Snowden to Russia, Hammond behind bars
In November 2016, Jeremy Hammond became 3 years closer to getting out of prison and starting to use a computer without notifying his inspectors and not only “for educational purposes.” They don’t write about him now, and if you’ve scored on Google, you’ll see a very strange issue, including news about the change of leaders in Top Gear, and this is the person who added Wikileaks documents from Stratfor .
It is worth staying here in more detail and explaining how significant this event is, and why we decided to go back in history again. Barrons does not hesitate to call this organization the “Shadow CIA” , although in fact it is a loud enough name for a public analytical center on strategy, economics and geopolitics that has existed for 20 years. The most interesting for the general public could be examples and lists of clients, as the company itself Strategic Forecasting Inc. does not publish a list of its customers who buy analytical calculations.
')
However, it is known for certain that the US Department of Homeland Security, the US Marine Corps and leading US companies in the field of security and military production - Lockheed Martin, Nortrop Grumman, and others - regularly use the services of Stratfor. And the company of such a level could not prevent the appearance of its employees in a wide access to the correspondence for a rather extensive period - from July 2009 to December 2011.
This incident, like many other well-known stories about hacking and data theft, is just one bright spot in the endless security management process, which indicates that it should be permanent and delivered as part of an information development strategy for any company, and especially a government one that has critical data. On the basis of correspondence and negotiations on working issues, one can get a fairly transparent picture of what is going on at one or another plant, in a municipality, in a region. And to have detailed information, different from what is said in the media field.
What exactly could have failed the company, which itself is obliged to engage in exploration and can use the tools to obtain important analytical data? Unfortunately, we have no answer to this question; moreover, the defenders of Jeremy Hammond even demanded a disqualification (shift) of the judge, since her husband was a subscriber to the newsletter from Stratfor, which could qualify as a potential conflict of interest.
Could this have been prevented? If you ask any security professional, the answer will be as follows - you cannot prevent it, but you can significantly reduce the risks. Yes, this is not a one-day result, like, say, closing physical vulnerability, but painstaking and somewhat monotonous work.
The first step is an audit. As a result, a clear and understandable pattern of potential vulnerabilities and a rough work plan will be on hand. Moreover, if everything related to IT is fairly quickly implemented steps, with the exception, perhaps, of simulating cyber-attacks and training engineers to counter them, then to close the scope of a fairly widespread use of social engineering will require actions that include the training and education of personnel.
In principle, it is even comparable and similar to what we now see in the news about Russia in the defense sphere - the exercises are planned and unplanned, the very rapid introduction of new types of weapons, the creation of new military units and organizations in potentially dangerous areas.
Fortunately, in this case we do not operate with a military maxim - “the best defense is an attack” literally. But it can be said that by attacking ourselves, initiating cyber-attacks on our own, we work out scenarios that are implemented in real life, at least we are preparing ourselves to significantly protect ourselves.
Is it possible to advise some kind of universal remedy, a sort of pill for everything? Alas - no, at the moment without a clear understanding of what exactly are vulnerabilities, it is absolutely impossible to recommend anything. Moreover, it can be an unattended fire extinguisher in a red corner - after some time it can become a cause of a potential threat, and even more dangerous than it is more lonely, forgotten and abandoned, with a crumbling seal.
Is it difficult? On the whole, yes, there will be a lot of incomprehensible at the beginning, but this is like an interesting journey - it’s difficult and fearful to take the first step, and then the structure appears, and like-minded people, and with proven ones. And on the one hand, the result is not quite noticeable - this is how to prevent a fire, on the other - the absence of hacks and information leaks is the most obvious indicator of a job well done. Moreover, there is already gained experience, practices, certified training centers.
And the fact that hacker stories will continue is exactly for sure - this text began with the Stratfor hacking story, and just a few days ago the hacker of the LinkedIn social network, as well as Dropbox and Formspring, Ilya Nikulin , who lived in the Czech Republic, was detained. At the moment, it is known that he stole passwords, infecting the computers of employees of these resources, and only on LinkedIn he received 117 million user passwords. Now he is detained and, most likely, will be extradited to the US authorities, where, if found guilty, he faces up to 30 years in prison.
A source
It is worth staying here in more detail and explaining how significant this event is, and why we decided to go back in history again. Barrons does not hesitate to call this organization the “Shadow CIA” , although in fact it is a loud enough name for a public analytical center on strategy, economics and geopolitics that has existed for 20 years. The most interesting for the general public could be examples and lists of clients, as the company itself Strategic Forecasting Inc. does not publish a list of its customers who buy analytical calculations.
')
However, it is known for certain that the US Department of Homeland Security, the US Marine Corps and leading US companies in the field of security and military production - Lockheed Martin, Nortrop Grumman, and others - regularly use the services of Stratfor. And the company of such a level could not prevent the appearance of its employees in a wide access to the correspondence for a rather extensive period - from July 2009 to December 2011.
This incident, like many other well-known stories about hacking and data theft, is just one bright spot in the endless security management process, which indicates that it should be permanent and delivered as part of an information development strategy for any company, and especially a government one that has critical data. On the basis of correspondence and negotiations on working issues, one can get a fairly transparent picture of what is going on at one or another plant, in a municipality, in a region. And to have detailed information, different from what is said in the media field.
What exactly could have failed the company, which itself is obliged to engage in exploration and can use the tools to obtain important analytical data? Unfortunately, we have no answer to this question; moreover, the defenders of Jeremy Hammond even demanded a disqualification (shift) of the judge, since her husband was a subscriber to the newsletter from Stratfor, which could qualify as a potential conflict of interest.
Could this have been prevented? If you ask any security professional, the answer will be as follows - you cannot prevent it, but you can significantly reduce the risks. Yes, this is not a one-day result, like, say, closing physical vulnerability, but painstaking and somewhat monotonous work.
The first step is an audit. As a result, a clear and understandable pattern of potential vulnerabilities and a rough work plan will be on hand. Moreover, if everything related to IT is fairly quickly implemented steps, with the exception, perhaps, of simulating cyber-attacks and training engineers to counter them, then to close the scope of a fairly widespread use of social engineering will require actions that include the training and education of personnel.
In principle, it is even comparable and similar to what we now see in the news about Russia in the defense sphere - the exercises are planned and unplanned, the very rapid introduction of new types of weapons, the creation of new military units and organizations in potentially dangerous areas.
Fortunately, in this case we do not operate with a military maxim - “the best defense is an attack” literally. But it can be said that by attacking ourselves, initiating cyber-attacks on our own, we work out scenarios that are implemented in real life, at least we are preparing ourselves to significantly protect ourselves.
Is it possible to advise some kind of universal remedy, a sort of pill for everything? Alas - no, at the moment without a clear understanding of what exactly are vulnerabilities, it is absolutely impossible to recommend anything. Moreover, it can be an unattended fire extinguisher in a red corner - after some time it can become a cause of a potential threat, and even more dangerous than it is more lonely, forgotten and abandoned, with a crumbling seal.
Is it difficult? On the whole, yes, there will be a lot of incomprehensible at the beginning, but this is like an interesting journey - it’s difficult and fearful to take the first step, and then the structure appears, and like-minded people, and with proven ones. And on the one hand, the result is not quite noticeable - this is how to prevent a fire, on the other - the absence of hacks and information leaks is the most obvious indicator of a job well done. Moreover, there is already gained experience, practices, certified training centers.
And the fact that hacker stories will continue is exactly for sure - this text began with the Stratfor hacking story, and just a few days ago the hacker of the LinkedIn social network, as well as Dropbox and Formspring, Ilya Nikulin , who lived in the Czech Republic, was detained. At the moment, it is known that he stole passwords, infecting the computers of employees of these resources, and only on LinkedIn he received 117 million user passwords. Now he is detained and, most likely, will be extradited to the US authorities, where, if found guilty, he faces up to 30 years in prison.
A source
Source: https://habr.com/ru/post/315474/
All Articles