BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Hackers Don’t Just Steal Data, They Manipulate It

From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 27 Oct 2015 19:02:35 -0600
http://www.govtech.com/security/Hackers-Dont-Just-Steal-Data-They-Manipulate-It.html

Computer hackers could do more damage than just stealing the information
they find online, the nation's top cybersecurity official said in
Pittsburgh Monday.

Computer thieves already hit U.S. companies daily, looking for trade
secrets, bank account information and the inner-workings of operating
systems, said Adm. Michael Rogers, who heads both the National Security
Agency and U.S. Cyber Command.

“What happens when nation-states, groups, individuals no longer want to
steal data [but] they want to manipulate data — and suddenly we can't
believe what we're seeing?” Rogers said at the University of Pittsburgh.

“Much of our structure is based on the whole idea of trust. If you log on,
you can believe what you're seeing. ... (Manipulation) would be huge
collectively for us as a nation, but more broadly, the world.”

Rogers spoke for 45 minutes to about 150 students, professors and others at
Pitt's Graduate School of Public and International Affairs. He later met
privately with officials at the National Cyber-Forensics & Training
Alliance on Second Avenue before speaking at Carnegie Mellon University's
Gates-Hillman Center.

At Pitt, Rogers talked broadly about online threats to the nation while
describing the NSA as a friendlier, more-accountable intelligence operation.

He acknowledged that information leaks about the agency have hurt its
ability to track terrorists, criminals and foreign threats. Former NSA
contractor Edward Snowden released government files about the agency in
2013, leading to recurring news reports.

“I have watched us lose a measure of capability because I'm watching
terrorist groups, number one, physically change the way they communicate as
a direct result of what has been compromised,” Rogers said. “I would argue
that's not a good place for us to be in as a nation right now.”

Another impact is that intelligence agency officials are now willing to
appear in public and take questions, said Michael Kenney, a Pitt national
security professor and researcher.

“This sort of event would not have happened before the Snowden
revelations,” Kenney said afterward. “It is a new world for the NSA and for
U.S. government intelligence agencies. ... They realize they can no longer
be in these protected silos that aren't interacting with the American
public.”

Rogers started out by saying the public should trust the agency, and he
interacted with people in the audience. He at one point mentioned baseball
and, as a Chicago native, teased about the Cubs' post-season run.

That human touch seemed to be working, said Michael Spring, an information
sciences professor who met in private with Rogers before the event.

“He's a thinking military officer, who has children, who understands all of
the issues, all of the concerns of the American people,” Spring said
afterward. “I think that, for whatever reason, he's engaged in an outreach
effort.”

The NSA follows the rule of law, Rogers said, but agency officials rarely
can talk about what they do for fear of tipping off the nation's enemies.

“Now as a democratic nation, it's our right to argue about what we think
about that law,” Rogers said. “Are we comfortable with that legal
framework?”

The United States government also must protect the free flow of information
around the world, Rogers said. Encryption makes his job harder, but he said
protected messages are in the best interests of the nation and the world.

Rogers addressed a media report by The New York Times about Russian
submarines and naval vessels operating near international undersea
communications cables. Any activity near that kind of infrastructure raises
concerns, he said.

“We believe it is in the best interests of the world to have continuous
free flow of information,” Rogers said. “... When we see potential activity
around that kind of infrastructure, we stop and ask ourselves, ‘What is
being done and why?'”

The Internet has resiliency built into it, but if Russian adversaries could
cut enough of the right cables as an act of war, it would have a
devastating impact on communications, said Kenney, the Pitt security
professor.

“That would potentially be devastating,” he said. “That's akin to a kill
switch on the Internet.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!
Previous By Date Next
Previous By Thread Next

Current thread: