This week’s Security Central examines the breach that leaked the passwords of Trump’s cybersecurity advisor Rudy Giuliani and others, takes a look at the arrest of one of Russia's most successful cybercrime investigators and hacker hunters, and peeks inside MIT’s take on cybersecurity in the age of digital transformation.
Well, it was bound to happen. President Trump's appointed cybersecurity advisor Rudy Giuliani has been hacked. Him, and a boatload of other government folks. A Channel 4 investigation recently revealed that the passwords of Giuliani and 13 other officials, including cabinet members, have “been leaked in mass hacks.” The passwords and other credentials for the internet accounts of Giuliani and the other officials are publicly available online.
The Channel 4 report states that the cabinet members’ sensitive information was compromised and spread online as the result of data breaches that targeted LinkedIn, MySpace and other sites between 2012 and 2016. Not only are the passwords and information easily discoverable online, they can also be purchased from site that holds the stolen information.
“Breaches like these - and the associated list of simple passwords - underscores the need for two-factor authentication on sensitive accounts, such as the email accounts of public figures,” said Dwayne Melancon, vice president of products at Tripwire. “Two-factor authentication, along with periodic password changes, greatly reduces the likelihood of a successful compromise even if someone gains access to your password. Two-factor authentication also mitigates much of the risk if someone re-uses a password.”
This shouldn’t come as a surprise, though unfortunately, it seems to always be new information to someone. The entire presidential election process was riddled with attacks, breaches and leaked information. Political figures will always be targets, and the question regarding whether or not Russia was somehow involved in the election or even potentially had something to do with the outcome is still openly debated. Considering these and other countless examples, you’d think that those involved and closest to the election would have learned their lessons. However, with this most recent example, it appears that you really can’t teach old dogs new tricks.
Lee Munson, security researcher at Comparitech.com was quoted in an article by SC Magazine saying that “many of Trump's staff have reportedly been using the same password across a number of different accounts.” Seriously? Come on, guys. Munson goes on to say that while such careless online behavior is, sadly, rather rampant among us ordinary folk, senior White House personnel and cyber-tsars really ought to know better. Understatement of the damn year, sir. Munson added, “Not only that, the fact that some of the passwords appear to have come from sites such as MySpace may suggest that dormant, no longer wanted accounts have been allowed to remain active which, itself, is also something of a security howler from people who should know better.” Yep. MySpace.
Once again, the tumultuous, hazardous world that is political cybersecurity has presented a prime opportunity for partners to resurface these types of issues. Further, you can be sure that these conversations will continue to dominate political conversations over the next four years, which means continued opportunities for partners. As our own Kris Blackmon put it so eloquently, “in a world of constant connectivity, cloud computing and advanced cybercriminals, tech has a lot to do with how the 45th Commander-in-Chief makes it into office...and what they'll have to focus on when they get there.”
Our second story returns us to Russia - a place we just can’t seem to get enough of. On Wednesday, reports confirmed that cybercrime investigator and hacker hunter Ruslan Stoyanov, a incident response chief at the well-known Kaspersky Lab, was arrested by Russian law enforcement as part of a probe into possible treason. Kaspersky Lab was quick to disassociate themselves from the accusations and arrest, saying that the crimes Stoyanov is accused of happened before his employment at the security firm began.
According to an article by Forbes, the report detailing the arrest stated that Stoyanov's nabbing may be tied to an investigation going on surrounding Sergei Mikhailov, the deputy head of the information security department of the FSB, Russia's national security service. Apparently, both men were arrested back in December. Russian newspaper Kommersant claimed that the investigation was exploring the supposed receipt of money from foreign companies by Stoyanov and his links to Mikhailov.
A Russia-based information security source told Forbes that unfortunately, the details of the case are likely to remain private. The case has been filed under article 275 of Russia's criminal code, which means a secret military tribunal. This article allows the Russian government to prosecute when someone provides assistance to a foreign state or organization regarding "hostile activities to the detriment of the external security of the Russian Federation" (translation from source). Yikes…
Andrei Soldatov, who has studied internet activity and Russian security services for more than 10 years, called the arrest of the Kaspersky manager "unprecedented." "It destroys a system that has been 20 years in the making, the system of relations between intelligence agencies and companies like Kaspersky," Soldatov told The Associated Press. "Intelligence agencies used to ask for Kaspersky's advice, and this is how informal ties were built. This romance is clearly over." Clearly. It’s not a pleasant thought heading into 2017 where this “system” may be more important and needed than ever.
Our final story takes a brief look into a few thoughts from MIT Technology Review on cybersecurity in the era of digital transformation. We all well know that in the age where people and companies are adopting technologies such as the IoT, the cloud, big data and mobility, attention to security must be paid. Big attention. But, in the digital era, MIT suggests, the focus needs to pivot a bit. It’s one thing to secure network perimeters, but now we need to protect data spread across systems, devices and the cloud. This is something partners have been aware of and educating their customers on for some time now, but it doesn’t hurt to refresh with some of these insights.
The automation of most, if not all business processes and the massive spike in digital connectedness is great for business and can certainly increase profits and agility, but of course, this comes with an sizable increase in cybersecurity risks and threat levels. The key, according to MIT, to dealing with those types of risks and threats is building security into said applications right from the get-go. And not just those, but into interconnected devices as well.
“As companies embark on their journeys of digital transformation, they must make cybersecurity a top priority,” says Michael Golz, CIO, SAP Americas. “We have to maintain confidentiality, integrity, and availability of data in all these contexts: on premises, in the cloud, and in hybrid environments.” The amount of data and the value of that data have never been higher in the history of the internet. That means, of course, that end points are more vulnerable than ever too. That’s especially the case with the IoT, which is still fairly new. This just means we have to be better and faster about beefing up security across all facets, especially since attacks are getting almost absurdly sophisticated.
“Any vulnerabilities in the supply chain now have a wildfire effect that results in millions of dollars being lost and trust being destroyed on impact,” says Justin Somaini, global CSO, SAP. “It used to take a while to exploit these weaknesses. Nowadays, it’s very fast and the damage is immediate.” Considering these rather significant hurdles, senior IT leaders, including both CIOs and CSOs, are urged to adopt a more proactive approach to securing sensitive and critical data. And partners can help.