July 4th 2013 Operations

It may be July 4th weekend for the good guys, but the bad guys are still out there creating trouble. It will be business as usual for our entire Net Force incident response teams.

Please do not hesitate to contact us at 951-NET-FORCE should your organization be under attack or requires an investigation into a potential data breach.

Be Safe!
-Josh

Report Links Cyber Attacks to China’s Army

shield-iconIf you had not had the chance to read Mandiant’s intelligence report on the recent cyber attacks, it’s a decent size read that’s worthy of your time. What’s interesting is that that Mandiant clearly identifies the threat, the attackers as Unit 61398 of the China’s People’s Liberation Army or PLA.

We’ll post our thoughts on it later, but for now, we’re trying to share the report as it’s an interesting read. It only strengthens our commitment and philosophy that security is beyond what we know today. It incorporates intelligence, understanding, conceptualization, design, building, and many more elements to provide a much more secure environment

Due to Mandiant’s servers being slammed with people downloading the report, we’ve uploaded a compressed zipped copy on our servers here. We’ll add additional capacity should demand warrants it.

 

Download Here:

Mandiant_APT1_Report

Mandiant_APT1_Report.pdf
MD5: 936FEB234F60CFBF6916BA61FBAB2781
SHA-1: 3974687624EB85CDCF1FC9CCFB68EEA052971E84

Mandiant_APT1_Report_Appendix

Mandiant_APT1_Report_Appendix.zip
MD5: FD103F16BBBB28162C23BE3A47371AA9
SHA-1: ABF9D09A991E56393D18433644FF0DBA907A9154

Business Continuity Lessons from Hurricane Sandy

Business Continuity Lessons from Hurricane Sandy

5 Days After Hurricane Sandy… still eerily quiet.

Hurricane Sandy, the largest Atlantic hurricane on record, and quite possibly the second most costly Atlantic hurricane, made an impact not only on history books, but on businesses as well. It tested and challenged many business continuity and disaster recovery plans for a multitude of businesses in New Jersey, New York, and 22 other states. Are your business continuity plans as good as they are on paper they are printed on? Hurricane Sandy tested businesses with “The Perfect Storm”.

As we enter the second week after Hurricane Sandy, some of the statistics are staggering.

  • Estimated Price Tag for damage and lost business from Hurricane Sandy: $52.4+ Billion Dollars
  • Hurricane Sandy affected states as far south as Florida and as far North as Maine. It also affected states as far west as Michigan and Wisconsin.
  • The storm surge flooded much of lower Manhattan in New York City. The damage included flooded streets, tunnels, subway lines and massive disruptions in power in and around the New York Metropolitan.
  • Over seven Million People were without power.
  • Seven major airports were shut down (John F. Kennedy International, LaGuardia Airport, Newark International, and Philadelphia International, Washington-Dulles International, Baltimore-Washington International and Reagan Airport), stranding millions of passengers around the globe.
  • The last time New York Stock Exchange closed for two consecutive days for weather related reasons was in 1884.
  • At least five data centers in New York were impacted directly by Hurricane Sandy related to flooding taking critical power generators offline after power was lost in lower Manhattan.
  • Big names websites such as Gawker, Gizmodo, The Huffington Post, and Buzzfeed experienced website outages after experiencing flooding in a data center.
  • Verizon Communications had facilities shut down in downtown Manhattan, shutting down phone and Internet service.
  • Google’s New York offices reported outages and backup power failed.

As the news came rolling by our screens at Net Force, we were amazed that operations such as Google and data centers who have stellar business continuity plans were blown away by “The Perfect Storm”. By no means all data centers failed as some data centers weathered Sandy better than others (pardon the pun).

It does raise questions for your businesses as well. Even if you were not affected directly by Hurricane Sandy, I would encourage yourself to ask these questions regardless.

  • What are your Business Continuity plans and what tools or services do you have in place for an event like Hurricane Sandy?
  • How well and how much time did you spend in preparing your businesses?
  • How do your Business Continuity and Disaster Recovery tools perform?
  • If your tools failed, how and why did they fail?
  • When was the last drill or test or your Business Continuity and Disaster Recovery plans? Did your tools fail during the drill?
  • What were those results from those drills or tests?
  • What unexpected things happened during the drill or during Hurricane Sandy that changed your impressions on what Business Continuity and Disaster Recovery encompass?
  • God forbid another event like this happen again, but what would do differently to plan and execute that plan?

 

If businesses like Google can be affected, what does it say about your business continuity and disaster recovery plans?

 

The Secret Social Media Lives of Teenagers

The Secret Social Media Lives of Teenagers

Kids, teens, young adults, parents, the internet is a fabulous place. At the same time, it’s a powerful tool, resource, and power. It’s changed the course of millions of lives, including the Arab Springs. To quote an old Spiderman adage, “with great power, comes great responsibility.” This power can be wield for both good and bad.

Parents do everything they can to protect our kids from child predators, from becoming a victim of identity theft, or ending up on those milk cartons as a missing child.

As our team travels through Los Angeles spreading awareness on the risks of data leakage on Facebook, Twitter and other forms of social media, I’ve noticed an increasing trend. A pattern of sorts. Parents forbid/ban their kids from using Facebook.

It was one to give me pause for a few moments, and on several occasions I posed two questions: “We as parents prohibit our kids from using Facebook, but does this really mean they are not using Facebook elsewhere? Does this truly mean your kids do not have a Facebook account?”

I then play devil’s advocate and answer those questions:

Parents: We prohibit, forbid our kids from using Facebook on the home computer.
Kid’s Loophole: Okay, I’ll use Facebook on my iPod Touch, my SmartPhone, my iPad, use Facebook at a friend’s house or sneak onto Facebook without my parents knowing. Maybe at Starbucks? How about the Library?

Parents: We forbid our kids from using Facebook at all.
Kid’s Loophole: Let’s use a different social media tool. Maybe Instagram? How about Flickr? Google Plus? The reality is there are hundreds of social media services out there, and not all of them have infrastructure or technology designed to manage data leakage.

Parents: We forbid our kids from using any form of Social Media. Period. No ifs, ands, or buts.
Kid’s Loophole: None.
Reality’s Loophole: Your Kid’s friend will create a Facebook profile for your child and use it too.

 

The last one is a bit of a shocker, but it is very much true. People do create Facebook accounts for other people. You may be asking how is this possible? Simple. Generally, your identity as a user is never validated. Facebook does not require a copy of your driver’s license or birth certificate at the point of initial signup. Facebook only requires that information if they suspect your account is not legitimate.

 

Parents, it’s easy to assume that simply by saying “NO” the problem goes away. The reality is that it does not.

Rather than saying NO, Parents needs to sit down and work with their kids on understanding the risks, the dangers of using Social Media. Not everyone out there is your friend, and not every friend of your child’s friend is your child’s friend. Helping your kids to understand that what ends up on the Internet, stays on the Internet, is a great way to help them understand why it is important to manage and control what aspects of your life ends up anywhere.

Educating, guiding them to challenge assumptions, thinking twice about putting certain pieces of information online, helps your kids much more, especially as the passage of time shows that technology changes consistently. Yesterday was MySpace. Today is Facebook. Tomorrow is what? I don’t know. I do know that simply saying “NO” will not cover everything.