Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for April 2017

New Study to Explore Relationship Between Autism and Cybercrime

New Study to Explore Relationship Between Autism and Cybercrime

A new research project launching today is set to explore the link between cybercrime and autism or autistic-like traits.

The University of Bath’s Centre for Applied Autism Research will lead the research, with charity Research Autism and the cybercrime unit of the National Crime Agency (NCA) also involved.

Law enforcers are increasingly aware that those arrested for such crime may be on the autistic spectrum, but so far there’s been no systematic research on the matter, according to Bath University.

It added:

“Research Autism is seeking to undertake a research project to explore the profiles of cyber offenders and their pathways into such offending. This will also provide important information on the nature and size of this issue, the degree to which autistic individuals are represented in these offences. The project will also seek to identify possible risk factors that lead to cybercrime activity, and timely preventative and diversion measures.”

Bath University researchers will look to study three groups of 30 individuals: one will consist of people convicted of cybercrime offences; one will be of general offenders and one will be a non-offender group.

“Through our project we will explore whether autistic traits are actually associated with computer-related abilities and cybercrime,” explained professor Mark Brosnan of the Centre for Applied Autism Research. “Whatever the conclusion, our findings will have important implications for better understanding why people do – and indeed do not – engage in cybercrime.”

As well as identifying whether those on the autistic spectrum are more vulnerable to cyber offending, the project will aim to understand pathways into cybercrime in order to boost prevention efforts, alongside raising awareness of these issues among law enforcers.

Katie Chodosh, co-founder of autistic art fundraiser Artism by Jake, told Infosecurity Magazine that it’s important to put the research into context.

“Autistic people have been known to be at greater risk of becoming a victim of cybercrime as they can take ransomware and phishing threats literally. That said, autistic people have also proven themselves assets in the field of computing, with Microsoft and the Israeli Defence Force specifically recruiting autistic people,” she argued.

“It is a shame that this report is focused purely on the criminal element. Disabled people have long been portrayed as either a hero or a villain and the positioning of this research disappointingly echoes that. It’s not all negative as hopefully the research will encourage a more scientific basis for linking autistic people to cybercrime, with a practical outcome to help those people find jobs in the information security industry.”

Source: Information Security Magazine

Russian Military-Linked APT28 Group to Wreak Havoc in 2017

Russian Military-Linked APT28 Group to Wreak Havoc in 2017

The infamous APT28 group linked to the hacking of Democratic Party officials last year is most likely sponsored by the Russian foreign intelligence agency GRU and will continue to attempt to influence major elections in Europe this year and beyond, according to SecureWorks.

The security vendor claimed in a new report that the group – which it dubs Iron Twilight – switched its activity beyond covert military intelligence gathering to sabotage and attempts to target political entities in 2015.

One of the GRU’s stated aims is to use maskirovka – deception and disinformation techniques designed to “confuse, undermine, and ultimately disrupt an enemy.”

That seems to fit well with APT28’s publication of damaging internal emails from DNC officials, as well as other organizations including anti-doping agency WADA.

The report concluded:

“The threat group’s activity can be characterized by the theft of confidential information and its calculated release to influence global events. Characteristics of IRON TWILIGHT’s activity suggest it is operated by the GRU. The threat group’s departure from purely military and regional affairs to broader political and strategic operations, evidenced by its US political operations, suggests the Kremlin views IRON TWILIGHT’s role as supporting Russian ‘active measures.’ These active measures correspond to the Soviet doctrine of manipulating popular opinion to align with Russian strategic interests, enabling other Russian threat groups to carry out traditional covert intelligence gathering operations.”

However, while a link with the GRU is likely, there is still no direct evidence and the Kremlin remains able to plausibly deny any such activity.

Going forward, the group is likely to attack any entity seen as hostile to Russian interests. This means the French and German election will be hit by “similar operations” to that which influenced the outcome of the race for the White House, and could mean TV broadcasters are in its cross hairs, following the notorious attack on TV5 Monde in 2015.

However, its spearphishing tactics are far from sophisticated, and SecureWorks had the following advice:

“By applying best practice security controls such as regular vulnerability scanning and patching, network monitoring, and user education, organizations can reduce their susceptibility to compromise. IRON TWILIGHT quickly operationalizes disclosed vulnerabilities in web browsers and associated plugins, so timely implementation of patches is important for protecting systems. Based on the threat group’s exploitation of webmail, CTU researchers recommend that organizations implement two-factor authentication (2FA) on internal or third-party webmail platforms used in their environments. Organizations should also encourage employees use 2FA on their personal accounts and restrict work-related communication from personal email.”

Source: Information Security Magazine

IT Admin Guilty of Hacking of Former Employer

IT Admin Guilty of Hacking of Former Employer

A former IT system administrator is facing a decade in the slammer after pleading guilty to hacking his employer and shutting down key systems the day he was fired.

Joe Vito Venzor, 41, is also facing a bill of $250,000 and restitution to former employer Lucchese Bootmaker, after admitting one count of "transmission of a program to cause damage to a computer."

The Department of Justice had the following:

“By pleading guilty, Venzor admitted that on September 1, 2016, after being terminated from his position at the company’s help desk, he logged onto the company’s network through an administrator account and shut down the company’s email server and application server while deleting systems files essential to restoring computer operations.”

The account in question – “elplaser” – had been used before and was easily traced by federal investigators to Venzor’s work computer.

They also apparently discovered a file sent from his work to personal account containing the log-ins of employees at the bootmaker. The order they were saved to the file was the same order in which Venzor is said to have changed them on the day of his sacking – meaning staff couldn’t help restore systems.

As a result of his actions, 300 employees were sent home after being unable to work in the production and shipping factory. Customers were not able to place any orders and goods could not be shipped.

The firm’s IT director was also forced to hire third party IT staff to set up a new application server – all of which presumably cost time and money for Lucchese Bootmaker.

“The company continued to suffer direct and indirect losses because of the intrusion into its computer server in the ensuing days and weeks, as they had to reconstruct files, and fulfill production and customer services issues,” the DoJ concluded.

The case is another example of the challenges associated with managing insider risk.

Research from Forcepoint released last week found that almost a third (29%) of employees at European companies have “purposefully” sent information outside their company, 15% have taken business critical info with them from one job to another and 59% planned to use it in their next job.

Source: Information Security Magazine