Biometric data including facial recognition is being scooped up by companies including Facebook and Google.  Although this technology is not new, since Casino operators have long used software to try to identify card cheats, it is becoming widespread and far more accurate due to advances in software, hardware, and higher quality, less expensive cameras.

There are two predominant approaches to facial recognition.  One is geometric, which is based on the distances and facial features, such as the distance between eyes.  This is known as “feature based” facial recognition.  Then there is “photometric” which is a “view based” facial recognition system.  Photometric facial recognition relies on reflected light from different facial features as captured by camera and cataloged by computer systems.

Disadvantages of facial recognition systems are that they require high quality cameras and good lighting for the most part.  They can be easily avoided by disguises and cosmetic makeup.  FedTech recognizes four limitations of facial recognition, being:

1.   Image quality
   2. Image size
   3. Face angle
   4. Processing and storage

Facial recognition is being used by law enforcement to track the movements of suspects on watchlists in public places including airports and has been used to years by the gaming industry to identify card counters and other undesirable customers in casinos.  Facebook is using facial recognition in photographs to identify Facebook members to make it easier to “tag” friends in posted photos.

Facebook explains that they “currently use facial recognition software that uses an algorithm to calculate a unique number (“template”) based on someone’s facial features, like the distance between the eyes, nose and ears. This template is based on your profile pictures and photos you’ve been tagged in on Facebook. We use these templates to help you tag photos by suggesting tags of your friends.”  The Washington Post reported that the Facebook facial recognition software is 97.25% accurate.

References:

Limitations of Facial Recognition Technology. (2013, Nov. 22). Retrieved July 30, 2017, from http://www.fedtechmagazine.com/article/2013/11/4-limitations-facial-recognition-technology

Facebook. (2017). How does Facebook suggest tags? Retrieved July 30^th, 2017 from https://www.facebook.com/help/122175507864081

What happens when facial recognition tools are available to everyone. (n.d.). Retrieved May 20, 2016, from https://www.washingtonpost.com/news/innovations/wp/2015/12/23/what-happens-when-facial-recognition-tools-are-available-to-everyone/

You may remember the big crack down on the Silk Road marketplace on the so-called dark web a couple of years ago (Meisner, 2015).  This did not shut down the buying and selling of drugs, stolen credit cards and other items.

The dark web continues to be a place where people can meet to buy and sell under the radar of law enforcement, however law enforcement caught up to a couple of big marketplaces the other day.

This activity continues on the dark web as witnessed by the latest bust of drug bazaars AlphaBay and Hansa Market by U.S. and international law enforcement.  Krebs of Security reports that Dutch investigators took control of Hansa on June 20^th (Krebs, 2017).  Brian Krebs reports that AlphaBay and Hansa Market sold a range of black market goods on the dark web, but “especially controlled substances like heroin.”

Krebs wrote that the U.S. Justice Department stated that AlphaBay alone had around 40,000 vendors and around 250,000 listings of illegal drugs.  It was reported that 122 vendors were selling Fentanyl, the dangerous synthetic opioid responsible for many opioid-related deaths in the U.S.

Sources:

Meisner, J. (2015, May 29). Biggest dealer on underground Silk Road given 10 years in prison. Retrieved July 23, 2017, from http://www.chicagotribune.com/news/local/breaking/ct-silk-road-drug-trafficking-met-20150528-story.html

Krebs, B. (2017, July 20). Krebs on Security. Retrieved July 23, 2017, from https://krebsonsecurity.com/2017/07/exclusive-dutch-cops-on-alphabay-refugees/

In looking for good online cybersecurity sources, previously I wrote about the importance of finding credible sources and credible information.  I wrote about using the CARS checklist for evaluating sources for Credibility, Accuracy, Reasonableness, and Support.  I will post the CARS criteria here again, for convenience:

• Credibility

trustworthy source, author’s credentials, evidence of quality control, known or respected authority, organizational support. Goal: an authoritative source, a source that supplies some good evidence that allows you to trust it.

• Accuracy

up to date, factual, detailed, exact, comprehensive, audience and purpose reflect intentions of completeness and accuracy. Goal: a source that is correct today (not yesterday), a source that gives the whole truth.

• Reasonableness

fair, balanced, objective, reasoned, no conflict of interest, absence of fallacies or slanted tone. Goal: a source that engages the subject thoughtfully and reasonably, concerned with the truth.

• Support

listed sources, contact information, available corroboration, claims supported, documentation supplied. Goal: a source that provides convincing evidence for the claims made, a source you can triangulate (find at least two other sources that support it).

In my previous post on cybersecurity sources of information, I listed some good, reputable sources.  Please reference my CYBR650, Week 2 post for those.  I also wanted to add some others that you might find useful.

Schneier on Security  – Bruce Schneier is an internationally renowned security technologist, called a “security guru” by The Economist. He is also the author of 13 books.

Dark Reading – Christina Chipurici at Heimdal Security says Dark Reading is a widely-read cyber security site that addresses professionals from the IT environment, security researchers and technology specialists. They use their experience and knowledge to provide articles, recommendations, news and information on IT security.

CIO Magazine – a venerable favorite for IT news, insight and analysis.  CIO has a section devoted to cybersecurity.

InfoSecurity Magazine – an online magazine covering cybersecurity and security strategy.

References:

CARS Checklist (n.d.).  CIS 629, Managing Emerging Technologies, Bellevue University.

Harris, R. (2015, January). Evaluating Internet Research Sources. Retrieved June 18, 2017, from http://www.virtualsalt.com/evalu8it.htm

Chipurici, C. (2017, January 06). 50 Amazing Internet Security Blogs You Should Be Following [Updated]. Retrieved July 14, 2017, from https://heimdalsecurity.com/blog/best-internet-security-blogs/

The purpose of this blog is to write about information security or cybersecurity issues that small to medium sized organizations face.  Often the cybersecurity issues written about in the media pertain to large data breaches and other widespread cybersecurity issues.  Small to medium sized organizations often don’t feel like these issues pertain to them and sometimes think that bad actors and cyber criminals are uninterested in them.

The organizations often do not employ full-time IT staff and likely do not have a cybersecurity professional on staff or even in a consultative role.

I provide managed IT services to small to medium sized organizations.  I serve as the part time CIO to smaller organizations and am also a technical account manager and project manager.  Most of these small to midsized organizations outsource some or all of their IT functions to companies like mine.  Some organizations may employ an IT generalist or have someone who can handle many daily IT issues, but we are able to provide the specialized, experienced professionals as needed for projects or difficult issues while remotely monitoring our client’s networks, servers, and other systems.

This blog is not limited to discussions about small to medium sized organizations however.  I may write about any current cybersecurity or IT topic that I find interesting or relevant.

As I posted last week, the Petya ransomware attack might have been more of a disruptive or damage inflicting attack than having the ransom motive.

The Petya or NonPetya (as some researchers claim) malware attack was propagated using vulnerabilities in the SMB v1 (Server Message Block) protocol.  This is another good reason to not use operating systems that are past their end of lifecycle or “sunsetted.”

When an operating system is supported, vulnerabilities are often discovered and the operating system’s vendor then creates a patch or a “fix” for the vulnerability.  After support ends, as it has for Windows XP and Windows Server 2003, no patches or fixes would be expected to be forthcoming when additional vulnerabilities are discovered.  These leave the users of those systems possibly at perpetual risk until they decide to update their systems.

The Petya ransomware propagates itself through remote code execution by using a vulnerability in SMB v1.0.  Server Message Block v1 has been a deprecated protocol for years.  Microsoft recommends that you disable the SMBv1 protocol completely.  This is another good reason to not have XP or Server 2003 still in an environment since those OS’s rely on SMB v1.  Also, some older scanner/printers rely on SMBv1 for their “Scan To” feature, so some newer servers might have it turned on and could be vulnerable.

Microsoft Security Bulletin MS17-010 has an explanation and links to patches for various Windows versions:

https://technet.microsoft.com/en-us/library/security/ms17-010.aspx

References:

Krebs, B. (2017, June 27). Krebs on Security. Retrieved June 30, 2017, from https://krebsonsecurity.com/2017/06/petya-ransomware-outbreak-goes-global/#more-39734

Mackie, K. (2017, June 28). New Petya Ransomware Outbreak Tapping SMB 1 Windows Flaw. Retrieved July 09, 2017, from https://redmondmag.com/articles/2017/06/27/petya-ransomware-outbreak.aspx

Ransomware has been successful because of its business model.  If one gets infected and their files get encrypted, by paying the ransom, the person with the infected computer usually gets their files back.

The latest wave of malware that worked its way across the globe last week, seems to be something different.  On the surface it appeared to be ransomware, but it reportedly encrypts the entire hard drive, maybe just deleting the data.  It isn’t fully clear yet.

It was also reported that the email address to pay the ransom was quickly turned off, leaving no avenue for the transaction.  Researchers are still questioning the motives of this latest attack.  Some researchers have speculated that the attack was more about causing disruption than about the traditional ransomware motive of getting paid.

Reference:

Washington Post Editorial Board (2017, July 01). A cyberattack swept across the globe last week. We should be ready for more. Retrieved July 02, 2017, from https://www.washingtonpost.com/opinions/a-cyberattack-swept-across-the-globe-last-week-we-should-be-ready-for-more/2017/06/30/1d697c88-5c2f-11e7-a9f6-7c3296387341_story.html?utm_term=.9369cc6ad829&wpisrc=nl_rainbow&wpmm=1