Categories
Cyberinfrastructure Education Network OpenSource Reading

Latest Read: Ghost in the Wires

Kevin Mitnick is one of the most famous hackers. His story, Ghost in the Wires is wonderful to read. His book is very similar to the story of Frank Abagnale Jr. from the movie Catch Me if You Can. Mitnick’s arrest for hacking into DEC and Pacific Bell made international headlines.

Ghost in the Wires

I found his story a common story of addiction. His innocent position is difficult to support after repeated high level corporate hacking continued to grow. Kevin met with international computer criminals and began sharing documents.

Many will enjoy this story. Only briefly is there a deep dive on telephone switch technology. Mitnick actually began ‘hacking’ the LA bus system at age 12. His computer and telephone crimes starting at just 16 years of age.

There is little doubt that from a young age Mitnick was very intelligent. It was Kevin’s interest in ham radios that served has his source for playing with technology.

Ghost in the Wires moves from chapter to chapter with each hack seemingly growing in sophistication and risk. Mitnick lived as a fugitive on the run from FBI. Yet the story of Kevin’s hack of Tsutomu Shimomura, who worked at Sun Microsystems proved his undoing. Sun was acquired by Oracle.

Mitnick is able to deliver impressive details for each company he hacked. These remain very accomplished tasks. Maybe the best reason to read Ghost in the Wires is to learn how social engineering gave Mitnick easy access to systems.

In 2020 the lessons of Mitnick’s story should serve as a legacy view of penalties of computer hacking. The broad law gave the FBI a large brush. Here again Mitnick takes a position of innocence. He stood firm his actions resulted in no sale of stolen data.

His choice to continue hacking throughout his probation reveals he could not control (to some extent) his addiction.

Categories
Cyberinfrastructure Education Innovation Network OpenSource Reading Technology

Latest Read: Flash Boys

Flash Boys: A Wall Street Revolt by Michael Lewis is a remarkable Wall Street story. Lewis lays out a series of interwoven stories that result in flaws around High Frequency Trading (HFT). While not the subject of a SEC investigation, the book’s publication has resulted in fines for companies trading in less-than-honest environments.

Flash Boys begins with the story of Sergey Aleynikov. Sergey is a talented programmer who is key to this story. We meet him as he faces prosecution.

The early chapters involve cutting fiber optic cable runs via Spread Networks from Chicago to New Jersey, This was most appealing to me. There was an understanding that trades could be altered in measurements of just milliseconds. 4 milliseconds is the timeframe trading companies needed in order to gain an advantage against their trading competitors. 4 milliseconds!

Enter the ability for large corporate banking firms to trade within their own dark pools. The practice of front running was taken to a new level with millisecond transfers. It adds up to shifts in profits away from smaller traders to benefit Wall Street banks.

The idea of milliseconds sounded strange at first. It is impressive to learn how trading firms and large banks were pouring money into advanced networks. Yet this resulted in the 2010 Flash Crash. Most could not understand how computers could cause the market to crash. It was just the beginning of questionable trading practices.

Categories
Cyberinfrastructure Education Network Ransomware Technology

Harvard Cybersecurity

Harvard’s cybersecurity course is certainly a demanding slice of your life. However, I gained valuable insights from Eric Rosenbach and cybersecurity leaders from National Security Agency, Akamai, and Google. In addition, this offered me an opportunity to connect with cybersecurity leaders across wide ranging business and geographic locations.harvard cybersecurity2018 proved a challenge, looking beyond repeated megabreaches that dominated news headlines. Did you suffer from breach fatigue? It was like the movie Groundhog Day.

At some point (probably sooner than we think) all the data impacting all the users connected to the global internet will all be available on the dark web. All for a price…

Categories
Cyberinfrastructure Education Milwaukee Ransomware Technology

2018 Ransomware attacks on Healthcare

The impact of ransomware, botnets and crypto mining will continue to impact hospitals and clinics in 2018.

ransomware, botnets and crypto mining

More precise, targeted attacks including botnets and crypto mining are projected to overtake global attacks hospitals witnessed with WannaCry and NotPetya.

Healthcare Information Security teams must show risk tolerance and carefully monitor new trends in malware, patch management, and change management.

Ransomware via botnets and crypto mining will continue to drive agile healthcare technology solutions, This will impact business shifts in governance and policy across US healthcare facilities as new attacks continue to focus on financial based malware.

Moving into the new year global attacks may give way to targeted attacks, botnets and crypto mining that have been branded as WannaMine.

Categories
Cyberinfrastructure Education Network Ransomware Technology

Healthcare’s 2018 threat is crypto mining

Crypto mining attacks are more stealth than WannaCry.

Cybercriminals continue to drive crypto mining attacks on hospital computers. Some crypto mining attacks will require hospitals report a breach of PHI. If the crypto installed is the popular WannaMine, this is considered a reportable ransomware attack.crypto mining
Last year ransomware took the American healthcare industry by storm. Botnets and crypto mining experienced continued growth since 2016. The WannaCry attack on the British health system and NotPetya simply pushed them off the front pages. They did not disappear. Make no mistake, crypto mining is the new attack vector in 2018 after strong growth over the previous two years.

Tennessee hospital EMR server hit with crypto mining

On January 26th, 2018 Decatur County General Hospital in Parsons, Tennessee announced (PDF) that over 20,000 PHI records were compromised by crypto mining software discovered on the hospital’s main electronic medical records server.