InfoSec Odds and Ends

Last Updated on Thursday, 4 March 2010 01:58 Written by Jeffreycarr Thursday, 4 March 2010 01:56

Here are some of the important events of the last few days that I haven’t had time to blog about but would like to briefly share with you:

• The takedown of the Mariposa botnet is a wonderful case study of how the collaboration between international law enforcement agencies with the assistance of private industry can beat the bad guys.
• Forbes Special Report: The Real Meaning of Cyber Warfare
• Digital Sky Technologies CEO Yuri Milner, who’s Russian company now owns over 5% of Facebook has $1 billion to invest in social media outside of Russia, and he’s interested in Twitter.
• Hack-Jet

The Friday Brief

Last Updated on Friday, 11 December 2009 11:57 Written by Jeffreycarr Friday, 11 December 2009 11:57

While Congress stumbles about launching yet another cyber security task force (why?), solid progress is being made as law enforcement agencies cooperate with their international colleagues to make it harder on the bad guys. I have often advised an international law enforcement solution rather than a military solution, and this story demonstrates the ongoing effectiveness of such a strategy. I’m also happy to see that the Secret Service is going to follow the example set by the FBI and open an office in Tallinn. It’ll be interesting to see if the cyber crime outfit Rove Digital, which is a 3 hour drive from Tallinn, will start looking for a new country to set up shop in.

Good article on the rising number of cyber attacks against critical infrastructure. Too bad it doesn’t deliver any specifics. Speaking of which, the Project Grey Goose report investigating attacks against the Power Grid and other CI will be out in January, 2010.

If you’re on Facebook, you’ll want to read this article on how to protect your personal data under Facebook’s new privacy controls. If your government/military work makes you a likely candidate for information operations by a foreign government and you’re on Facebook …, are you nuts?

Social Web OPSEC Training for DoD/IC Employees and Contractors just became more critical

Last Updated on Monday, 5 October 2009 07:06 Written by Jeffreycarr Monday, 5 October 2009 07:06

Last week’s news that Russian Security Services can demand user info from foreign-owned Internet Service Providers when matters of RF national security are involved has changed the game for U.S. government employees who use Social Software services (Facebook, MySpace, Twitter, etc.).

As if to underscore the risks and the value of the Social Web to governments, President Medvedev admits to worrying about foreign ownership of Russia’s very profitable Internet companies.

Foreign investment in search engines and social networks is “inevitable,” Mr. Medvedev told leaders of the ruling United Russia party at a meeting Wednesday. “But on the other hand — don’t let my words be seen as too conservative — we need to watch this, because these are questions of security,” he said.

The Communications Ministry is working up “security criteria” to determine where foreign ownership might be restricted, a spokeswoman said Thursday. Russian law already requires government permission for significant foreign investment in publications with daily circulation over one million. Several major Russian sites have larger audiences, she said.

In the meantime, Yuri Milner’s Digital Sky Technologies has just acquired another $100 million dollars of ex-Facebook employees stock bringing DST ownership of Facebook up to 5%.

Today’s issue of IntelFusion FLASH Traffic has an indepth analysis of this emerging threat for U.S. DoD and IC employees on the Social Web. OPSEC training in the safe use of Facebook and other sites is more important than ever, particularly for those individuals whose employment makes them high value targets for adversary intelligence gathering, recruitment, and influence operations. I’m concerned that the agencies who contract out the development of these courses will look for a quick fix or a one-size-fits-all approach, and that is NOT what’s needed here.