Post 22, CIS 608

Time to finish up your blog. This last assignment should be a retrospective look at your postings over the last 11 weeks. Time for a little analysis. Write up an entry that provides a summary of what you chose to write about.

First, you need to categorize your topics of choice. Did you write primarily on operating system issues? User errors? Viruses? Or did you write about a variety of topics? Why did you choose those topics?

Next, you need to include an analysis of where you got your material. Did you use the same source each week? A variety each week?

As the last part of this entry, include whether or not you thought this type of blog might be useful to an information security professional and provide a few lessons learned for the next group of students.

Part 1: First, you need to categorize your topics of choice. Did you write primarily on operating system issues? User errors? Viruses? Or did you write about a variety of topics? Why did you choose those topics?

Answer: The following gives the summary of topics that I wrote during this semester. I wrote on varies types of topics including viruses, cloud risks, PII, policies, information management etc. Also, I tried to write on different topics each week just to cover and learn different aspect of current cyber trends and crimes.

Cloud computing, risks and possible crimes – 2

Cyber Security education, its importance and policies – 1

Cyber-attacks in US government agencies – 4

Cyber-attacks in private companies and US banks – 2

International unity against cyber-crimes – 2

Different types of viruses attacks – 5

Information management, PII, privacy act – 2

Chinese and Iran’s government sponsored cyber crimes – 2

New technology against cyber-crimes – 1

Part 2: Next, you need to include an analysis of where you got your material. Did you use the same source each week? A variety each week?

Answer: Each week I tried to write in two different topics that matches with each week chapter’s content. So I ended up writing in 22 topics, but some of the topics are similar like different types of viruses. My major source was Google. Also, I have listed the source on each post each week. The following summary gives an idea where I got the information from.

Different web URLs – 14

Text book – 3

CompTIA Security + study guide – 1

Magazines – 4

News and blogs – 2

Part 3: As the last part of this entry, include whether or not you thought this type of blog might be useful to an information security professional and provide a few lessons learned for the next group of students.

Answer: As a cyber-security professional, first of all, I learnt how to write a blog since I had never written a blog before. It gave me an idea how to write an effective blog. I wrote primarily about news, magazines and article. I should have wrote more on investigation types of topic instead of just about news and articles. But I learnt a lesson and this blog writing made to read cyber news every day. As a security professional, we all should know what is currently trending on cyber world. I think writing blogs is like you are teaching yourself plus you are also sharing information with others, so it was very well worth of writing blogs.

Post 21, CIS 608

USIS failed to notice months-long hacking of its computer systems:

U.S. Investigations Services (USIS) was hacked for months, but this government agency failed to notice that their computer systems were hacked for months. This hacking compromised the records of at least 25000 DHS employees according to Homeland Security News Wire.  This was a similar type of attack by Chinese government hackers on U.S. firms. The head of SANS Alan Paller said, “The information gathered in the security clearance process is a treasure chest for cyber hackers. If the contractors and the agencies that hire them can’t safeguard their material, the whole system becomes unreliable.”  I think this applies to all types of organization, because information security is everyone’s responsibility. On the other side, employees are the biggest risk of data breach. The principle of least privilege is the most important principle in order to effectively secure information.  This week’s class discussion was a least privilege and its benefits and it applies exactly on this news. If an employee has more access than he/she needs to perform the duties, data breach might occur. Here is the link of this news. Thanks.

Source: http://www.homelandsecuritynewswire.com/dr20141105-security-contractor-usis-failed-to-notice-monthslong-hacking-of-its-computer-systems

Post 20, CIS 608

Cyber Attack in White House:

Suspicious activity was detected on the white house computer network recently. Officials didn't disclosed who was responsible for this attack. This attack was in unclassified network systems, but it makes me wonder if the place like white house is insecure and attackers can get into the systems, I don’t think that other private or government agencies computer systems are secure. During the investigation some of the unclassified systems were issued a temporary outage. If you are interested reading this news, here is the link.

Source: http://news.yahoo.com/suspicious-cyber-activity-white-house-detected-addressed-223554426.html

Post 19, CIS 608

Adobe Updates Digital edition:

Adobe systems released a new version of the e-book reader application after being accused for spying users information. They got blamed for Adobe collecting information from digital editions users about what they read, who stores libraries in their private library etc. Even though Adobe promised to address this issue and released newer version of Adobe reader. Also, they undated their Adobe privacy Policy about collection and use of data and hopefully it will help to clear some questions of the Adobe users.

Source: http://www.securityweek.com/adobe-updates-digital-editions-following-privacy-controversy

Post 18, CIS 608

Man in the middle attack:

Apple’s iCloud service suffers cyber-attack in China. Some well-trained attackers tried to steel user names, passwords and private information using the man in the middle type of attack. It is well known type of attack where attackers tries to capture the information in between the web and traffic. Some blame that this attack was from Chinese government sponsored attack, but as always Chinese authorities denies the blame. Here is the link of this news in detail. 

Source: http://www.washingtonpost.com/blogs/the-switch/wp/2014/10/21/apples-icloud-service-suffers-cyber-attack-in-china-putting-passwords-in-peril/

Post 17, CIS 608

Chip and pin technology:

U.S. present signs an executive order to implement enhanced security measures for credit card transactions. Instead of using credit card number retail companies will be using chip and pin technology. This will help to stop criminals who use stolen credit card numbers. US government was criticized for not being able to adopt this Technology where many European countries already using this method to secure transactions. Here is the link if you are interested reading this news in detail.

Source: http://www.scmagazine.com/executive-order-improves-security-by-promoting-chip-and-pin-technology/article/377994/

Post 16, CIS 608

Common language for Cyber-Security:

This article talks about why we should implement common language for Cyber-Security. Government agencies continue to implement new technology, methodology and tools to fight against new major cyber threats. But at the same time, they kind of forget leave the minor cyber threats where the attackers take advantage of and do bigger attacks. Government agencies, public and private companies also use various type of tools to secure information. This creates a problem when we are trying to fight similar types of threats using different tools. Instead of doing this way we should be on the same page using same tools to fight the threats. So basically creating a same language for all organizations and agencies. Virginia state government took the similar approach that strength the cyber security and it gave decision maker a right approach where to focus the most. This article recommends that all state government and federal should implement the same method to stop cyber-attacks. Here is the link of this interesting article.

Source: http://www.govtech.com/security/Can-We-Talk-Creating-a-Common-Language-for-Cybersecurity.html

Post 15, CIS 608

Possible Cyber Attack

This is some scary news. Hackers aim to pull off cyber-heist worth of $1 billion, CNBC reports. Europe’s top cyber officials reported that hackers are targeting big financial groups or backs. Recent report suggested that Russia-based tech-gangs were planning to do a cyber-attack and steal about $1 billion. Now these cyber attackers mission is to leave the smaller attacks and start doing bigger attacks. If you are interested, here is the link. Thanks.

Source: http://www.cnbc.com/id/102080234#.

Post 14, CIS 608

Young Israeli Cyberwarriors

I think this is a great idea to build a young cyber warriors. Israeli military recently started a new program to build a next generation cyber warriors while they are still in high school. Instead of hacking, they can utilize these young brain to defend cyber-attacks. Israel is a big cyber victim. Recently, a new attack came from Syria and its mission was to disrupt the electricity and military systems. They were lucky this time that nothing happened and they were able to find out where this attack came from. I hope Israel becomes a good leader of cyber defender and succeeds to defend all type of attacks. Good luck to them. 

Source: http://www.washingtonpost.com/world/young-israeli-cyberwarriors-learn-to-duel-in-the-dark/2014/10/07/e07a9031-1e01-4815-8938-5fab87495e82_story.html

Post 13, CIS 608
Cyber attackers finally caught:

Finally I got some good news to share. Four hackers arrested for cracking US Army Network. They were able to break the US Army networks and developers of blockbuster video games to steal the software information. This is what you get not keeping your information secure. Now, lesson learnt and hopefully US Army will use extra layer of firewall to make sure this incident will not happen again. Those hackers were able to steal $100 million worth of information, according to the US Justice Department.
Wow, not only they broke the US Army game systems, but also Army’s Apache helicopter pilot training, Xbox One consoles and new games call of duty, modern warfare 3. Assistant attorney general Caldwell said, “Members of this international hacking ring stole trade secret data use in high-tech American products, ranging from software that trains US soldiers to fly Apache helicopter to Xbox games that entertain millions around the world”.
These hackers were from USA, Canada and Australia age range from 18-25. Very intelligent boys, but they used their talent to do cyber-crime. Also, officials seized over $620,000 in cash from these attackers. I hope our young generation uses their brain to do the good things not a crime. This news will help to discourage to people who do cybercrime. Good part of this news – finally criminals were caught.  

Source: http://www.securityweek.com/hackers-arrested-cracking-us-army-network

Post 12, CIS 608

Shellshock attack on Linux and MAC operating systems:

A deadly serious new vulnerability is recently found, BBC reports. More than 500 million computers, servers and networks are more likely to be affected from this attack. It is a bug knows as Bash and it is a part of Linux and MAC operating system. The researchers say the bug can be used to take control of system remotely using command line prompt. If any computer that uses Linux or Mac operating system with a bug, it will be eventually affected.

The US-Cert team issued a warning about this bug and suggested to patch your system immediately to avoid this attack. Also, Security team Rapid7 rated this bug 10 out of 10, now you know how serious this attack is. So if you are using Mac or Linux operating system, you better update patching. If you are interested to read this news, click this link below.  

Source: http://www.bbc.com/news/technology-29361794

Post 11, CIS 608

Taiwan facing some cyber attacks from Chinese company

This news is interesting. I thought Chinese cyber attackers only attack USA. No, that's not the case this time. The government of Taiwan is investigating whether Xiaomi Inc, which is the China's big smart phone company, is a cyber-threat. This investigation will take place about 3 months. Also, China considers Taiwan as one of their provinces. The same companies has some issues with Hong Kong for sending DOS types of attack over Hong Kong servers. Hopefully, Taiwan's investigation will find out the truth and tension between two countries will go down. Here is the link of complete news about this incident.

Source:

http://www.reuters.com/article/2014/09/24/us-taiwan-xiaomi-cybersecurity-idUSKCN0HJ08Z20140924

Post 10, CIS 608

Cyber NATO

Last month, North Atlantic Treaty Organization (NATO) had a meeting in Wales and all NATO members agreed to have a cyber-defense as a part of NATO mission. This is very impressive and positive move by NATO. At least if the NATO members wouldn't support cyber-attack, we would see less cyber-attacks worldwide. Hopefully we will get a chance to read some positive news from the effect of this decision. Here is the link if you are interested reading.

Source: http://www.forbes.com/sites/lorenthompson/2014/09/19/cyber-alliances-collective-defense-becomes-central-to-securing-networks-data/

Post 9, CIS 608

Iran behind the Cyber Attacks against Israel

This could be very true. Israel Prime Minister Binyamin Netanyahu blames Iran for the recent cyber-attack. Also, he said that these cyber-attacks are the form of terrorist attack. Iran wants to destroy our economy using cyber-attacks, he said.

If you guys interested, here is the link.

Source: http://www.jpost.com/Israel-News/Watch-Live-Netanyahu-addresses-cyber-security-conference-375290

Post 8, CIS 608

Virtually every US government agency has been hacked

Department of Homeland Security (DHS) cyber team reported that the team responded more than 600,000 cyber attacks this year so far. Director of FBI Robert Anderson said that virtually all US government has been hacked somehow.

This is what I was taking on this week discussion in my class. US top security cyber security officials want the government to be more aggressive and pro active if these attacks are state sponsored. I really hope this government will do something to stop these crimes very soon.

Source: http://www.homelandsecuritynewswire.com/dr20140912-virtually-every-agency-of-the-u-s-government-has-been-hacked-experts

Post 7, CIS 608

icloud attack was a wake up call once again

This article from this week by Danelle Au "Enterprise Lessons from the icloud attack", explains how to mitigate risks and attacks. Also, what you should and shouldn't do if you are a icloud user.
Last week news about the icloud attack of celebrities nude pictures was a wake up call for everyone once again. This writer kind of blames the icloud provider for not providing enough security to their customers. Also, she blames the end user for not taking enough precautions to stop these types of attacks. End users are the weakest list. Hopefully these celebrities learn some lessons about the importance of data security. As I said last week, keep your information secure and don't think that it won't happen to you. Be safe everyone. That's all I can say from this week.


Source: http://www.securityweek.com/enterprise-lessons-icloud-hack

Post 6, CIS 608

FBI investigates 'Cloud' celebrity picture leaks

I just don't get this. First of all, why would you take a nude pictures on your cell phone or camera.You know people are looking for your information all the time since you are very popular. Later when this happens, you start complaining. I don't know if you are really complaining because some people believe this is their way of getting popular. All I can say is, you already have it, so you don't need a picture of it. I know this is not new news but if you are interested, link is below. Thanks.

 

Source: http://www.bbc.com/news/technology-29011850

Post 5, CIS 608

GameOver Zeus Botnet Disrupted

This is a news from back in June 2, 14, I thought it is worth of reading. Multiple US government agencies tried to disrupt the attack Zeus botnet which was responsible for the theft of millions of dollars around the world. Its a malware type of attack and it uses spam e-mail or phishing messages. Again, if you don't recognize the email or the attachments, don't open it or your information will most likely to go to the hands of hackers. Eventually you computer will become the part of global network of attackers. The main purpose of this attack was to get banking information to steel money. Here is the link.

Source: http://www.fbi.gov/news/stories/2014/june/gameover-zeus-botnet-disrupted/gameover-zeus-botnet-disrupted

post4, CIS 608

Cyer attacks in Health Sector increased by 600%.



In last 10 months, cyber attacks in the US health care systems has been increased by 600%. 600%, what, is that really true? If you guys interested, click on the link below. I feel like there is a war going on behind the scene that normal people don't know. The amount of damage can this type of attack is more devastating than combat war even we don't see people dying. No wonder, next war is a cyber war.

Source: http://www.technewsworld.com/story/80959.html

Post 3, CIS 608


JP Morgan hacked 

Here we go again! JP Morgan system got hacked and thousands of password were stolen by Russian hackers. The FBI and other US governments agencies are investigating the attack. I hope this is not a Russian government attack to destroy US economy. Also, I hope this is not a Russian type of sanctions.


Source:http://www.cbsnews.com/news/fbi-investigating-reports-of-attacks-on-u-s-banks/

Post 2, CIS 608

Sony PlayStation network back online after cyber-attack

Denial of service (DOS) attack shuts down the Sony's PlayStation for many hours. Attackers used a distributed DOS (DDOS) method to overload the network. This was a similar type of attack that had happened in 2011 where Sony's 52 millions of PlayStation were shut down for many hours.

Source url: http://www.bbc.com/news/business-28924210

Post 1, CIS 608

My Introduction

Hello world!

My name is Dipak Acharya. Currently, I work for US Navy as a SharePoint Administrator and I am very excited to start my first MS class CIS 608 at Bellevue University. Looking forward to know more about current cyber issues.

Dipak Acharya, CIS 608