Vivek Kundra, federal CIO, outlined plans for new cybersecurity metrics and a dashboard for tracking progress in testimony to Congress. “Historically, the federal government has not been as effective as necessary in its cyber defense,” Kundra said to the Senate Homeland Security and Governmental Affairs Committee’s Subcommittee on Federal Financial Management, Government Information, Federal Services, and International Security.
“An inadequate cybersecurity workforce, a focus on compliance rather than outcomes, and a cumbersome and time-consuming process for collecting information hindered our cybersecurity management capabilities.”
A Different Focus
Kundra hopes new initiatives will focus more on performance rather than on paperwork. “The metrics will be focused on game changing ways to address real security,” he said. “It is not necessarily asking the question, do you have patch management program, but how long does it take for you to patch those systems? We are in early phases in terms of deploying a government-wide approach.”
CyberScope
The Office of Management and Budget released a new tool called CyberScope a few weeks ago. It lets federal agencies report FISMA compliance via an authenticated Web-based reporting tool rather than sending spreadsheets via e-mail.
Annual report required
This year agencies are required to report detailed spending information on cybersecurity. That information will make its way to a federal cybersecurity dashboard similar to the IT Dashboard launched earlier this year, a public Web site that tracks federal IT spending and project performance. “Just as the IT dashboard took us from a static, paper based environment to a dynamic digital environment, the new cybersecurity dashboard will provide the government with a real-time view of threats facing us and our vulnerabilities,” Kundra said.
About Mailprotector
Mailprotector’s service provides a web console so you can view your email security whenever you want. You’ll be able to monitor things such as what is being blocked: spam, viruses, Trojans, phishing attacks and other email borne malware. You can get granular reporting down to the user by specific date ranges. You can implement your own specific email compliance policy within the console. You don’t have to wait on our dashboard to be developed – it’s ready and we’re able to get you going now.
The National Security Agency (NSA) will soon break ground in Utah for a new cyber security data center that’s budgeted at $1.5 billion. The NSA facility will provide cybersecurity intelligence and warnings as well as provide support to defense and civilian agency networks.
“Our country must continue to advance its national security efforts and that includes improvements in cybersecurity. As we rely more and more on our communications networks for business, government and everyday use, we must be vigilant and provide agencies with the necessary resources to protect our country from a cyber attack.”
-Sen. Robert Bennett, R-Utah
Offering a hand to Homeland
They will also lend technical assistance to the Department of Homeland Security, according to a transcript of remarks by Glenn Gaffney, deputy director of national intelligence for collection, who is responsible for oversight of cyber intelligence activities in the Office of the Director of National Intelligence.
Located in Utah
The data center will be built a few miles south of Salt Lake City at Camp Williams, a National Guard training center. It was chosen for its access to cheap power, communications infrastructure, and availability of space, Gaffney said. The complex will comprise up to 1.5 million square feet of building space on between 120 to 200 acres, according to news sources.
About Mailprotector
Mailprotector operates in redundant data centers that provide plenty of horsepower to protect your email systems from spam, viruses, Trojans, phishing attacks and other email borne malware. So if you want to get your email systems protected at affordable prices then give us a call.
Security researchers recently found a Trojan that uses Facebook to communicate with its command and control server. The Trojan malware is being spread via e-mail through “documents (PDF, or MS Office formats) containing exploits for known vulnerabilities,” writes Andrea Lelli, a security analyst with Symantec Security Response. The malware works by contacting the mobile version of Facebook and using its Notes section.
Clues in the title
By analyzing the Trojan’s code, Lelli found that the Trojan will perform four different actions, depending on the notes’ titles that are found. If the title is Wells, the note will contain the timedate stamp for when a machine was infected. If it is WebServer, however, the note will contain a URL to be contacted from which the Trojan will receive commands, Lelli wrote.
“The real command and data processing is done through the remote URL that was received from the notes, and this URL may point anywhere,” Lelli blogged. “However … one could use a Facebook account as a C&C [command and control] server and this Trojan is able to successfully parse the Facebook html data, retrieve the wanted data from it, and also post new data to it (it may for example send stolen data to it in the form of a note in the same [way] as it sends a timedate stamp).”
The flipside
Social networks have been used to help control malware in the past. In August, Arbor Networks researcher Jose Nazario uncovered a botnet using Twitter to communicate with its army of compromised machines.
About Mailprotector
Mailprotector’s services prevent Trojans, viruses, spam, phishing attacks and other email borne malware from getting to your inbox and spreading havoc throughout your email infrastructure.
Senator Joe Lieberman recently announced the opening of a new Cyber Center. Homeland Security spent about $9 million for the new center. It will help better coordinate the government’s response to cyber attacks. Senator Lieberman, chairman of the Senate Homeland Security and Government Affairs Committee, said legislation being drafted by his committee will require federal agencies and private companies to set up a system to share information on cyber threats.
Government lags in cyber security
The feds are playing catch up when it comes to cyber security. There have been numerous reports about coordinating efforts at various agencies to better protect the U.S. critical government and critical infrastructure. Obama has been attempting to hire a Cyber Security Czar but has been turned down by numerous executives.
About Mailprotector
Mailprotector has been providing email security for customers for nearly 10 years. It didn’t take an act of Congress to get the ball rolling either. Just an abundance of annoying junk email flooding our inboxes gave the inspiration to put a stop to that nonsense. If you’re tired of waiting on Congress, Obama and the rest of the U.S. government to get started then join us in the good fight. Mailprotector will provide protection from spam, viruses, Trojans, phishing attacks and other email borne malware from getting to your inbox.
Facebook won a victory against a notorious spammer on October 29th when a federal judge awarded them $711 million. The judge found the spammer Sanford Wallace guilty of violating the Can-Spam Act as well as a restraining order. Wallace and two others used phishing sites and other methods to take control of Facebook accounts to use in their spamming operations.
Not the first lawsuit for “Spam King”
Sanford Wallace is better known as “Spam King” and “Spamford”. He’s been sued numerous times for spam and spyware related damages. Facebook attorney Sam O’Rourke was cautious about the win:
Facebook happy with outcome
“While we don’t expect to receive the vast majority of the award, we hope that this will act as a continued deterrent against these criminals,” blogged O’Rourke, Facebook’s lead counsel for litigation and intellectual property. “Most notably, the judge referred Wallace to the U.S. Attorney’s Office with a request that Wallace be prosecuted for criminal contempt, which means that in addition to the judgment, he now faces possible jail time. This is another important victory in our fight against spam. We will continue to pursue damages against other spammers.”
About Mailprotector
Mailprotector’s services help mitigate “Spam King’s” ways by blocking spam, spyware, phishing, Trojans, viruses, and other email borne malware to your inbox.
Nigeria’s anti-corruption police have shut down 800 scam websites and busted 18 syndicates of email fraudsters. “Over 800 fraudulent e-mail addresses have been identified and shut down,” Economic and Financial Crimes Commission (EFCC) boss Farida Waziri said. “There have been 18 arrests of high profile syndicates operating cyber-crime organisations,” she added.
Microsoft lends a hand
In a statement EFCC, which has previously relied on raiding cyber cafes and complaints from the public to clampdown on the crime, said it has now adopted smart technology working in conjunction with Microsoft, to track down fraudulent emails. The operation, dubbed “Eagle Claw” should be able to forewarn around a quarter of million potential victims when fully implemented within the next six months.
Nigeria has a history of email fraud
Nigeria has the notorious reputation of being the center of email fraudsters. Spanish police arrested 23 people in March, mainly Nigerians, suspected of running an email and letter scam thought to have defrauded over 150 people in the United States and Europe. The gang sent out thousands letters every day to potential prey. Victims were swindled of their money when asked to pay processing fees or supply their bank account details into which non-existent funds were promised to be transferred. Some of the email fraudsters hacked into private email accounts of prominent personalities and sent e-mails to their contacts claiming to be stranded and asking for emergency cash.
How you can prevent email attacks
Mailprotector’s services help prevent many of these types of email scams. Our services are great for keeping spam, viruses, Trojans, phishing and other email-borne malware and attacks from reaching your user’s inbox. Contact us today to learn more.
According to a recent GAO report NASA suffered hundreds of security incidents in 2007 and 2008, including malware infections, data breaches, stolen laptops and bot nets. NASA was affected by more malware than any other federal agency and reported 1,120 security incidents during this two year span. Some of the laptops that were stolen contained unencrypted data for the prototype hypersonic jet (the X-51 scramjet) and test plans related to a space telescope and lunar orbiter. 82 agency computers became part of a Ukraine-based bot net after they were infected with rootkits.
Situation is improved, but gaps in security remain
The US Computer Emergency Readiness Team urged the space agency to implement more effective patching and to better train employees regarding cyber security. Despite the warning NASA still found a number of machines infected with the Coreflood Trojan. It can steal user credentials then communicate with a hostile command and control server. NASA has taken steps to address incident response and improve cyber security practices. The GAO still cites gaps. “”NASA remains vulnerable to similar incidents going forward,” the report finds. “Control vulnerabilities and program shortfalls make it possible for intruders, as well as government and contractor employees, to bypass or disable computer access controls and undertake a wide variety of inappropriate or malicious acts.”
Security should continue to tighten
The GAO made numerous recommendations. NASA deputy administrator Lori Garver agreed with them. “Deficiencies with IT security are often a result of systemic issues in the management of IT,” she said. “To this end, NASA continues to implement improvements in IT management, adhering to [a] previously developed strategy for providing an integrated, secure, and efficient IT environment that supports the NASA mission.”
User awareness key to any effective cyber security program
People need to understand the risks of opening spam attachments or visiting links embedded in spam. Mailprotector’s services help to mitigate these types of events. Our email security services protect users from Trojans, viruses, phishing, and other email-borne malware. Mailprotector is easy – you don’t need to be a rocket scientist to use it.
Happy National Cyber Security Awareness Month!
gaps
The “balloon boy” story is a testament to keeping your guard up against hoaxes that some are willing to perpetrate to get past your defenses.
Media frenzy
Reports indicated that 6 year old Falcon Heene had climbed into a box attached to a home-made high altitude balloon. Media outlets piled onto the story – CNN, FOX, DRUDGE Report and others all had headlines indicating the balloon was adrift but the box was no longer intact. America was anxiously awaiting to learn the fate of the small child.
Emergency services scrambled
The balloon floated for approximately 50 miles. Emergency responders rushed to the scene as the balloon touched down to search for the young boy. Once they did not find him they activated other teams to expand the search. All this effort was for naught because the child was safely on the ground the entire time.
The joke’s on us
As this story continued to unfold it became apparent that it was a hoax. As details have emerged it has been learned that the parents concocted this scheme for self-promotional purposes. Law enforcement officials are still investigating the case. Sheriff Jim Alderden of Larimer County along with other authorities have indicated that charges may be forthcoming against the parents, Richard and Mayumi Heene:
“Charges have not been filed, but authorities expect to recommend felony charges including conspiracy, contributing to the delinquency of a minor and attempting to influence a public servant, Alderden said. They also plan to recommend a charge of filing a false police report, which is a misdemeanor.”
Sherriff Alderden said it is unlikely that someone convicted of these charges would face jail time.
Their plan was pretty much a success
Based on the Sherriff’s comments it appears that the Heene’s have accomplished their goal to heavily promote themselves for another reality show without actually getting into a bunch of trouble. They previously appeared on ABC’s “Wife Swap” and had approached other outlets in the past few months about doing another reality show. Based on all the media reports it’s apparent these folks crave the spotlight and were willing to perpetrate this hoax to create the buzz for a new “reality show.”
News such as this can create an “in” for cyber villians
Spammers and cyber-thieves have a way of using these types of news events to push spam out to unsuspecting recipients. Be wary of phishing emails with headline grabbing subjects. Many times there are links that will direct you to an infected site that will infect your computer with a bot net virus, password stealing Trojan, key logger Trojan, or other malware. Don’t fall for these tricks.
Don’t be fooled again
The Heenes may have been able to pull off their hoax with seemingly little consequence. However, you’ll find that if you fall for the spammers bait then the consequences may be quite harmful. Continue to educate your users against the perils of opening spam and Implement Mailprotector’s award winning email security to protect against cyber hoaxes.
The recent blockbuster sci-fi movie “District 9” was reviewed by some of our staff a few weeks ago. They give the movie a ‘thumbs up’ so you should definitely go see it. It’s about an alien spacecraft that becomes stranded hovering over Johannesburg and how the earthlings deal with keeping the aliens in quarantine. It’s a moral tale about the evils of apartheid and its potential out of this world consequences.
Film “makes Nigerians look bad”
It was reported that Nigerians are upset because of how they are portrayed in the movie. Information Minister Dora Akunyili has asked that movie houses stop screening the movie because it makes Nigerians look bad. “We have directed that they should stop public screening of the film,” she said. “We are not happy about it because it portrays Nigeria in bad light.” Nigerians are portrayed as gangsters, prostitutes and cannibals in the movie. They have asked the producer for an apology and also edit the film.
A more accurate portrayal?
Well, I’m upset about the portrayal of the Nigerians in this film, too. I’ll suggest the following character rewrites. Instead of Nigerian characters posing as gangsters and prostitutes make them Nigerian “princes” and “princesses”. Place them in exciting scenes crafting email messages asking for assistance from the aliens in recovering their family fortune. That would be much more appropriate. Once they start sending their spam to the aliens then all heck is gonna break loose. If the aliens didn’t have enough to be upset about before now they’ll really be ticked off after getting scammed out of their “cat food” money (oops – I should have given you a “spoiler alert”).
Mailprotector saves the day!
Of course, Mailprotector could become a prominent player in the movie. The aliens would adopt Mailprotector’s superior email security technology then we could all just get along. Nothing like a happy ending 
In celebration of National Cyber Security Awareness Month I’ve adopted one of Lou Holtz’s little stories. Lou has a special way of delivering a message. I recently caught this nugget:
The organization had just experienced a severe data breach. Everybody, Anybody, Somebody, and Nobody – they were all given an important task.
“Everybody was to do it. Everybody felt sure that Somebody would do it, because Anybody could do it, but Nobody did it.
Somebody got mad because it was Everybody’s job. Everybody felt that because Anybody could do it, but Nobody realized that Somebody didn’t do it.
In the end Everybody got mad at Somebody because Nobody did what Anybody could do.”
-L.Holtz
It’s a funny delivery but with a serious message. Admins and users need to stay aware of what’s happening with their email. Reveiw your current email usage policies and security posture to make sure you don’t have any vulnerable areas. You can implement one of Mailprotector’s award winning services to help mitigate email-borne threats: spam, Trojans, viruses, etc. Don’t fall prey to the cyber tricksters! Happy National Cyber Security Awareness Month!
