Monthly Archives: April 2016
Cyber Attacks in the age of the Panama Papers
Not since WikiLeaks, has there been such a large information breach of this magnitude. According to ICIJ, over 140 politicians and public officials have been revealed as having offshore holdings, more than 214,000 organizations have been identified, along with many billions’ worth of transactions. The Law Firm Mossack Fonseca has claimed they are victims of a hack from servers abroad. The firm lost 2.6TB of data, and didn’t even notice. The mainstream media has focused on high profile politicians, companies, and criminals, but hardly anyone is talking about the actual law that was broken: the cyber attack. Now we can discuss the ethics of hiding tax dollars offshore, or the ethics of criminals hiding their ill-gotten gains, or how shadow government agencies and actors finance wars, but the topic is information security. Information security is a necessary expense. Just ask the politicians stepping down or being asked to resign.
So what does my company need to worry about concerning information security? What do I as an individual, need to do for my personal information security? You need to go beyond the traditional paradigm of information security:
- Security and Vulnerability Management
- Identity and Access Management
- Endpoint Security
- Network Security
- Web Security
Top Ten Cyber Attacks for 2016
- Cloud Computing
Cloud Computing has been described as the IT nightmare and the hackers dream. With cloud computing you are basically slamming computer environments together with different entities and security protocols. That can give the hacker flexibility once they access the cloud. In addition, Cloud Computing is taking over the file storage space. Apple, Google, and Amazon all have their own flavor of online file storage. Other companies like Box, DropBox, and Carbonite contain company and personal information. The problem is privacy. Who has access to this data? Who else can get access to tax, photos, bank and credit card files in the cloud?
Of course, cloud computing experts say cloud computing is NOT the hackers dream, and that is just a myth. If firms do not properly plan to secure the cloud computing environment, myths have a way of becoming true. If properly planned, the cloud environment may be more secure than ever before. So the next time a celebrity nude photo appears, remember where that data is stored.
2. Critical Infrastructure
The U.S. government has seen a rise in cyber attacks on critical infrastructure, mainly industrial control systems for utilities like: water, electricity, oil and gas. The very first critical infrastructure attack recently happened in the Ukraine. Information security professionals are investigating the situation because of the worldwide ramifications. The Ukraine Utility Cyberattack left roughly 700,000 people without power for several hours. Remember that 2007 Bruce Willis movie ‘Live Free or Die hard’? You get the picture.
3. Mobile Devices
Mobile devices are a new way for hackers to access the network and the cloud. Many mobile apps are basically websites running an application hosted somewhere. In addition, the data on the mobile phone itself can be hacked. There is a product called femtocell which is basically a mini cell tower. Hackers have figured out they can convert this device into a mini cell tower. Femtocell sell for roughly $300, but Verizon said it has since fixed the problem with patches to all their products. But this is just the tip of the ice berg. This can happen to all wireless carriers. It is estimated that the same hackers that use the ATM scanners will start using mini cell towers. Imagine one of these guys sitting next to a CEO capturing all incoming and outgoing transmissions from their cell phone while sitting in the airport. I could happen.
4. Automobile Hacking
This may seem like something out of a science fiction movie, but it is really a big problem. There are 9 hackable cars on the market according to Cyber Security Experts, Charlie Miller of Twitter, and Chris Valasek of IOActive. The first car hacks started with the same diagnostic ports mechanics use to analyze car maintenance and performance, but now that cars have their own Wi-Fi- and Bluetooth systems, all bets are off. Hackers can do everything from listening in on phone calls, tampering with steering controls, cruise control, braking systems, and engine controls.
9 Hackable Cars:
- 2014 Jeep Cherokee
- 2015 Cadillac Escalade
- 2014 Infiniti Q50
- 2014 Toyota Prius
- 2010 Toyota Prius
- 2014 Ford Fusion
- 2014 BMW X3
- 2014 Chrysler 300
- 2014 Range Rover Evoque
5. EMV Chip Credit Cards
You know those new credit cards with the new security chips on them? All the banks are starting to implement such cards. I got mine a couple years ago. Apparently the chip carries your personal banking history and bank account information. Despite all the security hype around chipped cards, they have been hacked before and a newer threat is on the rise. Before they used what was called the “Man in the Middle Hack”, which the hacker intervened in the communication between the card chip and bank. The new cards have worked out that one flaw, but some hackers in Europe figured out an ingenious way to work around that. Basically, they installed their own chip to act as the “man in the middle”. Police in Belgium and France remained baffled to the card theft. The contracted scientists in France to study the chips, and they had to use an X-ray machines and microscopes to find the hacker’s chip.
6. Phishing Attacks
Phishing attacks are the ongoing hack attacks that proliferate our society, from phone calls, email spoofing, online requests, and social media websites like Facebook, Twitter, and Google+. Any attempt to gain access to personal information like usernames, passwords and credit card details is phishing. Fake contacts from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting victims. Phishing emails may contain links to websites that are infected with malware. Hackers could create a clone of a website and tell you to enter personal information, which is then emailed to them. This is quite common. I personally had someone attempt to award me $80,000 dollars from Facebook for being a loyal participant. They started asking personal questions, but I started answering questions with a question until they deleted their fake profile. Of course, I reported to Facebook.
Malware is an umbrella term used to describe any malicious software code. It comes in many flavors: including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. Malware an take the form of executables, scripts, active content, and other software. Destructive malware will utilize popular communication tools to spread, including worms sent through email and instant messages, Trojan horses dropped from web sites, and virus-infected files downloaded from peer-to-peer connections. The next time you download that free movie, keep that in mind.
The CryptoWall Ransomware is a ransomware Trojan that carries the same strategy as a number of other encryption ransomware infections such as Cryptorbit Ransomware or CryptoLocker Ransomware. It’s such a pain, that it deserves it’s own category. The designers of CryptoWall have stolen at least $325 million with this malicious ransomware. CryptoWall 4.0 is supposed to be even worse still. Imagine your important data saved in a database gets locked down, and the only way to get it back is to pay a ransom for the encryption key. That is what ransomware does. It encrypts your data and holds it hostage. Right now the only way to protect your company’s valuable data is to do daily backups. That is easier said than done.
9. Medical Devices
Ransomware in medical devices is a huge cyber security risk in 2016. From insulin pumps to pace makers, a hacker can put your life under their fingertips. According to the FBI, between April 2014 and June 2015, hackers extorted $18 million from American victims via extortion via personal computers. Unfortunately, individuals cannot put security protocols on medical devices. That is up to the manufacturer.
10. State-Sponsored Hacking
State-sponsored cyber attacks is a real thing. There have been so many rumors about this type of cyber warfare, including: China hacking the US, North Korea hacking Sony, the US hacking Iran and on and on. Well recently, someone shut down Ukraine’s electricity from Russia. I’m sure the execs at Sony were not pleased to have private emails posted on the Internet, but it happened. Ironically, the Guardians of Peace (GOP) demanded that Sony pull it’s film The Interview, a comedy about a plot to assassinate North Korean leader Kim Jong-un, and threatened terrorist attacks at cinemas screening the film. Sony decided to pull nationwide release of the film, and eventually the movie was sent straight to video.
About Terell Jones
Our guest contributor, Terell Jones is the Managing Director, Americas for S2 Management Solutions an managed services and managed security firm in Austin, TX. He runs a blog called the @thegreenITguy.
In 23 years SXSW Interactive has had many great keynote speakers, but no US President was ever up for the task until now. President Barack Obama came through Austin, Texas with the greatest of ease. He stopped off at Torchy’s Tacos for a Republican, Independent, and Democrat Taco, then speaking at the Dell Hall at the Long Center to discuss 21st century civic engagement and community service. As always, he was up beat, measured in his responses, and sometimes comical, but always serious.
The President, moderated by the Editor-in-Chief of The Texas Tribune, Evan Smith, called on the SXSW community, and the tech industry, to solve the nation’s biggest problems by working in conjunction with the US government. “It’s not enough to focus on the cool, next big thing,” Obama said, “It’s harnessing the cool, next big thing to help people in this country.”
SXSW Interactive 2016 was very interesting on many levels. For one, it is very hard to assess the entirety and enormity of such an event without committing some serious time participating. As press, you have to be there for at least a week to survive the food, fun, traffic, crowds, music and entertainment, and tons of events onsite and offsite. Then wind down with a hot bath with Epsom salt and maybe a massage. I have to admit, I had to take myself out of commission for one day, 48 hours into the fray due to exhaustion.
Even though this is my 3rd year in a row attending SXSW, I have never lasted the entire event, nor do I want to. I pick my battles carefully. That being said, I spent my time in the exhibits, start up pitches, and press events. I must say, the good things come by accident. After a long afternoon in the press room on day one, I was spent from long walks. In the Hilton Hotel, I visited a happy hour on the 4th floor. I was drinking a beer before hitting the road, and this young lady put a beer cuzy under my beer with the Roadie logo on it. Video
That young lady was Valerie Metzker, Head of Field Marketing at Roadie was gracious enough to explain the innovative Roadie mobile app, and I was quite impressed. In a nutshell, I call them the Uber for stuff. They like to say it is “On the way delivery network“. But then the plot thickened when she told me that they partnered with Ludacris AKA Chris Bridges, rap mogul, actor, and entrepreneur. Marc Gorlin, Founder and CEO of Roadie entered into a partnership with Ludacris to promote the high tech scene in Atlanta. Although, Roadie is a homegrown Atlanta business, it is a nationwide endeavor. Download the Roadie App
Perusing the booths I ran into this exhibitor called Babbler. In 2014, Hannah Oiknine, a former Microsoft marketing manager, stumbled upon an innovative idea while helping her sister Sarah Azan, a PR professional. Babbler is a social media network for journalists and public relation firms. Currently, press releases have been lost in emails and fax machines. The number is too great to give adequate time to, so it ends up as spam. Babbler connects the story makers with storytellers avoiding email. Hannah started this business with her sister Sarah Azan. With a small investment from friends and family for $50,000 they built a proof of concept, and went from 7 customers to 50 customers , then 50 customers to 250 customers. The platform has a network of over 5000 active reporters and growing.
Here at SXSW, Babbler has closed $2M by two French investment firms, obtained a French interview, pitched to the NY Times, and is looking for new customers in the US market from the NYC headquarters. This young Moroccan Jewish 26 year old female and her sister are doing big things in the public relations industry. http://babbler.us/
My first sit down interview at SXSW was with Jovan Hackley of Student Loan Genius. Student Loan Genius just received a $3M seeding fund led by Prudential and John Hancock. It is rare for a brick and mortar institutions to jump on such innovative technology, but once you consider they are offering a 401K for student loans, then maybe not so far fetched. Student Loan Genius is working out of the Austin’s very own Capital Factory. Co-Founded in 2013 by CEO Tony Aguilar, this Student Loan Genius helps employees get to the next stage of life, through an employer benefit with real value. Right now you can’t even write off student loans in bankruptcy. This helps employees shorten the lifecycle of one of the most disastrous loans to your credit rating available.
Jovan says the benefit helps employers and employees. It helps employers recruit and retain, while helping employees save on average thousands of dollars per year. http://studentloangenius.com/
Chad Zerangue is a maverick when it comes to simplifying bureaucracies. His company founded in 2009, specialized in Healthcare IT and has formulated his own data routing service. The mission of the company was to provide simple ways for providers and health organizations to migrate their legacy paper based medical charts information into a usable format within an electronic medical records system, without having to type all that discreet demographic, financial and clinical data into the system.
In 2012 they decided to productize these services, and now using cloud-based technologies such as Microsoft Azure and mobile messaging technologies such as REST, they have created a highly scalable, secure, HIPAA compliant communication network to deliver their core products, docflock, CIPHR and SystemSync. In layman’s terms, they have simplified the data extraction of medical health record information into a more potable and secure format. This drastically cuts costs, and makes room for data analytics of health care data, which has been trapped in silos. http://www.simplicityhealthsystems.com/
For two years Laura Borland and her partner, Sean Hale had been thinking of this business, and decided to start it one year ago. Vyllage is a mobile app for holding packages for your neighbors. Vyllage is a network of homeowners in your neighborhood that will accept packages for you when you are not home from FeDex, UPS, or USPS. You no longer have to worry about stolen packages from your doorstep. The goal is to have secure package delivery in every neighborhood.
SXSW has been a very good opportunity for the Vyllage team. Before they participated in the pitch session, they had been approached by investors from Uber, Overstock, and Lyft. Vyllage Home Affiliates stand to make $3 a package for accepting packages for their neighbors. This only works in single family homes, not available for apartments, but the opportunity serves two purposes. One, it fosters community and protects your packages from possible theft. This seems to be a growing problem around the holidays. Laura tells me that sometimes thieves follow delivery trucks in order to steal. Vyllage has found a niche, and are filling it quite well. http://vyllage.net/
I try hard not to geek out when I see something cool, but my background as a medical lab technician, and information technology professional helps me readily recognize something very cool. We only started mapping the human genome back in 2003, now we can study it and create experiments right from our laptops with Desktop Genetics. Desktop Genetics walks you through every aspect of your genome editing experiment, guiding you from design to data, and allowing you to fully realize the power of CRISPR/Cas9 technology.
This product can be purchased as an enterprise software package or as a cloud based service. They also offer genomic services that you can outsource. It was created for laboratories and universities worldwide. The possibilities are unlimited, from developing new drug therapies, or conducting experiments without setting one foot in a lab. https://www.deskgen.com/landing/
I just happen to catch Adekunle at a happy hour mixer for startups at SXSW. He has created his own social media mobile app called Mixle. Mixle connects users nearby in real time based on their current thoughts. It provides an easy-to-use interface that enables users to easily navigate the app, find a match, and instantly meet up offline. It also features an innovative “Get Me Out Of Here” button that allows users to share location details with designated contacts in case of an uncomfortable situation.
I’ve noticed a technology trend coming out of Atlanta, and that is exciting. Download Mixle
EpiBiome is a precision microbiome engineering company with the mission to developing efficient and sustainable FDA-approved therapies to combat infectious disease in humans and agriculture without the use of antibiotics. Why is this so important? We have created more harm than good with antibiotics. We have indirectly created superbugs resistant to antibiotics. There a bacteria in nature that are helpful to disease. The history of antibiotics and antiseptics is broad spectrum antibiotics. Traditionally, the medical industry and food services have killed off useful bacteria with broad spectrum antibiotics. EpiBiome uses a narrow spectrum bacteria for delivering safer outcomes for humans and agriculture.
The company is also developing a method for highly accurate and semi-quantitative bacterial profiling, which it is in the process of automating in order to launch a turnkey sequencing and bioinformatics service. Last month prior to SXSW, EpiBiome completed $6M Series A Financing Round. I expect big things from this 11 person team out of silicon valley. http://epibiome.com/
The music business has been rife with fraud from the beginning of time when it comes to royalties. This copyright administrator/software engineer seeks to put an end to that. Cheryl Potts of Stafford, VA, just 40 minutes south of Washington DC has put together a robust platform that does just that. It is a very highly innovative technology platform, which makes sure everyone gets their cut. No more shady deals, and contracts that artists can understand. If you are in any part of the music industry you need this. I saw the demo on the software platform and you simply input the data, and it spits out a music contract.
That includes: performing songwriter, producer, songwriter, and record labels. Cheryl call it the ‘Do It Yourself’ music licensing and royalty accounting application for Songwriters and Independent Record Labels. http://cleerkutroyalty.com/
ModernLend is the credit card for international citizens living in the U.S. By understanding your education, employment and financial background, they can determine your creditworthiness without requiring SSN or FICO credit score. I caught up with Kobina at a FinTech startup pitch session on day one of SXSW. They were founded at Wharton Business School, and bring 10+ years experience from Goldman Sachs and Wells Fargo, and are Seed Stage funded. They are also a portfolio company in Entrepreneurs Roundtable Accelerator and won BBVA Bank’s Global FinTech Competition (out of 650 startups). Learn more at www.ModernLend.com.