Tuesday, February 24, 2015

Connected World Conference 2015

This week I've been attending the Connected World Conference 2015, hosted here in Birmingham,  Alabama.  Connected World's editor-in-chief, Peggy Smedley, hosts a weekly radio program that focuses on the Internet of Things (IoT) which their industry has called M2M for many years before the IoT tag came along.   Peggy's website has a great tutorial on the Machine To Machine networking technologies and the many ways in which they communicate, but I think nothing really brought the point home to me until I attended the Connected World Awards dinner last night.

If you are thinking about Cyber Security and the Internet of Things, here are quite a few interesting applications I learned about in the dinner last night.  The full range of Connected World Award winners are listed here, but these were a few that really caught my attention.

AT&T Drive Studio - The AT&T Drive Studio in Atlanta, Georgia - The AT&T Drive Studio™ is the first connected car innovation center in the U.S. to be opened by a wireless carrier. And AT&T is inviting the world's most innovative companies and developers to come create the future of connected cars.

ApartmentGuardian, powered by RacoWireless, won the Gold award in the PERS category.  Property managers can use the technology in many ways, from protecting their Lone Workers with a personal safety button (reminiscent of the "I've Fallen and I Can't Get Up!" button that you might buy for your grandmother) to a system for identifying guests to the property in a combined ID card and biometrics solution for visitors to the property, and innovative Security Panels.  The use of low-power radio technology as a backup to "wall power" for keeping your building security and alarm systems online and active during power failures.

Two companies won awards in the Lighting/Manufacturing category.  In both situations the recipients, Atlantic States and Clow Water Systems, were able to achieve amazing savings in both energy and true financial savings by putting in intelligent lighting systems.  Synapse Wireless allows the light fixtures in both organizations to be controlled remotely and through connecting all of the lights in a "Mesh" system - a cloud of lighting services that are in constant communications with one another.

SNAP LightSense from Synapse Wireless

Mesh Systems was the IoT-enabler for BUNN who received an award in the Remote Equipment Management category.   You have heard of the IoT refrigerator, but BUNN has created the IoT Coffee pot!

One of the most interesting M2M applications was SOLARKIOSK, which is using Gemalto's Cinterion modules to deliver remote connectivity and a web-interface for monitoring power production to a mobile unit about the size of a food truck that can be deployed in remote areas, including extremely rural Africa, to provide power and cellular connectivity to areas that lack reliable power.  The first such unit was featured in this story "First SolarKiosk opened in Ethiopia."  The creator, Lars Kr├╝ckeberg, was featured in a TED talk about the technology as well.

The IoT enables some interesting Fleet Management capabilities as well.  CalAmp and the City of Dayton received an award for their system for monitoring and protecting their fleet of 210 snow removal vehicles.  The system, called GovOutlook, turns itself on when a key is inserted into a vehicle, and requires a City of Dayton employee id badge to be scanned to prevent lockdown and alarming.  The system also provides safety for the drivers, who are out on the roads, often in the middle of the night, plowing the 1800 lane miles of snow-covered roads in the city of Dayton.


The focus of our Connected World Conference this year has been on Cyber Security ... speakers including myself and John Grimes from UAB, JD Sherry from Trend Micro, Seth Danberry from Grid32, Jonathan Ratner from Sixgill, Brian Zaugg from Authentic8 and others joined to share our thoughts on Cyber Security to those who have come from the Internet of Things / Machine 2 Machine world.  I was glad I participated and learned much more about the IoT world!

Thanks, Peggy!

To learn more about the IoT, please do check out Connected World Magazine and check in with the Peggy Smedley Radio show.







Friday, February 06, 2015

DIA Cyber Warrior delivers first Worldwide Threat Assessment

Vincent R. Stewart, Lieutenant General, U.S. Marine Corps was promoted into the position of Director of the Defense Intelligence Agency. While our friend and colleague Lt. General Ronald Burgess (ret.), now at Auburn University here in Alabama, certainly understood and respected the importance of the cyber domain, General Stewart represents the first time we have a true cyber warrior at the helm of the DIA.  Immediately prior to his appointment as Director of the DIA, General Stewart served as the commander of the Marine Force Cyber Command (described at the end of this blog post.)  General Stewart was director of Marine Intelligence from 2009 to 2013, rising through the ranks in a long and distinguished career that began with humble beginnings in Jamaica and includes many decorations for valor and leadership.


Worldwide Threat Assessment - Cyber

On February 3, 2015, Lt. General Stewart delivered his first Worldwide Threat Assessment to the Senate Armed Services Committee. (Transcript here). So what did our new DIA Cyber Warrior leader have to say about Cyber threats?

The briefing began, appropriately, with a status of Iraq and Afghanistan, focusing on terrorist threats from ISIL, al-Qa'ida, and the Taliban. After that he touched on certain other "violent extremist organizations" and concluded with a region-by-region and global threat summary.

In his discussion of ISIL, al-Qa'ida, and the Taliban, no technology or internet discussion was featured. Expanding beyond Iraq, AQAP (Al-Qa'ida in the Arabian Peninsula) was said to be focused on commercial aviation targeted with innovative explosions. AQIM (Al-Qa'ida in Lands of the Islamic Mahgreb) is mostly focused on kidnapping and attacks against allies. The Al-Nusrah Front and the Khorasan group were said to be focused on providing personnel and training in Syria, but with an interest in targeting western interests. IRGC-QF (Islamic Revolutionary Guard Corps-Quds Force) and Lebanese Hizballah were described a "instruments of Iran's foreign policy and its ability to project power in Iraq, Syria, and beyond." Boko Haram was described as having the potential to expand beyond Nigeria to become a "significan regional crisis."

Cyber Operations

The first mention of cyber comes with regard to Russia, mentioning that Russian actions against Kyiv included "the use of propaganda and information operations, cyberspace operations, covert agents, ..."While the other regional assessments did not include cyber individually, cyber was brought up in the concluding portion of the remarks in the section labeled "Global Threats."

General Stewart's points on the lack of consensus about the status of cyber attacks was especially telling. The "big bullets" from the cyber portion of the talk seem to be:

  • aggressive attacks against DoD and allied defense networks
  • increased cyber-espionage against DoD and Defense Contractor networks
  • concerns about supply chain vulnerabilities
  • increased use of cyber operations in regional conflicts
  • a lack of international "norms of behavior" in cyberspace
  • freedom of action, especially by Iran and North Korea, to conduct peacetime cyber offensive attacks on western interests without fear of reprisal
  • the use of the Internet by non-state actors for Communication, Propaganda, Fundraising, and Recruitment
Below I quote the General's remarks on cyber in full:
The global cyber threat environment presents numerous persistent challenges to the security and integrity of DoD networks and information. Threat actors now demonstrate an increased ability and willingness to conduct aggressive cyberspace operations -- including both service disruptions and espionage -- against U.S. and allied defense information networks. Similarly, we note with increasing concern recent destructive cyber actions against U.S. private-sector networks demonstrating capabilities that could hold U.S. government and defense networks at risk. For 2015, we expect espionage against U.S government defense and defense contractor networks to continue largely unabated, while destructive network attack capabilities continue to develop and proliferate worldwide. We are also concerned about the threat to the integrity of the U.S. defense procurement networks posed by supply chain vulnerabilities from counterfeit and sub-quality components.
Threat actors increasingly are willing to incorporate cyber options into regional and global power projection capabilities. The absence of universally accepted and enforceable norms of behavior in cyberspace contributes to this situation. In response, states worldwide are forming "cyber command" organizations and developing national capabilities. Similarly, cyberspace operations are playing increasingly important roles in regional conflicts -- for example, in eastern Ukraine -- where online network disruptions, espionage, disinformation and propaganda activities are now integral to the conflict.
Iran and North Korea now consider disruptive and destructive cyberspace operations a valid instrument of statecraft, including during what the U.S. considers peacetime. These states likely view cyberspace operations as an effective means of imposing costs on their adversaries while limiting the likelihood of damaging reprisals.
Non-state actors often express the desire to conduct malicious cyber attacks, but likely lack the capability to conduct high-level cyber operations. However, non-state actors, such as Hizballah, AQAP, and ISIL will continue during the next year to effectively use the Internet for communication, propaganda, fundraising and recruitment.


MARFORCYBER background

In January, General Stewart passed control of the U.S. Marine Corps Forces Cyber Command (MARFORCYBER)to Major General Daniel J. O'Donohue.


(a somewhat dated biography of General O'Donohue is available from the Armed Services Committee)

The command, established in October 2009, was complemented by the Navy's U.S. Tenth Fleet Cyber Command. According to the Marine Corps' "Concepts and Programs" document, the mission of MARFORCYBER is to "plan, coordinate, integrate, synchronize, and direct full spectrum Marine Corps cyberspace operations. This includes Department of Defense (DoD) Global Information Grid (GIG) operations, defensive cyber operations, and when directed, planning and executing offensive cyberspace operations. These operations support the Marine Air Ground Task Force (MAGTF), joint, and combined cyberspace requirements that enable freedom of action across all warfighting domains and deny the same to adversarial forces."

MARFORCYBER has two sub-units, Marine Corps Network Operations and Security Center (MCNOSC), which defends the Marine's own network, and Company L, Marine Cryptologic Support Battalion (MCSB), which plans and executes offensive cyberspace operations.
(www.marines.mil/Portals/59/Publications/U.S. Marine Corps Concepts and Programs 2013_1.pdf, PDF page 42)











Tuesday, January 06, 2015

Universities Targeted with "Library Account" phish

Many universities across the country have been targeted with phishing emails that warn their students that their "Library Account" is going to expire. As with so many cybercrime issues, these crimes could be addressed much differently if the Powers That Be were aware that these were not individual cases, but an on-going campaign across victims across the country!

Towards that end, I've collected full text examples of many of these phish, with links to the University web pages where there students have been warned. Hopefully we can start warning people of national on-going campaigns like this BEFORE they are victimized!

While I was reviewing University Phish for this project, I was especially impressed with the phishing details shared at University of Michigan (Go Blue!) and University of Pennsvylvania. Both are great examples of giving students enough details to understand the scope of the risk at hand.

January 2014 Library Account phish


January 9, 2014 - George Washington University
Subject: Library Account
Dear User,

Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once! To reactivate your account, simply visit the following page and login with your university account. After logging in, your account is reactivated and it will redirect you to your Library Account.

February Library Account phish


February 21, 2014 - Flinders University
Have you received an email asking you to “validate” your Library Account? This email is attempting to steal Flinders user credentials and is not legitimate.

Don’t follow the links in the email, just delete it. The library will never ask you to login to verify your details or activate your account.

May Library Account phish


May 23, 2014 - Lehigh University

June Library Account phish


June 26, 2014 - University of Minnesota
From: Library
Date: Thu, Jun 26, 2014 at 8:47 AM
Subject: Library Account
To:
Dear User,
Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!

To reactivate your account, simply visit the following page and login wilth your library account.

Login Page:
xxxxxxxxxxxxxxxxxx
Sincerely,
University of Minnesota Libraries
499 Wilson Library
309 19th Avenue South
Minneapolis, Minnesota 55455
(612) 624-3321 (voice)
(612) 626-9353 (fax)

September Library Account phish


September 10, 2014 - University of Pennsylvania
From: Jonathan Heller < jheller@pobox.supenn.edu > 
Subject: Library Account Access 
Date: Wed, Sep 10, 2014 2:11 PM 

Dear User, 
Your access to your library account is expiring soon and it won't be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

(LINK REMOVED)

If you are not able to login, please contact Library Services Manager at jheller@pobox.upenn.edu .


Sincerely, 
Jonathan Heller 
Library Services Manager 
Access & Delivery Services 
Penn Libraries 
University of Pennsylvania 
(215) 898-8956 
jheller@pobox.upenn.edu 

September 17, 2014 - University of North Carolina Health Sciences Library
Alert: Phishing Emails Impersonate UNC Library

Some members of the UNC community have received false emails that appear to be from the Library.

These emails state that “access to your library account is expiring soon and it won’t be accessible for you.” The email directs the recipient to a link that appears to be from the Library.

October Library Account Phish


October 8, 2014 - UC Denver's Auraria Library
October 9, 2014 - University of Colorado Health Sciences Library
The University has been recently subjected to a phishing attack. The subject line of these new phishing messages is “Library Account Access”. These emails are designed to appear as if they are coming from the library concerning a library account activation. The phishing emails also contain links to malicious web sites that ask for your University information (Name and student/employee ID).


October 10, 2014 - Miami University of Ohio
    From: XXX XXX [mailto:xxxxxxxx@miamioh.edu]
    Sent: Friday, October 10, 2014 12:45 PM
    To: xxxxxxxx@miamioh.edu
    Subject: Library Account Access

    Dear User,

Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

(LINK)

If you are not able to login, please contact Library Services Manager at xxxxxxxx@miamioh.edu.


    Sincerely,
    
    Alison Withers
    Library Services Manager
    Access and Delivery Services
    University Library
    Miami University
    513-529-2938
 

October 30, 2014 - Virginia Commonwealth University
To:
From: Access Services Manager 
Date: 10/30/2014 11:54AM
Subject: Library Account Access

Dear User,
Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library account.

(Link redacted, actual link goes to login.vcu.edu.cavc.tk)

If you are not able to login, please contact Library Services Manager at kbonis@vcu.edu.


Sincerely,

Kerry Bonis
Library Services Manager
Access & Delivery Services
Main Library
Virginia Commonwealth University
(804) 827-3968

November Library Account phish


November 13, 2014 - Illinois Institute of Technology
IIT faculty, staff and students may have received an email to “All Members of the University of Illinois” notifying you about a new library system that requires you to activate a new library account. Do not respond to this email. It is a phishing attempt to collect IIT campus-wide ID numbers (CWIDs).

Library users affiliated with Illinois Tech gain access to subscription databases when off-campus by entering their CWID. Releasing that information to a third-party may result in access to our databases being limited or cut off. You can always safely access the library website by using the IIT Portal links, or going directly to the library website. If you believe your CWID has been compromised, please contact the OTS support desk.


November 17, 2014 - Southern Methodist University
Sample Phishing Email

Subject: Library Account Access
Sender: Jane Sippell 

Dear User,
Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

Note – this link appears in the email:

https://libcat.smu.edu/cgi_bin/ldapauth.cgi_loginType=E25JFHNfCD7…

The actual destination does not point to the SMU library catalog but to a web address at http://libcat.smu.edu.cvre.tk

http://libcat.smu.edu.cvre.tk/cgi_bin/ldapauth.cgi_loginType=E25JFHNfCD7v…

If you are not able to login, please contact Access Services Manager at jsippell@smu.edu.


Sincerely,

Jane Sippell
Access Services Manager
Access & Delivery Services
Central University Libraries
Southern Methodist University
(214) 919-5931
jsippell@smu.edu
November 17, 2014 - University of Arizona
From: library (EMAIL ADDRESS REMOVED)
Subject: Library account
Date: November 17, 2014 at 8:46:39 AM MST
Reply-To: (EMAIL ADDRESS REMOVED)

Dear User,
Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!

To reactivate your account, simply visit the following page and login with your library account.

Login Page:

(URL REMOVED)

Sincerely,

The University of Arizona Libraries
(ADDRESS, PHONE NUMBER AND URL REMOVED)


November 18, 2014 - Washington University in St. Louis
Dear User,

Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to this service. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

(LINK)

If you are not able to login, please contact Access Services Manager at *********@wustl.edu.

Sincerely,


November 19, 2014 - Ball State University Library
University Libraries was alerted that some members of the Ball State community received an email message stating their library account was soon to expire. The email said to reactivate the account by clicking on a web address included in the message. This was a phishing scam and the campus Office of Information Security took steps block access to the phony site.

December Library Account Phish


December 1, 2014 - Harvard University
December 1, 2014 - McGill University (Canada)
    From: Library  
    Subject: Library Account
    Sent: Monday, December 01, 2014 8:49 AM
    To: 

    Dear User,
    Your library account has expired, therefore you must reactivate 
    it immediately or it will be closed automatically. If you intend 
    to use this service in the future, you must take action at once!

    To reactivate your account, simply visit the following page 
    and login with your library account.

    Login Page:

    Sincerely,

    McGill Library
    McLennan Library Building
    3459 rue McTavish
    Montreal, Quebec
    H3A 0C9
 
December 1, 2014 - Cornell University
Subject: Library Account
Date: December 1, 2014

Dear User,

Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once! To reactivate your account, simply visit the following page and login with your library account.

Login Page:
(BAD LINK)

Sincerely,

Cornell University Library, Ithaca, NY 14853 | (607) 255-4144


December 3, 2014 - University of Tennessee Knoxville
Dear User,

Your library account has expired, therefore you must reactivate it immediately or it will be closed automatically. If you intend to use this service in the future, you must take action at once!

To reactivate your account, simply visit the following page and login with your library account.

Login Page:

http://www.lib.utk.edu/reactivation?service

Sincerely,


    University of Tennessee
    University Libraries
    Email: library@utk.edu
    Tel: (865) 974-4351
 

December 15, 2014 - California State University Long Beach
December 18, 19, 20, 2014 - University of Michigan - (Hail to the Victors! Go Blue! WELCOME COACH HARBAUGH! Watched you play in 1985 while I was a Wolverine myself!!!) (oops) (blush)
Date: Thursday, December 18, 2014
Subject: Library Account Access

Dear User,

Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to the library services. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

[LINK REMOVED]

If you are not able to login, please contact [LINK REMOVED] for immediate assistance.

Sincerely,


Access Services Manager
University of Michigan Library
(734) 936-2921
[LINK REMOVED]
Date: Friday, December 19, 2014
Subject: U-M library System Problem
Dear [Your Name],

You are receiving this message because your login and off-campus access may have been compromised.

Your access will be inactive in 3 days. Because of some security problems, we decided to make some changes (Upgrade) and this is due to the implementation of a new version of Central Authentication System(CAS) and Umich WebLogin.
This means while you are off-campus or on-campus you will have no access to library's internal web services.

You can activate it by going again simply login to University of Michigan Library Weblogin System with your U-M LoginID and reactive your access.
Offer that Logout your account and close your browser.

Please note: If you get an Authentication Error ,just try 2 times to login again. Because System will automatically block your IP and Account and you should contact Systems Help Desk to Unlock.

University of Michigan Library
818 Hatcher Graduate Library South
913 S. University Avenue
Ann Arbor, MI 48109-1190
(734) 764-0400
[LINK REMOVED]
Date: Friday, December 19, 2014
Subject: ADMIN

Dear Web-mail Account User,

Your e-mail Account have Exceed the 20 GB e-mail Storage Set-Up by your Service Provider/Admin. You have to contact your Service Provider on Help Desk Support Portal below in less than 48 hours to avoid Suspension of your Web-mail Account if you dont Verify your e-mail account. To keep your Account Safe, Kindly Click the Help Desk Support Blue Portal below:

umich.edu-helpdesk [LINK REMOVED]

SERVICE DESK - IT HELP DESK
©COPYRIGHT 2014 WEB-TEAM. ALL RIGHT RESERVED.

December 23, 2014 - Wake Forest University
Dear User,

Your access to your library account is expiring soon and it won’t be accessible for you. You must reactivate your account in order to continue to have access to the library services. For this purpose, click the web address below or copy and paste it into your web browser. After logging in, your access is reactivated and you will be redirected to your library profile.

(LINK)

If you are not able to login, please contact James Hart at hartja@wfu.edu for immediate assistance.

Sincerely,

James Hart
Access Services
ZSR Library
Wake Forest University
336-758-4967
hartja@wfu.edu

December 23, 2014 - UAB Library