US Navy Collisions – Was it a Cyber Attack that caused it?

August 31, 2017 at 4:00 pm | Posted in Cyber Security | Comments Off on US Navy Collisions – Was it a Cyber Attack that caused it?
Tags: , , ,

Short answer No.

The longer answer is more complicated as it goes back to what communications technology that warships use when on deployment. When a Warship is on an active deployment communications between the ship and the shore are on encrypted high band traffic.

This is a completely different system from the conventional communications used by Merchant ships and the public as a whole, which means that it is not a Hack in the traditional sense.
In order to compromise a warships system you would need to gain access to the communication systems themselves that are generally hardened technology not connected to the outside internet, which means that a physical connection is required.

As such, it is considerably more challenging and unlikely that a warship is hacked as unless someone physically got on-board or compromised the hardened communications and information then these ships were not subject to a cyber-attack.

More likely, these were accidents because of a lack of physical on the water training as opposed to anything malicious.

Electronic Voting – It’s Hard to Hack a piece of Paper

August 1, 2017 at 3:00 pm | Posted in Cyber Security | Comments Off on Electronic Voting – It’s Hard to Hack a piece of Paper
Tags: , , , , ,

One topic of conversation that comes up quite regularly for me is when people discuss electronic voting machines or voting online. With arguments in favour such as it will increase turnout and that it is more accessible. However, while I work In Cyber Security I will always be against electronic voting for the simple reason of, nothing is 100% secure.

Anyone in the security industry who says that a technology is 100% protected is lying.

There are still accusations that the US elections were tampered with and those rumours will continue for many years unless evidence is found. While it is possible to commit fraud using the UK’s traditional methods of pen plus paper and postal voting. The scale and the difficulties of doing it on a large scale is incredibly difficult.

This past week has reinforced my opinions on the weaknesses of electronic voting machines. At the Ethical hacking conferences in the USA this past week, various ethical hackers and researchers were invited to try and compromise the electronic voting machines used in past elections as recent as 2015.

Within 30 to 90 minutes, every machine type gifted to them was compromised with the researchers able to change hypothetical votes, play minesweeper and have the machines play videos.

Some of the machines could even be compromised remotely via wireless networks. It has been a pretty damning set of research and reinforces the point that with current technology no electronic voting machines cannot be 100% secure.

The ability to change thousands of votes just by messing with a spreadsheet and given the risk all organisations have against insider threats these machines cannot be considered physically secure either when not used in election season.

I’ll stick to my pen and paper for the time being.

The encryption traffic conundrum solved?

June 22, 2017 at 4:00 pm | Posted in Cyber Security | Comments Off on The encryption traffic conundrum solved?
Tags: , , , ,

A challenge that has risen in recent years is the rise of encryption on internet communication traffic. Many websites are now HTTPS, especially if you submit any private details.

It also means that many cyber criminals have also adopted encrypted traffic communication in order to protect themselves and make it harder for traditional security solutions to spot malware meaning that Malware spread through encrypted traffic has become a major source of data breaches.

Currently in order to deal with this threat vector the solution is to decrypt all files resulting in a potential trade-off between security and privacy.

Cisco however, has just announced a new approach by using analytics to analyse the intent of encrypted traffic and assess whether an encrypted file is in fact malicious. This is achievable by using Cisco Talos’ intelligence of current and suspected attack vectors.

Early trials are showing it to be extremely effective and I look forward to seeing it in person and in action soon as this could solve several issues that currently are challenges to the security industry.

Blog at WordPress.com.
Entries and comments feeds.