Home Podcasts Videos Guest Posts Q&A My Take Bio Contact

For consumers


MY TAKE: What ace-in-the-hole does Devon Nunes have that McCarthy would have loved?

By Byron V. Acohido

When Russian botnet controllers deployed their bots on yet another social media blitz last week, they participated in a campaign that took a page from Sen. Joseph McCarthy’s play book,

On Feb. 9, 1950, at the height of the Cold War, McCarthy infamously brandished a list of what he claimed were 57 subversive communists who had infiltrated the heart of the U.S. government. It was baseless propaganda, of course. McCarthy never made contents of his list public.

Fast forward to January 2018. Rep. Devon Nunes (R-Calif.) comes up with a  top secret memo purporting to show how the FBI was being manipulated to persecute Donald Trump. On cue, Russian botnets unleashed the #Releasethememo campaign, spoofing a supposed grass roots call to make the contents of Nunes’ memo public.

Machiavellian move

McCarthy, of course, didn’t want the contents of his list revealed. Seems clear to me that neither Nunes, nor the Russian botnet operators, really wanted the text of  his memo made public either.  The botnet-driven social media blitz, I believe, was a Machiavellian attempt to add validity to the secret memo — by intimating a cover-up. …more

NEWS WRAP-UP: Russian bots conduct social media blitz to discredit Trump-Russia probe

By Byron V. Acohido

Week ending Jan. 26, 2017. The use of Russian bots and trolls in social media  propaganda blitzes continues. Counter terrorism expert Malcolm Nance minced no words in lambasting the latest deployment of Russian botnets to influence American politics.

Related article: Trump is top bait used in spam campaigns

Nance appeared on the Stephanie Miller radio show to decry as ‘treasonous’ the bold move by House Republicans to spread word of — but no details from —  a top secret memo purportedly discrediting the FBI’s Trump-Russia investigation.


This move was accompanied by the unleashing of Russian bots and trolls to hype the #Releasethememo campaign on Twitter and other social media platform. This appeared to be an attempt to add validity to the memo in question — by suggesting a cover-up.

Lest we forget, Russian botnets fueled wildly conflicting polling results during the 2016 presidential race, and fabricated 6.1 million Twitter followers for then-candidate Trump. This week’s blitz represents another level of finesse.

Insurance halo effect

Here’s more evidence that the insurance industry is aggressively seeking to nurture the anticipated $20 billion-plus market for cyber liability insurance policies. Insurance carriers and underwriters need to figure out how to triangulate complex cyber risks —  not as easy as setting actuarial tables for fires or earthquakes. …more

NEWS WRAP-UP: Mirai botnet variants take Internet-of-Things hacking to higher levels

Week ending Jan. 19, 2018. Don’t look now but the weaponization of the Internet of Things just kicked into high gear. The Mirai botnet, which I first wrote about in December 2016, is back — in two potent variants. Mirai Okiru targets ARC processors – the chips embedded autos, mobile devices, smart TVs, surveillance cameras and many more connected products.

Related article: Massive IoT botnet hits German home routers

Mirai Satori, meanwhile, hijacks crypto currency mining operations, syphoning off newly created digital coins infects.Whether these variants are the work of Mirai’s creator, or copycats, hasn’t been determined.

“It is important to understand that the development community for malware is just as active and often more driven to create improved versions as the conventional software industry is,” Mike Ahmahdi, DigiCert’s global director of IoT security solutions, told me. “System builders and device manufacturers need to have a greater focus on implementing mitigation’s and controls that address the root issues that allow malware to flourish, rather than focusing on addressing the malware ‘flavour du jour’.”

Fancy Bear targets Olympic officials

Meanwhile, Russian hackers continue to be very methodical about interfering in U.S. politics —  for obvious strategic advantage. It turns out they also are passionate about preserving the stature of their star athletes.

The infamous hacking collective known as Fancy Bear has been tied to disruptive hacks targeting the DNC. Now those same hackers are also bedeviling the International Olympic Committee in apparent retribution for restricting Russia’s participation in the  upcoming Winter Games.

The hackers aim is to discredit Canadian lawyer Richard McLaren, who led the investigation into Russia’s widespread cheating in previous Olympic Games. It was because of the findings in his investigation that many Russian athletes are banned from the 2018 games in Pyeongchang, South Korea.


MY TAKE: Rising hacks on energy plants suggest ongoing global cyber war has commenced

By Byron V. Acohido

We all fret over the smorgasbord of cultural and geopolitical controversies complicating our daily lives. That being the case, not enough public attention is being paid to the increasingly plausible scenario of an ongoing global cyber war.

I say this because in recent months there has been a series of public disclosures about progressively more sophisticated hacks into power plants and other critical infrastructure. These intrusions clearly are nation-state sponsored, as they require significant resources to orchestrate, and there is no clear financial motivation behind them.

Related podcast: How Russia’s election meddling relates to plant hacks

And one more important thing: each of the power plant hacks we know about to date seem to be mainly about testing weak points, probing for footholds and generally maneuvering to get the strategic upper hand against a rival nation-state.

The ‘Triton’ hack is a case in point, disclosed on Dec. 14 by security vendor FireEye, a global security company with an extensive threat intelligence team (obtained via its acquisition of Mandiant) and a long history of tracking nation-state cyber groups.

Hackers caused an operational outage at a critical infrastructure site by deploying a new form of sophisticated malware. They were able to stealthily – for a while at least — take control of the plant’s Schneider Electric Triconex Safety Instrumented System (SIS). Such systems are used to automatically shut down industrial processes when operating parameters approach a dangerous state. …more

MY TAKE: How a ‘gift card’ thief spoiled my Christmas

By Byron V. Acohido

Upon returning from a holiday trip this week, we received unsettling news. There has been a rash of mail theft emanating from our local post office. Our box of held mail seemed lighter than it should have been. And one envelope was slashed open; the gift card sent to us, missing.

Our experience fell in line with similar reports from around our neighborhood. It was a stark reminder that despite the wide adoption of chip cards, the lowly “magstripe” wallet card is still in wide use – and remains a prime target of thieves.

Related article: How fraudsters became so enamored with magstriped cards

Magstriped cards consist of magnetized particles impregnated on a thin band. This decades old technology is perfect for holding data, including account information. Anyone can easily extract this data from a magstriped card simply by purchasing a $70 card reader.

Longstanding exposure

And it’s equally simple to purchase blank cards and impregnate their magnetic stripes with whatever data you’d like, including account information extracted from a legit card. This intrinsic weakness of magstriped cards is exactly why U.S. banks finally got around to replacing mag-striped credit and debit cards with chips cards, years after banks in Europe and Canada had already done so.

There was a period from 2005 through 2014 when crime rings plundered account information from the likes of TJX, Heartland, Sony, Target, Home Depot and many more. Criminals got increasing efficient at creating faked credit cards, and then sending teams of mules to make thousands of dollar of purchases at the self-check out lines  Sam’s Club and WalMart, and online, as well. That specific type of faked-credit-card fraud has slowed considerably, due to adoption of chip cards. But magstriped cards continue in wide use, not just for gift cards, but on employee access cards, public transit tokens, phone calling cards, even hotel card keys. …more

GUEST ESSAY: Google study details how 9 million account logons get stolen every 24 hours

By Lisa Baergen

Google should be applauded for spending a year studying how cybercriminals highjack account login credentials and expose them in the cyberspace.

The search giant’s findings are astounding and instructive. Stolen passwords get channeled into the dark web in two main ways: one at a time, via phishing campaigns, or en masse, via data breaches, such as the Yahoo and Uber ones.

From March 2016 to February 2017, Google found that 12 million username and passwords were successfully phished, and some 3.3 billion records were stolen as the result of data breaches. This means that every 24 hours an average of nine million logins are stolen.

Gmail and the Google Cloud Platform are deeply interwoven with corporations and consumers’ lives – even people with personal Gmail accounts use their work email as a recovery account.

Now think about the online retail implications: how many times have you been shopping online and getting confirmations via Gmail? What data does that expose?

The Javelin Strategy and Research Identity Proofing Platform Scorecard, issued in October, showed that everyone – from major merchants to industrial boardrooms and consumers – has room for improvement. …more

PODCAST: The case for rethinking security — starting with smarter management of privileged access logons

By Byron V. Acohido

Two cybersecurity trend lines have moved unremittingly up the same curve over the past two decades — and that’s not a good thing.

Year-in and year-out, organizations have steadily increased spending to defend their networks — and they continue to do so, with no end in sight. Research firm MarketsandMarkets estimates that the global cybersecurity market size will grow from $137.85 billion in 2017 to $231.94 billion by 2022, a compound annual growth rate of 11.0%.

Related podcast: Much stronger security can come from simple ‘Identity Access Management’ improvements

At the same time, the damage and disruption caused by malicious hackers has also continued to rise, with no end in sight. One recent measure of this comes from a survey of senior officials at 120 large enterprises, conducted by research firm Forrester and sponsored by Centrify, a leading supplier of identity and access management (IAM) technologies.


C-level executives disclosed to Forrester that two thirds of their companies had been breached multiple times –  a startling five times on average over the past two years. What’s more, respondents indicated these break-ins occurred evenly all across the network, at endpoints, servers, data bases and in software-as-a-service systems. …more