The Week that Was - 2013.05.07

These links are a little stale so my apologies.  However, there are still some interesting tidbits in here.  Read on to hear some interesting stories about good data for risk assessments, data breaches, would be spies, and adventures in hardware decommissioning. Despite being way late, I need to point out that the 2013 Verizon Data Breach Investigations Report is out.  [1]  This is some handy data.  Based on your size and your vertical, you can use the DBIR to get a pretty good idea of who your primary attackers are most likely to be.  The other good news (sorta) is that basic security practices like patching and egress filtering, can be incredibly effective against most attackers.

Speaking of breaches, there are several breach stories this week. [5], [12], [14]  Breaches seem to be a fact of life these days and that is a little depressing.  It's especially frustrating when you read things like the DBIR that suggest basic security practices can be very effective in avoiding these kinds of breaches.  What is getting in the way of us doing the fundamental blocking and tackling out there?

It's tough to bring up the topic of breaches without talking about the Chinese.  Cliche though it may be, there is good reason to put Chinese attackers on the usual suspects list.  Such was the case when a NASA contractor and Chinese national was arrested as he was about to depart back to the PRC, with his NASA-owned laptop.  [3]  There was suspicion that the former contractor was absconding with classified NASA information.  (Sources have confirmed the formula for Tang were never in danger.)  The good news is that the only data they found was a hard disk full of porn.  My question is this: Was the porn just a steganographic container for classified information?

Two other articles are worth a read.  The first comes to us from the Land of the Rising Sun.  [10]  Japan had decommissioned an old coast guard boat and sold it to a ship breaking facility.  The trouble was that board members of the ship breaking company included several members of the General Association of Korean Residents in Japan, a pro-North Korea organization.  While the weapons and comms gear were removed before the ship was handed to the ship breaker, the navigation system was still intact and could have provided information on 6000 of the ship's active duty locations over its last 250 days.  It doesn't matter if it's a smartphone or a coast guard cutter, make sure wiping all the data is a part of your disposition process.

As always, hit me in the comments if you have questions or comments.

Link Dump

[1]  “2013 Data Breach Investigations Report,” Verizon Business. [Online]. Available: [Accessed: 23-Apr-2013].

[2]  S. Sharwood, “BlackBerry 10 passes US defence department tests,” The Register, 03-May-2013. [Online]. Available: [Accessed: 06-May-2013].

[3]  S. Gallagher, “Chinese ‘spy’ caught with NASA laptop full of porn, not secrets,” Ars Technica, 02-May-2013. [Online]. Available: [Accessed: 06-May-2013].

[4]  N. Shachtman, “CIA’s New Tech Guru Hails From AOL (But Don’t Hold That Against Her),” Danger Room, 30-Apr-2013. [Online]. Available: [Accessed: 02-May-2013].

[5]  T. Wilson, “Consumer Reports: 58 Million U.S. PCs Infected With Malware,” Dark Reading, 02-May-2013. [Online]. Available: [Accessed: 02-May-2013].

[6  ]T. Parker, “Exploit Devs At Risk: The Nuclear Scientists Of The Next Decade?,” Dark Reading, 30-Apr-2013. [Online]. Available: [Accessed: 06-May-2013].

[7]  R. Lemos, “Five Habits Of Highly Successful Malware,” Dark Reading, 01-May-2013. [Online]. Available: [Accessed: 02-May-2013].

[8]  C. Graeber, “How a Serial-Killing Night Nurse Hacked Hospital Drug Protocol,” Threat Level, 29-Apr-2013. [Online]. Available: [Accessed: 02-May-2013].

[9]  R. Chirgwin, “IBM open sources new approach to crypto,” The Register, 03-May-2013. [Online]. Available: [Accessed: 06-May-2013].

[10]  P. Muncaster, “Japan forgot data wipe on ship sold to Pyongyang,” The Register, 29-Apr-2013. [Online]. Available: [Accessed: 02-May-2013].

[11]  D. Kaminsky, “Let’s Cut Through the Bitcoin Hype: A Hacker-Entrepreneur’s Take,” Wired Opinion, 03-May-2013. [Online]. Available: [Accessed: 06-May-2013].

[12]  T. Wilson, “LivingSocial Says Cyberattack Puts Data Of 50 Million Customers At Risk,” Dark Reading, 29-Apr-2013. [Online]. Available: [Accessed: 02-May-2013].

[13]  R. Lemos, “Recent Breaches More Likely To Result In Fraud,” Dark Reading, 29-Apr-2013. [Online]. Available: [Accessed: 02-May-2013].

[14]  A. Saita, “ Notifies Customers of Network Attack,” Threatpost, 02-May-2013. [Online]. Available: [Accessed: 06-May-2013].

[15]  A. Shostack, “The Breach Trilogy: Assume, Confirm, Discuss,” The New School of Information Security, 22-Apr-2013. [Online]. Available: [Accessed: 02-May-2013].

[16]  J. Wade, “Women at Work: Why Women Should Lead Risk Management,” Risk Management, 01-May-2013. [Online]. Available: [Accessed: 02-May-2013].