The Bureau 121

image

Is this a lovely name for some SF or action movie, or what? Well, you should be fully aware that this a code name of the top hackers unit in North Korea. These guys are deadly serious with what they do. And, apparently very sensitive when it comes to their dear leader. So, what happened?

You should google a little bit about the new movie about North Korea. Although, this is a comedy, for the North Korean leadership there was nothing funny. As a result, Sony Pictures Entertainment division was hacked. As you can see cyber warriors can easily reach wherever you are or what you do.

These intriguing details were revealed by one of the Bureau 121 former members, who was able to escape to where else, than South Korea. So, what is so interesting in this story? Well, we tend the underestimate this country, over and over again. Some people think they still live in the stone age in terms of technology.

North Korea takes care of the talented guys from this group in a fascinating way. They are the elite, and they are treated as such. It turns out that North Korea knows how to take care of its priorities. Cyber warfare is definitely one of them. There is something we can learn from the Bureau 121. Right?

EASA Easy

image

The European Aviation Safety Agency (EASA) has turned an important new page. From now on, your shiny gadgets can be used during the entire flight period with no rigorous limitations, we all know very well. So, what exactly youncan or cannot do with your devices, once you set a foot in an airplane?

Well, you can use a smartphone or tablet freely during a flight. This also includes all available 3G or 4G networks. On the other hand, you still cannot use the Internet on your laptop. This is something that will be strongly appreciated by all passengers. Yet, we have some security questions we need to ask.

Have you heard something about hacking the airplanes, recently? Not so long ago the flight agenda of the Japanese PM circulated for a while on the Internet. The airline company’s IT infrastructure was hacked. Now, do you dare to think what could have happened, if the airport or airplane itself was to be hacked instead?

With this most recent change of regulations, we will allow hackers to freely surf while in a plane. Maybe, this was not such a good idea. We sure hope this was not a result of some profit related idea. Like, we are having some bad times in the airline business, let us do something about it. We really hope that was not the case.

ENISA The Goddess of Cyber Security

image

European Union Agency for Network and Information Security or simply the Enisa is supposed to be the backbone of the EU cyber security system. So it is, that is not an issue here. What we would like to know is what can it do in order to protect us. One of the highly appreciated contribution is an event.

We are referring to the EU month of cyber security. Which is also the great thing, as well. Yet, under the current circumstances, it would be more suitable to organize an event with the more appropriate title. The year of the EU cyber security. We are not exaggerating and there is no bitter tone in these words.

We simply need to do much more. As you have probably realized by now, we are a little bit lazy when it comes to the Google research actions. Do we have some similar agencies at the international level? How about the UN? We even have one much better idea to solve the matters here as it should be.

Each major organisation in the world should have a special cyber security department or some kind of a committee. Can you imagine what we could achieve with all of these potential months devoted entirely to our cyber security? One organization. One month. We would not have enough years for all of these cyber months.

Web Camera – Real Trouble

image

Do you put something over your web camera? Do not be shy. You are among your friends. According to the findings of the Kaspersky Lab one in five persons does it on a regular basis. On the other hand, in China, one in two people does not forget to disable his or her web camera in such a way. Why?

Well, it is quite simple. No one likes to be watched. We all appreciate our privacy. Especially when we sit in front our computers in the comfort of our homes. Some of us do not like to wear too much clothes in such situations. Some of us have tons of notes next to their computers. Is this enough for you?

However, you should be fully aware that there is no absolute protection in this matter. Although, your web camera may be neutralized, its microphone still works and records with no troubles. In addition, your pictures or videos you make with a web camera can be intercepted, as well.

Here is a simpler solution. Buy yourself a laptop or tablet with no web camera. How about the guys, who are disabling their smartphone cameras? Our privacy related fears and paranoia makes us to apply primitive and inefficient safety measures. Someone is watching you while you read this post.

Old ATMs – Young Troubles

image

It is not an exaggeration to say that the ATMs are the true money machines. Yet, the real question is for whom, exactly? If you take the money you have already earned, then you are definitely not in the mood for the word games about the money making machines. And, there is one more scenario.

If someone steals the money from the ATM, he or she will be thrilled by the generosity of these genuine money machines. The older these machines get, the easier for you to become to rob them. It maybe a little bit hard to accept, but there is an entire army of sophisticated malware, which specializes in the ATMs.

Here is an extremely indicative example. One Canadian teenager was able to take the full control over the local ATMs in the most unimaginable and surprising way. He has founded the ATM’s manual on the Internet from A to Z. As simple as that. He made the money to rain from these machines.

Luckily for both himself and the banks, his intentions were good. But, he got misunderstood. He proved his point at a bitter cost. He will have to do some quality time with the authorities explaining his actions and motives, while we on the other hand will have to seriously consider the replacement of grandpa ATMs.

Airlines Grounded For Cyber Security Reasons

image

It is not a joke. Not so long ago the flight schedule of the Japanese PM was hacked. Even worse, it was offered to the black hacker’s market. Do you remember how in one of the Superman movies all oil tankers were unwillingly brought together in the middle of the ocean as a result of hacking?

Well, who says we cannot do the same on the sky? Can you believe that more than 40% of all leading airlines do not have a plan nor effective strategy in terms of cyber security? Why? Maybe, they spend too much time flying and they do not have time to deal with the mother earth related problems such as the cyber attacks.

You can hack whatever you want. We can deal with that scenario. But, what about hacking a plane? There is nothing romantic about it. You are not going to make your own version of the Lost, once your plane hits the ground. And, there will not be any superhero including the Superman to rescue you.

Of all the cyber places in the world the airlines’ IT infrastructure should be the most secured ones. Can you accept the 40% chance for a cyber attack, while you are on the plane? You have greater chances to suffer from the cyber than the terrorist attack while flying. Think about it for a change, will you?

Thank You JPM, It’s Time For Our Next Snack

image

Once you try the flesh of the major financial institutions, there is no coming back to where you used to hack before. This is exactly what happened with the group, which paid an unexpected visit to the JPMorgan. And, they are after for some more VIP financial blood. This does not have to be necessarily all bad.

Why? How can we say such a thing? Well, there is some poetic justice in this one. No matter what kind of cyber tools they use, our good old friendly hackers are still the human beings. And, they get infected with the greedy virus too, sooner or later, this way or another. What more can we expect?

For what is worth, the hackers have started to mess up with the wrong guys. These institutions can afford themselves a luxury of hiring the very best cyber security experts. They make the money. They can make some extra to fight back with the vengeance. Now, let us see what happens in the aftermath.

This is how it works. You do not do something for real, unless the trouble knocks at your door. In the clash between the financial wizards and cyber crime master minds, you know who is going to prevail eventually, don’t you? We sure hope it is not going to include some collaterals. In both finances and among us.

Call Of Cyber Security Duty

image

No matter how hard you try, it seems you cannot unlock the mind of a hacker. Why? Well, you can try to predict the certain type of behavior, but they keep surprising you with the things they steal or hack. Here is a controversial case of the cyber theft, which makes it almost impossible to put all pieces of the puzzle together successfully?

So, what happened? It turns out that an extremely skillful hacker has paid a devastating and uninvited visit to both Xbox One and US Army systems. He or she, or eventually them, get into the possession of the Apache helicopter simulation program. Including the pre-release of the latest Call of Duty game.

The estimated value of these stolen goods, which can be classified as the top intellectual property stuff, is more than $100 millions. On the other hand, you can stop wondering. It makes a perfect sense that someone would like to steal the simulation program for one of the best military helicopters in the world.

However, what is with the Call of Duty pre-release? Maybe, our hero needs to relax after the hard work in his office? For the makers of this planetary popular game, this is not a funny story. In the real life hacking is not a video game. Once you end up in jail, you cannot restart the game from the beginning.

Award Down The IT Security Boulevard

image

The Americas Information Security Leadership Awards has announced its winners for the fourth time. The great thing about is that the American in its title does not refer only to the North America, but also to the Central and South America. So, when you say the American Award it includes both continents.

This is exactly what we need. We need something traditional, encouraging and inspirational at the same time. On the other hand, this something should include the word international in its title. As long as we have American or European prefixes, we cannot expect a major improvement in this field.

For what is worth, we are appreciating and we are grateful for these types of rare IT security awards. We just wish for more of these awards with the wider scope. The hackers themselves seem to be less nationalistic oriented and more open to the idea of an international cooperation. We should follow.

This is how we should do it. A little bit of awarding here and there. Then, a little bit of bug bounty programs, as well. If we appreciate enough our efforts and time invested for the IT security, then we can be rewarded with something more valuable that the awards themselves. The fully functional IT Security, for a change.

Unpatched = Unprotected

image

How many times we have to repeat it? How many evidences we have to submit in order to convince you? About what exactly? Our main point is quite a simple one, and apparently extremely difficult to accept. The human factor is the worst cyber menace you have ever witnessed and heard about.

In the absolute and surprising majority of cases you can easily ensure the remarkable level of the proper IT security. How? With the regular updates and use of patched systems. Yet, we keep missing to update and continue to use the unpatched systems. Why? Either we are totally reckless or lazy.

Either way we are in trouble. On the other hand, your friendly neighbor hacker only needs one vulnerability to pay an unexpected and unforgettable visit. We could have easily avoided or at least decreased the chances of facing this cyber trouble. All what we needed to do was to invest a little bit of our time.

No one can make you to comply with these simple and effective IT security rules, but also there is no one you can complain once you get hurt. The cyber doctors have given you a fair warning including a vaccine. It is your fault, if you think that you have something else more important to do.