Posted on

Cyber Security of Weaponized Media in a Socially Engineered World

cropped-cropped-cropped-cybertalkbanner-e1508906208519.jpg

I.     Introduction

The world is seeing an ongoing multi-faceted cyber attack(s) (social engineering) that uses weaponized fake media, digital false flags and other digitally obfuscated materials. These attacks stem from nation states, paid hacker cartels and mercenary hackers globally. These cyber security attacks utilize social engineering, weaponized media and fake media. We have been studying these socially engineered attacks since 2009, and have created unique responses to them.

II.    Main body

The Green Revolution of 2009 in Iran marked the first known use of weaponized social media. The Government of Iran utilized Twitter to get western citizens to spread their propaganda.

Fast forward to 2016, where USA itself was attacked through long term, dedicated weaponized media cyber assault on our democracy; and government alike by Russia and its agents. This attack continues with multi-faceted usage of fake media, bots, fake social media and malware laden content on these sites.

The final outcome is still under investigation, but it is seen as a major win for Russia intelligence groups, and a major loss for the USA.

In the 2016 attack on the USA, innocent citizens were co-opted to spread weaponized media that had either been previously illegally exfiltrated or was fake to begin with.

Some might say this is a soft attack, not vitally important as a hard cyber attack on a network, grid or infrastructure, that is simply not true.

In fact, these attacks are proving to be just as lethal as more traditional cyber attacks. Socially engineered attacks often mask other types of attacks as well – like DDoS, MiTM and malware/wipeware.

However, socially engineered attacks now account for more than 50% of the beginnings of all cyber security intrusions and breaches.

                                                                              III.   Conclusions/future steps

How does USA protect itself from such asymmetrical attacks in future?

With explosion of IoT Devices has come a parallel explosion of attack surface areas, many of which are simply not protected.

With the explosion of social media platforms and content being shared has come a parallel explosion of attack surface areas, most of which are not secured or protected. But many social media users operate under a belief that they are fine because “the big companies are protecting us.”

This is a false belief, and users, both government and individual need to take drastic steps to protect these accounts and platforms.

Should the USA Government sponsor Human/digital trainings to help protect and defend against socially engineered attacks?

How do regular people tell difference between real media/faked media? How do leaders weed out bots, automated accounts from real?

What steps can USA take today; tomorrow to prevent ongoing and future socially engineered cyber attacks?

 

 

Based on proprietary research at www.digijaks.com and through extensive work with clients who are dealing with and or have dealt with such attacks.

Posted on

Digijaks CEO Speech at US Army CyberTalks NYC

 

Posted on

#CyberSecurity #DigitalDiplomacy 2017

#Digitaldiplomacy and #Cybersecurity on a Rough Patch in 2017.

The last several years have seen an explosion of digital diplomacy tools and techniques. This is driven by an ongoing growth in technology platforms; and social media combined with the increased numbers of world Governments adopting open data and open government principles. There has also been a parallel explosion in fake social media, fake news and fake information being propagated globally.

The effect of the combined forces is that cybersecurity is now playing an even more vital role in digital diplomacy. Where digital diplomacy just a few years back was between recognized principals of Governments, now there are lots of other players trying to make that communication much more failure prone.

Additionally we now have leaders using Twitter and other tools to communicate directly with each other and or to directly go around the news media.  Just in the first few months of 2017 alone, we have witnessed multiple world leaders using Twitter to speak in ways that are different from the stated policies of their countries, or to put pressure on other countries through this most public of mediums.

There have been recent successes and failures. I wrote about some of these a few years back. We have also seen a tremendous growth in what I call “anti digital diplomacy” thru the concerted use of fake social media accounts, fake news websites, and fake statistics designed to make the role of real diplomats much harder.  While some of this is innocuous, much of it is organized and part of larger cyber deception plots being run by larger nation states.

Western European countries are currently experiencing the same types of digital attacks on their electoral systems, including the use of selective leaking of compromised materials that the US experienced in 2016. Which means that hacking, and hackers have been deeply involved too. One does not get compromised materials without someone first doing the exfiltration of the information from its original home.

Which brings the question of what role cybersecurity needs to play in digital diplomacy? It is a dynamic situation now with asymmetrical threats and increased attack surface area affecting the very direct communications that digital diplomacy allows.

Governments, Diplomats and the media alike need to be trained and continually updated on how to spot fake accounts, fake news, fake websites, and how to ensure only officially verified information is being transmitted through the digital diplomacy channels. Additionally steps need to be taken on dealing with constituents and the news media to ensure that fake information is put down quickly with the truth and facts to back it up.

Diplomats across the globe have already been caught up in re-tweeting fake news or getting trolled by fake accounts. But there needs to be a verification role too, that is played with the public, especially in terms of proving the falsity of fake information being purposely distributed.

Further, steps need to be taken to lock down accounts with two factor authentication, very strong passwords and strict internal organizational controls on who uses the digital diplomacy tools and how.  Cybersecurity needs to be incorporated into every decision and every level of communications, both internally and externally.

Finally, Governments and Companies around the world need to adopt a rapid response routine to deal with both fake news and fake information coming from non-official sources, as well as from official sources or official twitter accounts. The World now has several leaders who seem to want to try to use Twitter to go around their local politics and news media and or tell the world an un-true or incoherent story. If Diplomats are not ready to respond to falsities or cyber-attack driven leaks quickly, then they will be playing a constant game of catch up. True for the news media and global citizens alike.

Posted on

Emergency Social Media and You in Crisis

Many people must feel the 2015 holiday break could not have arrived soon enough what with terrorism, crazy weather and other events that get covered rightly or wrongly in social media. While these can be scary and confusing times, they can also be times to educate, learn and help one another to understand a new reality we are all living in now.

There are specific tactics and strategies for understanding how live events unfold in social media and these can be instructive to the general public about what you are seeing and when, during events like these past weeks that we have all experienced. Real life events almost always flow to the internet in a micro second. Knowing how to tell the difference between truth and fiction could be critical to saving your own life of that of your family in a real life emergency that is also happening on social media.

So below are general truths about live events that unfold in a digital realm and in real life.

General Truths:

  • In any emergency in the digital age, there are three things that happen. The first is the incident itself. The second is the round of rumors, untruths and outright lies that get spread at the speed of email, phones, sms and of course social media. The third is the round of truth, where all the earlier rumors, untruths and outright lies now have to be dispelled.
  • The fear factor is something we all face. Some deal with it better than others. This fear factor only gets enhanced by constant updates, notifications and of course, people checking social media non stop during emergencies/crisis/terrorist attacks.
  • Truth and Veracity in information sharing, whether in person, on the phone, through email and on social media are paramount in times like this. Do not be the one spreading false or unverified rumors. Do not be the one sharing non-verified *news*. These actions can cause panic, can cause a response from authorities in the wrong place and more importantly can add to the sense of fear that already exists in events like these.
  • As members of a community it is extra important for us to not be sharing false information, to be extra calm and careful with facts and to have vigilance with the news and information; and especially that our kids are getting access to. Help them. Make sure they are both understanding the facts, and not mis-truths; and that they are not responsible for sending or sharing false information.
  • Even the media can rush to judgement in a situation like this and often times reporters will start referencing tweets and other social media. Many times the sourced social media is not a verified source, so even the news media will get it wrong in these situations. So it is up to you to take the extra couple of minutes to *verify* information, especially any information being provided to your kids or others’ kids.
  • Just because you heard/saw/read something *DOES* not make it a fact, especially in a crisis situation. DO NOT JUST SHARE ANY RUMOR OR ANY STORY. CHECK. INVESTIGATE. THIS IS FOR THE SAFETY OF YOUR FAMILY AND THE COMMUNITY.
  • Be aware that your kids may be getting wrong information/scary information from the internet, from social media, from the chats in games and from their friends. Work with your kids to understand the importance of getting to the facts, and not sharing what could be dangerous information. Same is true for the adults in your lives. Social media during emergencies can make normally calm people get very nervous and then they spread that nervousness by posting wrong or misinformed information in their zeal to make themselves feel better about the situation,.
  • Be aware that not all technology will always work the way it should. Sometimes you may get called, sometimes you may not. Sometimes you may get an email, sometimes you may not. So build up a quick reference of social media accounts that you trust and are verified. Create a list of these, and keep it on your computer or device.
  • Be prepared. We have all hopefully created safety plans for our businesses, community groups and families in case of emergencies. Do the same for digital emergencies. Know where to look. How to find what you need. How to dispel rumors that can be dangerous. Create a digital emergency family plan, and teach it to your kids. Practice it before something happens so it is not something to worry about, but rather something that becomes instinctive and instructive.

I created an emergency social media list on twitter with accounts that are both trusted and real. I suggest you do the same and keep that list handy.

Make a list of your local real life emergency providers websites, twitter accounts and other social media tools. Use them to verify information and dispel rumors.

Posted on

Cyber Reputation Management and Control

BAM!  There it is.

Right in your face one morning when you check your social feed as news.

That nasty little something that someone, a bot, or a person, or maybe both left for you overnight. It is a digital take down. A bad blog post. A social media meme that is being unanswered or purposely pumped up to discredit you, your company or organization or your brand. Or maybe it is a false allegation. Or paid fake bad reviews that your competitors put up.

Face it. The Internet is a hostile place for your reputation and your brand, whether that is personal, corporate or government. The control and management of your reputation start and end with you. As we enter 2015, it is worth paying attention to, in fact it is important to take stock of your online reputation, the management of it and the control of it. It is yours. Not anyone else.

The — Internet, social media, the cloud, mobility, bring your own device, artificial intelligence, autonomous computing etc etc — all are really cool buzz words. All come with prices to pay that include the constant need for personal, corporate and government level cyber security, reputation management and reputation control.

Our top 10 List of Ways That Cyber Security, Social Media and Reputation Management and Reputation Control all mesh together.

  1. Social Media — is the entrance point for viruses, malware, malformed links, phishing and learning enough about someone to turn around and destroy their reputation.
  2. Mobility — allows for instant access to social media, email, sms, cloud and phone, and video, as ways to tear down a brand or reputation. It can happen anywhere, at any time, by anyone around you holding a smartphone or smart watch or smart glasses.
  3. Cloud — allows people to store information quickly and easily. This can be for phishing, for cyber crime, for reputation destroying or extortion. Images and videos, poems and documents and your complete online profile can be easily harvested by smart people and or bots and then turned around against you. What information are you allowing out or putting out to make it easier to be attacked? Or easier to have your reputation tarnished or that of your brand?
  4. Bring Your Own Device (BYOD) — While fun and easy for users and your employees BYOD brings a whole fruit basket worth of cyber security and reputation management and control issues along with it. BYOD allows users and employees to access the internet and social media channels without approval or notice from the employer. A reputation can be destroyed in an instant with a recorded conversation, a video, an errant email or sms, or worse corporate espionage and cyber crimes can be instituted easily with BYOD.
  5. Artificial Intelligence — The name alone. What does it mean? How can artificial intelligence (AI) bots or autonomous computing affect your cyber security and reputation management and control? In so many ways we are just beginning to understand.
  6. Lazy People — Sorry but many times the malware or the phishing or the destruction of reputation starts with someone simply being lazy, not having security and privacy settings attended to, and or worse letting someone else use their login credentials.
  7. Your Competition — They have access to the same tools you do. They can buy hackers, they can buy reputation destruction; they can attempt to steal your trade secrets; they will try to insert bad people into your organization at every level. (See 8 below.)
  8. Bad People — No good, no ethos or morals. These people do not care if they harm you. They seek to. These come in the form of social media contacts or email phishing all the way through HR, interviewing, shadowy financiers and content theft propagators from online goods. They will use any and every tool out there to disrupt your business, to destroy your reputation.
  9. Posting stupid pictures of yourself — on to any website regardless of how safe you *THINK* it is.
  10. Not checking the health and welfare of your own digital reputation and brand.

Copyright © 2010-2015 Digijaks, LLC

Posted on

Cybersecurity: Now the Crossover from Cyber to Real Life

Reputation Control and Reputation Management
Cyber Security, Social Media, You.

Cybersecurity used to be be the geek’s eagle’s nest. it was hard to understand, hard to get to, hard to see the impact and need often times. If there was a CIO or CISO, he/she would not be in the board room too often, and usually the budgets were the first to go in any budget change environment. But the cycle switched. Now we are in the opposite cycle. The CIO and CISO are ruling the roost and commanding serious budgets and attention. But being missed in all the excitement is this:

The Crossover from pure cyber crime to real world crime from the same instance.

It is safe to say, times have changed. Now – Cybersecurity has become a word known in almost any home where there is digital connectivity. Time and time again, we are offered proof that cybersecurity now encompasses reputation management; active control of search and social media as well as the traditional hardening of data access points, transport points, and login authorities. Cybersecurity itself has become such a buzzword that it threatens to create a numbness for people hearing it and responding to it.

Recently Digijaks has worked with multiple clients who have faced the crossover from Cyber Security to Real Life Security. It is our recent experience that shows us that law enforcement is *mostly* unprepared for cyber crossover attacks and does not yet have the substantial depth of understanding of the relationship between social media, cyber security and real life people.

The connections are impossible to overlook. What starts as a cyber threat, like impersonation of another; brand or trademark attacks, social media memes and fake social media sock puppet accounts — can now easily and does easily cross over into real world crimes.

The real world crimes escalate too, often in parallel with online escalation. In our recent experience in dealing with the crossover, most law enforcement agencies of *all levels* are simply not prepared to cope with this reality, and have few to zero people in place who are trained investigators and can assist the public, or corporations or utilities or governments with cyber cross overs.

Digijaks CEO Alan W. Silberberg is advising both the company’s clients and law enforcement agencies to take these “cyber cross over” events seriously. There is growing evidence amounting that shows that real world crimes are becoming easier in some ways and can be facilitated through initial cyber intrusions, whether phishing, trolling or direct digital attacks.

This is leading people who were previously *only* cyber criminals or terrorists to become real world ones too, often at little to no monetary cost. We see this a true emerging threat, as yet mostly being unaddressed either at the Federal or State levels, and a threat that is most acutely faced in local communities who very definitely are not prepared.

Posted on

Reputation Control. Cybersecurity. Recent OPM Hacks and You.

Reputation. Is hard to get, hard to maintain, hard to control; especially in an era of hacking by governments and criminals alke.

Cybersecurity is something many people long put off as a back burner decision, or lower funded priority, but in actuality is a critical need, now at the forefront of many leaders’ thinking due to the sheer number and audacity of the hacks from 2013 forward. There is a distinct triangulation between reputation control and cyber security and search results. The more things get hacked, the more information flows onto websites, both for sale, and for free, and the more the search engines index these results. Digijaks’ CEO Alan W Silberberg has written about this triangulation before as it relates to cyber security and how we all need to look at the this inter-relationship, and it’s effects on all of us.

The recent OPM hacks were so huge, the numbers are simply staggering that it is hard to process for most people, especially “regular people” who feel this does not affect them or their friends or family.

But in addition to the 21+ million social security numbers that were stolen in the OPM hack, so were over 1.1 million sets of people’s fingerprints. People who serve the US Government in all sorts of capacities, some secret, some not. So in addition to the notion of identity theft through the means we have become unfortunately accustomed to, like credit, social security and personally identifiable information (PII) — we now have to contend with the theft of biometrics.

It means every citizen, whether they believe the OPM hacks relate to them or not, have to start taking on steps to protect themselves. When a nation state can combine vast databases of personal information with biometrics for some of those same people; it means that nation state, or proxies or vendors it sells to could become one of us through surreptitious methods. It means identity theft is potential on a massive scale, as is exploiting people through their information in security clearance documents or medical records.

It means the push to make encryption weaker or illegal should actually be reversed to become a push to make encryption a standard for citizens; and one that is supported by our Government ln light of attacks and theft of information from tens of millions of US Citizens. The US Government through the Congress should adopt stringent laws making it hard not to encrypt personal information.

It means, think about what information you put in the cloud. Think about what information you put in social media. What information you never put into digital form. It means think about carrying a second and or even third form of identity in case you are ever challenged with not being you.

Reputation Control and Reputation Management
Cyber Security, Social Media, You.
Posted on

GOV20LA 2014

gov20LA_2014_splashImage_v3

 

Digijaks is the Proud Sponsor and Creator of Gov20la.

 

Gov 2.0 L.A. 2014 is 4/28/2014.

Emergency First Responders Get Free Admission to Crisis Management Talks at GOV20LA 2014 Led by Experts

 

Back-to-back earthquakes in Los Angeles and an 8.2 deadly earthquake and tsunami hitting Chile Tuesday night has raised questions and concerns about how prepared emergency first responders, educators, city officials, and citizens are in a world where things can happen in an instant and technology plays front and center.

 

“This is both a wake up call and a warning. The wake up call is to remember how quickly our sense of normalcy can change to instant chaos. The warning is to be prepared and in an age where social media and real life are so intertwined, all emergency responders should understand technological advances available to them and know how to use them– before we are all in a crisis scenario,” says government technology industry veteran and GOV20LA Founder Alan W. Silberberg.

 

With experts in cutting-edge advances in crisis management already scheduled to speak at the upcoming 2014 GOV20LA conference, Silberberg announces an open invitation and free admission for emergency responders, educators, and city officials in the greater Los Angeles area to attend, and says he will make the talks available as a live stream online for those unable to attend.

 

The panel will address the most critical and urgent information First Responders need during and after a crisis that will help them to save lives and property.  What is the most vital and valuable technology to have access to during an emergency? How to effectively establish best practices for communicating via digital channels during a crisis? What is the best technology available to communicate if telephone lines and the Internet goes down? How can organizers scale to handle volume of social media users during the frenzy of a crisis?  What data is important to prioritize needs? What measures will keep data secure in case of an earthquake where data is stored? All of these questions will be answered by leading experts including:

 

Who:

  • Alicia Johnson of the San Francisco City Office for Emergency Response
  • Bob Gourley, the former CTO of the Defense Intelligence Agency
  • Carmen Villadar, a former emergency room nurse and mobile technology analyst/futurist
  • Filiberto Gonzalez, the Los Angeles City Commissioner for North Valley Planning Commission

 

When: Monday, April 28, 2014

 

Where: Annenberg Beach House on the beach of Santa Monica, CA

 

Tickets to attend the talks live are limited and are available in advance through email request at Gov20la@gmail.com. They will be given on a first come, first serve basis and are expected to go fast. People wanting to watch the live stream are encouraged to sign-up for the event Facebook page to receive updates and a reminder before the stream begins here: http://bit.ly/GOV20LA2014

 

GOV20LA is an intimate and powerful conference held annually to bring together innovative leaders at the intersection of government, tech, and media from around the world in an apolitical setting. Every year, the conference covers breaking topics affecting citizens at large with leaders delivering insights into current gov tech issues and cutting-edge technology in an open town hall format such as the Darknet presentation by General Manager of Intel Peter Biddle and the Award-winning Social Media efforts of NASA JPL’s Mars Rover delivered by Veronica McGregor and Stephanie L. Smith at the 2013 event.
For more information on GOV20LA 2014 please visit http://gov20la.com.