A Case Study of Anonymous Attack on Hbgary Benjamin Aruwa Gyunka Directorate of Information and Communication Technology National Open University of Nigeria (NOUN) Abuja, Nigeria [email protected] Abikoye Oluwakemi Christiana Department of Computer Science University of Ilorin Ilorin, Nigeria [email protected] ABSTRACT awareness programmes for workforces and the Purpose: This paper critically analyses the implementations and maintenance of basic human factors or behaviours as major threats to security culture and policies as a panacea for cyber security. Focus is placed on the usual roles social engineering cyber attacks against played by both the attackers and defenders (the individuals and organizations. targets of the attacker) in cyber threats’ Originality: Lots of work has been done and pervasiveness and the potential impacts of such many still on-going in the field of social actions on critical security infrastructures. engineering attacks and human factors, but this Design/Methodology/Approach: To enable an study is the first to adopt an approach of a effective and practical analysis, the Anonymous practical case study to critically analyze the attack against HBGary Federal (A security firm effects of human factors on cyber security. in the United State of America) was taken as a Keywords: The Anonymous; HBGary Federal; case study to reveal the huge damaging impacts Uniform Resource Location (URL); Content of human errors and attitudes against the security Management System (CMS); SQL Injection; of organizations and individuals. Cross-site Scripting (XXS); Social Engineering; Findings: The findings revealed that the Cyber Security; Information Security powerful security firm was compromised and Paper Type: Research Paper overtaken through simple SQL injection techniques and a very crafty social engineering attack which succeeded because of sheer 1 Introduction personnel negligence and unwitting utterances.
    [Show full text]
  • Darpa Starts Sleuthing out Disloyal Troops
    UNCLASSIFIED (U) FBI Tampa Division CI Strategic Partnership Newsletter JANUARY 2012 (U) Administrative Note: This product reflects the views of the FBI- Tampa Division and has not been vetted by FBI Headquarters. (U) Handling notice: Although UNCLASSIFIED, this information is property of the FBI and may be distributed only to members of organizations receiving this bulletin, or to cleared defense contractors. Precautions should be taken to ensure this information is stored and/or destroyed in a manner that precludes unauthorized access. 10 JAN 2012 (U) The FBI Tampa Division Counterintelligence Strategic Partnership Newsletter provides a summary of previously reported US government press releases, publications, and news articles from wire services and news organizations relating to counterintelligence, cyber and terrorism threats. The information in this bulletin represents the views and opinions of the cited sources for each article, and the analyst comment is intended only to highlight items of interest to organizations in Florida. This bulletin is provided solely to inform our Domain partners of news items of interest, and does not represent FBI information. In the JANUARY 2012 Issue: Article Title Page NATIONAL SECURITY THREAT NEWS FROM GOVERNMENT AGENCIES: American Jihadist Terrorism: Combating a Complex Threat p. 2 Authorities Uncover Increasing Number of United States-Based Terror Plots p. 3 Chinese Counterfeit COTS Create Chaos For The DoD p. 4 DHS Releases Cyber Strategy Framework p. 6 COUNTERINTELLIGENCE/ECONOMIC ESPIONAGE THREAT ITEMS FROM THE PRESS: United States Homes In on China Spying p. 6 Opinion: China‟s Spies Are Catching Up p. 8 Canadian Politician‟s Chinese Crush Likely „Sexpionage,‟ Former Spies Say p.
    [Show full text]