CLOSE
Tags Posts tagged with "cyber security"

cyber security

by -
0 1486
Pixabay photo

By Frank Artusa

For as long as there have been nation states, spies have been hard at work trying to gather intelligence for strategic advantage. Historically, the direct victims of such efforts have been government agencies, the military and corporate intellectual property, but recent events have put us all in the crosshairs when it comes to our digital communications.

Though sophisticated methods like collecting radio frequency emanations, tapping above ground and undersea communications cables, and other signals intelligence techniques, have been historically employed by adversary nations, few could have predicted the massive data breach recently perpetrated by an elite hacker group attributed to the People’s Republic of China called Salt Typhoon.

Salt Typhoon, a codename assigned by Microsoft’s cyber threat intelligence team, was first discovered in Fall 2024 to have compromised telecommunications systems and networks belonging to Verizon, T-Mobile, Spectrum and several others. The widespread compromise involved the exposure of data associated with phone calls, voicemails, and text messages impacting millions of Americans. The true extent of this massive breach has yet to be revealed, and it’s unknown whether the affected systems have been fixed.

The idea that any hacker group could obtain access to such critical infrastructure and persist, undetected, for apparently up to a year or more, is difficult to comprehend. The Federal Government’s Cybersecurity and Infrastructure Security Agency (CISA) indicated that Salt Typhoon was able to obtain access due to unpatched network hardware and leveraging entry points designed for use  by law enforcement, or “backdoors”.

Some experts blame the Communications Assistance for Law Enforcement Act (CALEA), a 1994 digital wiretapping law that compels telecommunications companies to assist law enforcement in conducting electronic surveillance with a court order. This tool by the very nature of its existence presents a potential backdoor into the telecom’s network. However, federal, state, and local law enforcement authorities utilize this technique to investigate criminal activity, with probable cause, to uncover evidence of crimes ranging from gang activity, organized crime, public corruption and everything in between. This makes CALEA a double edged sword: supporters laud its criticality to criminal investigations and detractors argue for its potential misuse by hackers or a corrupt government. 

Despite the obstacle described above, in December 2024 the FBI and CISA took the bold step of recommending that individuals utilize communication apps that offer end to end encryption (E2EE). E2EE is an encryption methodology that is used by apps like Whatsapp, Signal, and iMessage (when communicating between apple devices). 

E2EE makes it impossible for an interloper to read data due the advanced encryption utilized to encode data. As an example, it would require thousands, if not millions of years for a supercomputer to break encryption implemented by these applications. Quantum computing, a radical new computer processing technology poses a threat, but this innovation is still years away and governments are aggressively working to develop quantum proof encryption as well.

A clear use of the government’s own utilization of this E2EE technology was recently demonstrated when U.S. national security and defense officials used Signal to communicate tactical war plans in Yemen, albeit with unintended recipients.

Threats posed by advanced nation states capable of funding top tier cyber espionage operations is growing, with dozens of capable groups originating from Russia, Iran and North Korea as well as China. Additionally, this doesn’t include independent cyber criminal groups looking to steal and sell personal data. Considering the wide array of potential threats to digital data, E2EE appears to be one of the few tools guaranteed to stop hackers from eavesdropping on digital communications.

Internet Crime Complaint Center — www.ic3.gov

Frank Artusa, a resident of Smithtown, is a current cybersecurity professional and retired FBI Special Agent.

by -
0 575
At podium, Legislator Anthony Piccirillo (R-Holtsville), chair of the newly-formed Cyberattack Investigation Committee. Photo by Raymond Janis

County legislators convened at the William H. Rogers Legislature Building in Hauppauge on Monday, Dec. 5, announcing the formation of a bipartisan special committee to investigate the recent cyberattack against the county government.

A confirmed ransomware event was first reported in early September. [See story, “Suffolk County cyberattack offers a window into the dangers of the digital age,” Nov. 17, TBR News Media website.] The attack crippled the county’s IT infrastructure, shutting down the system for over a month, with systems slowly coming back online.

The county press release relating to the new committee indicated that, “Information regarding the effects of the attack continues to be made public, including the admission that the personal information of as many as 470,000 residents and 26,000 past and current employees has been stolen by the hackers.” 

Kevin McCaffrey (R-Lindenhurst), presiding officer of the county Legislature, announced the appointment of Legislator Anthony Piccirillo (R-Holtsville) as chair of the newly formed special committee. With these two legislators, the rest of the committee will comprise Minority Leader Jason Richberg (D-West Babylon), and Legislators Sarah Anker (D-Mount Sinai), Jim Mazzarella (R-Moriches) and Rob Trotta (R-Fort Salonga).

“The purpose of this committee is to do one thing and one thing only, and that is to find out what happened and how we can prevent that from happening again,” McCaffrey said.

The presiding officer described the impact felt by county officials and residents alike due to the cyber event. He stated that sensitive information of county employees was likely accessed, with many details still unknown.

“There’s been an impact on each and every one of our residents,” he said, adding, “Employees, including myself, have now found out that our Social Security numbers have been compromised. We need to make sure that this doesn’t happen again.”

‘The best disinfectant is sunlight, so we’re going to open the windows and let the sun in.’

— Anthony Piccirillo

Piccirillo outlined his priorities and intended goals as chair. He regarded the Legislature as a coequal branch of the county government with a constitutional obligation to conduct oversight activities. 

“We’re going to execute our constitutional duty of oversight,” he said. “We passed a procedural motion that we now have subpoena power to call witnesses under oath and bring them in if they refuse to come in.”

The committee chairman added, “I do expect full cooperation from anyone that we ask to come in, but we do have that tool in our toolbox, where if people start to refuse to speak to the Legislature then we can have them here under subpoena.”

Piccirillo maintained that openness and transparency would be necessary to restore government operations and public trust.

“The best disinfectant is sunlight, so we’re going to open the windows and let the sun in here to shine and make sure that we get the truth,” he said. “We’re going to follow the facts and conduct the thorough investigation that the residents of Suffolk County deserve.”

Richberg detailed the collective shock and disbelief experienced by county officials when reports first circulated of the cybersecurity breach. He said a proper diagnosis of the problems leading up to the attack would help thwart a similar scenario from unfolding.

“I think understanding and diagnosing the problem from the beginning and having a bipartisan approach to asking the questions in the sunlight … is really important,” the minority leader said. “Most importantly, we need full structures for us to move forward, so this doesn’t happen again and that we are appropriately protected from anything that could happen to us in the future.”

Above, Suffolk County Legislator Sarah Anker (D-Mount Sinai). Photo by Raymond Janis

In an interview, Anker discussed the gravity of the moment and the importance of the government coordinating its response correctly. “I know we’re spending up to $12 million to address this, if not more,” she said. “We need to get all the experts in the field to address what we’re dealing with and how to best deal with it.”

Anker also addressed the criminal nature of this cyber intrusion and the need to grasp cybercrime trends and criminal culture online.

“The dark web, that’s where all of this stuff is happening,” the county legislator said. “It’s the Wild, Wild West of our times, and if we don’t address that in a more aggressive way, it’s going to ripple throughout our country.”

While the committee’s work is just getting underway, McCaffrey said the process will culminate in a report detailing its findings. “We expect to be able to roll this out and tell a good story about what happened from beginning to end,” he said.

by -
0 819
Pixabay photo

The recent ransomware attack against the Suffolk County government has sparked questions regarding our relationship with technology. 

We often take for granted the convenience offered by our devices. Today, we can communicate at lightning speed thanks to email and text messaging. A week’s supply of groceries is just a few clicks away. And many can carry out a full day of work without leaving their homes. 

The digital revolution has permeated nearly every facet of our lives, finding the quickest, simplest, most convenient solutions to almost all of our daily problems. But are there consequences to our increasingly digital way of life? If the Suffolk County cyberattack has taught us anything, the answer is an emphatic “yes.”

While our county officials work through the ransomware situation, we must take a closer look at our technologies at home. What kind of sensitive records are stored within our smartphones and personal computers? How much could someone with access to these devices learn about us?

While most give very little thought to these matters, we must take a greater interest in our personal cybersecurity. If hackers can infiltrate the county’s network, crippling the government’s entire system for over a month, they can invade your home computer, too.

The digitization of all records is not the answer to our problems. Our social security cards and birth certificates are safer in the filing cabinet than on our computers. If we refrain from uploading these sensitive records to our devices, we deny hackers the chance to use them against us.

To protect oneself against ransomware, the Cybersecurity & Infrastructure Security Agency, an operational component of the U.S. Department of Homeland Security, recommends installing antivirus software, firewalls and email filters. CISA also advises upgrading all applications and operating systems, as outdated programs are frequent targets for ransomware.

Users can defend themselves, too, by verifying email senders and cautiously approaching all email attachments. One should only use a single card for all online purchases to prevent access to multiple financial accounts. Most importantly, people should stay current on cybercrime trends to remain ahead of the curve.

Remember that hackers cannot access records we do not upload. With caution and common sense, we can better protect ourselves from the growing threat of ransomware and other malicious activities online.

by -
0 1586
Brookhaven is looking to increase it's cyber security through a state grant, but the town is not saying how. Stock photo

The Town of Brookhaven is looking to beef up its cyber security.

At the Aug. 2 Brookhaven Town board meeting councilmembers voted unanimously to apply for a $50,000 grant under the New York State Division of Homeland Security and Emergency Services Cyber Security Grant Program. If the town attains the grant, Brookhaven will use town funds under specified cyber security initiatives and seek reimbursement through the grant.

The grant will make $500,000 available for any county, town or village in the state at a maximum of $50,000 per entity. Other municipalities in Suffolk County such as the Town of Smithtown are applying for the grant.

According to the state grant application, the money can be used for a number of items, including hiring a cyber security consultant, software packages for items such as firewalls and encryption, new equipment such as servers or hardware used against cyber threats, and for staff training involving cyber security awareness.

Jack Krieger, communications director for Brookhaven Town, said the town does not comment on current or future cyber security measures when asked what the money might be used for.

In June 2017, the Town of Brookhaven’s website, among 76 other municipalities, was successfully hacked by what was described as a “pro-ISIS group.” ISIS is referring to the Islamic State of Iraq and the Levant, the group that took over parts of Iraq and Syria in 2014 and is now being pushed back by U.S.-backed Iraqi forces and the Syrian army.

The group, Team System DZ, created a static webpage using the Town of Brookhaven servers, but it did not affect the official Brookhaven website. A link was set up through town servers to a static, look-alike webpage.

Deputy Town Supervisor Dan Panico (R-Manorville) said at the time they did not see any information extracted from the servers. The town’s website was taken down temporarily but was restored within a few days.

Much emphasis has been put on cyber security by government officials of late, as it was revealed that Russia had made efforts to hack into Democratic National Convention servers during the run-up to the 2016 presidential election, taking information which was later released via several outlets including WikiLeaks, an international whistleblower organization. U.S. intelligence officials have warned that Russia is already attempting to influence the 2018 midterm elections through multiple electronic means including phishing scams that target people’s passwords and by setting up fake accounts on social media, according to Bloomberg News recently.

Meanwhile, the Suffolk County Board of Elections is also keeping tight-lipped about cyber security measures as Long Island and the rest of the country heads toward a heated midterm election taking place Nov. 6.

“The board generally doesn’t comment on its security measures because we understand that doing so could aid nefarious individuals in their attempts to exploit our voting processes,” said Republican board of elections commissioner, Nick LaLota, when asked about the board’s preparedness to ward off security threats.

TBR News Media is your local news and entertainment website.
We provide you with the latest breaking news and information for your community.
Contact us: [email protected]

Most Viewed

©