PolitiHack, Or How I Learned to Stop Worrying About Russians Influencing the US Election and Learned to Love CybersecurityDecember 23, 2016 at 4:12 pm | Posted in cybersecurity, Knowledge | 2 Comments
Tags: attacker, casp, ceh, cfr, CISSP, cozy bear, cybersecurity, DNC, fancy bear, fbi, GSEC, guccifer 2.0, Hackers, Russia, Security+
Hackitivism and cyberespionage are certainly nothing new, especially emanating from Russia. But the 2016 US presidential election was a swift education for Americans and the watching world regarding the widespread consequences of a successful APT (advanced persistent threat). A joint statement issued by the Department of Homeland Security and the Office of the Director of National Intelligence on Election Security stated that the “U.S. Intelligence Community (USIC) is confident that the Russian Government directed the recent compromises of e-mails from US persons and institutions, including from US political organizations” (emphasis ours).
Thanks to the detailed reporting from the New York Times, the fog of war is beginning to clear and the full extent of the cyberattack has become clear. And what is increasingly apparent is that at every stage, cybersecurity training could have significantly mitigated or (perhaps) even prevented portions of the attack altogether.
Enter the low-rung MIS contractor hired by the DNC — Yared Tamene. He claims no cybersecurity expertise, much less any cybersecurity-related certification like GSEC, CASP, CISSP, CEH or CFR. So it’s hardly appropriate to assign him the brunt of the blame. Instead, we should use his example to learn how cybersecurity knowledge and skills could have better informed the fateful decisions that he, and many others, made along the way.
In the fall of 2015, the FBI noticed some unusual outgoing network traffic from the DNC network, suggesting that at least one computer was compromised. The early forensics linked the compromise to a known Russian cyberespionage group going by the moniker “the Dukes” (AKA “Cozy Bear” and “APT29”) , who had in just the last few years, penetrated the White House, State Department and Joint Chiefs of Staff email systems. A special agent picked up the phone, called Tamene, and told him what they knew.
Before we even get to Tamene’s response, any trained cybersecurity first responder knows why the FBI called via phone rather than emailing their dire message. Communication protocol during a security incident should be out-of-band, meaning outside of the primary communication channels (primarily network where the attacker could be listening). Ironically, Tamene was convinced that the FBI call was a hoax, and after repeated calls over the new few months, he ignored the urgency. In November, the FBI even confirmed with Tamene that known malware was routing data to servers located in Moscow.
Tags: cyber security, GIAC, GSEC
As reported by Stanford Journalism, the demand for infosec jobs is likely to rise 53 percent through 2018. Earning a cybersecurity certification can help qualify you for those jobs. In response to the growing demand, Transcender has added a top infosec vendor to our security exam lineup: Global Information Assurance Certification (GIAC). GIAC is an OS-neutral organization that develops highly focused security certifications, including some of the hardest and most prestigious in the field.
The GSEC: GIAC Security Essentials exam is an ANSI/ISO/IEC 17024 accredited certification and lasts for four years before the candidate must re-certify. This is an intermediate-level exam that covers a wide range of topics, from the nuts and bolts of logging and network protocols to overall risk management and security practices. You can click here for a complete list of the topics you’ll see on the GSEC exam: https://www.giac.org/certification/security-essentials-gsec
Transcender’s SecurityCert: GIAC Security Essentials (GSEC) 2016 Practice Exam is meant for candidates who want to demonstrate they are qualified for IT systems hands-on roles with respect to security tasks. To be successful, candidates need to understand information security to a practical level beyond simple terminology and concepts. Our practice test has 360 practice questions and 558 flashcards to help you prepare for the live exam, which has 180 questions and up to a 5 hour time limit.
The GSEC: GIAC exam is $1,249 (or $689 when taken with an associated SANS training course). Our practice exam formats range from $99 – $119, so we can offer you a cost-effective way to test your chops before sitting the live question bank. (If you’re new to Transcender, welcome! And be sure to review why you should read those long, boring explanations.)
-The Transcender Team