Tag Archive for Joey Hernandez

Data Breaches and Online Profiles: a brief connection

In the United States there are efforts to pass comprehensive cybersecurity legislation that includes identity theft protection. This will not be an easy effort because while the cybersecurity community at large believes we need to protect user information, both the user and applications they chose to use do not have information protection at as their priority. From the JP Morgan breach to Target and now the discovery of a possible compromise of more than 80 Million records from insurance underwriter Anthem’s databases – we have no clue on how to tackle this epidemic.

The president stated “no foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families.” Yet on the social side of information users want to be able to have their products, promotions, videos, and blogs, readily available to audiences around the world. There is a connection. We have given those wishing to attack us the resources to become a threat.

We paint a picture of our attribution in our online personas almost down to where we sleep, eat lunch, our favorite sports team and wonder how they crack our passwords – to steal other information.

KAPTOXA POS and the PCI-DSS Recipe for Target Breach

You might not know KAPTOXA (KAR-TOE-SHA) According to an article in Business Insider there is belief that the recent breaches that have occurred for Target, Neimen Marcus and a host of other retail service stores is based on the work of a teenager from Russia. Intel Crawler an intelligence aggregator and cyber security firm. Pulled data from multiple underground and networked security contacts to create the picture. According to their findings the toolkit is more than 40 builds deep. What this effectively means to the community at large is that there are 40 variations of the tool in existence today. Unlike normal software development where software is revised according to quality of service improvements. Malicious code creators make their revision as they tailor the toolset to a specific target. No pun intended.

Additionally there are some key indicators that are coming about as part of this discovery. As always, the low hanging fruit for mitigation can be blocking of domains associated as part of the callbacks for the malware. Callbacks can be explained as the command and control location where either data is wrapped and sent back for external use, and also the C2 is the sites that may be created to established communications for future efforts of data manipulation.
Initial reverse engineering analysis of the malware indicates that at least one of the variants being used has the capability to run on standalone systems. Although, nobody is pointing any fingers out loud at this time tools that are run on standalone systems are often injected in 1 of two ways 1. Malicious Insider Threat, Or 2. Stupid Users. However, the complexity of the file and its intent would leave me not believing this is accidental.
My additional cyber insight is the belief that the compliance measures that have been made over the last 8 years may have also been a very crucial piece as to why these breaches were so successful. Having been a Policy writer for some time now I know there are key missing links between Information Assurance and ICT security. Further, it has to be understood that written policy sometimes becomes the reversal recipe that an actor will use to employ their circumventing mechanisms. In addition, the actors will often only employ the “one up method” as is the case specifically with the payment card industry’s security guidance PCI-DSS .  A few examples that were revealed rather quickly. 1. The requirement not to use vendor supplied password such as the password POS, or vendor system name.. and the organizations used POS1, and vendor name1.  Another requirement was to encrypt transmission of cardholder data across open, public networks…. But that doesn’t mean the network inside my WAN.. or does it? and one final one that continues to be the the demise of proactive security and defense is the requirement to maintain a policy that addresses information security for employees and contractors. This is not CND this is CYA, and it will fail you. It is time the retail industry starts participating in FS-ISAC exercises and not only installing sensors, but monitor those sensors.

Link Details: http://intelcrawler.com/about/press08


Web Defacement & Gang Graffiti

As an instructor for Iowa Central Community College’s Criminal Justice Program, Joey Hernandez worked to develop future Law Enforcement personnel by integrating their background in standard law enforcement to  criminal activity on the web. Hernandez strived to make all lesson interactive.

Follow along in the podcast and presentation to see how the inter-workings of Gang Graffiti & Web Defacement are directly integrated.

View the presentation: Web Defacement & Gang Graffiti

Search These Terms To Interact   (At Your Own Risk):

/#Own3d By <<Root.Dark.Team>>

Text Snippet Example:

• @xllLinuxeroDeatllx
• @Mantr@x
• @Br4nd
• @Pr4X!
• @ThopJuliet(Cloud)
• @Shell|Black
• @Maximus Well
• @NodSprut
Notice the common members throughout and with
each of defacement an additional member is added.


Typosquatting – Cyber Squatting (PDF and Podcast Available)

Follow Along Briefing With Podcast  TYPOSQUATTING_Joey_Hernandez

Similar To Domain Squatting
–Targets BRAND NAME domains
–Relies on typographical errors made by direct input URLs
–Often involved with illegal activity
–Also used for FINANCIAL gain
• According to Brandjacking Index, the risk of brand misuse worldwide is the highest in US, Germany and UK.
–59%+ all websites using brand names for illegal purposes originate from these three countries.
• Organization Focused on defeating these efforts

•Condition: Users continue to manually type URLs
•The possibility of suffering “harm” is HIGH
•Consequences: Cisco Global Threat Report 4Q10
–The rate of web malware encounters peaked in October 2010, at 250 average encounters per enterprise for the month
–Web malware grew by 139 percent in 2010 compared to 2009
–Malware continues to evolve
–Economic Hardship brings out “The Best”
–Users: “They Still Fall For Phishing Email”
–Cyber Espionage
–Mobile Devices “Those keys are too Small”

Joey Hernandez CISM C|CISO CISSP Introduction

Joey Hernandez makes a quick cast concerning his background to get this Cyber Security Podcast series kicked off. The very first