Host: Dr. Stephen D. Bryen
Sponsor: SDB Partners LLC (www.sdb-partners.com) “Powerful Access to Hard Markets”
Cyber attacks, Spear Phishing, and InfraGard
Cyber attacks on computers have grown exponentially. The cyber crime trade has become increasingly refined, leveraging ingenuous and constantly evolving malicious software (or malware) with tens of thousands of silently infected computers to hide tracks and steal credentials, like credit card data and passwords, from millions of unsuspecting individuals.
According to Paul Joyal who is Managing Director for Public Safety and Homeland Security at National Strategies based in Washington DC, cyber crime has become one of the world economy’s largest growth sectors—Russian, Chinese, and Israeli gangs are now joined by upstarts from Brazil, Thailand, and Nigeria— all of whom recognize that in the globally connected world, cyberspace offers stealthy and instant means for enrichment.
Illustration 1: Paul Joyal, National Board Member, FBI InfraGard
A recent study by Bell Canada suggests that CA$100 billion ($103.4 billion US) out of $174 billion (179.94 billion US) of revenue transiting Canada’s telecommunications infrastructure is “at risk.” Bell Canada also measured over 80,000 “zero day” attacks per day targeting computers on its network—meaning, attacks that are so new the security companies have yet to register them.
Paul Joyal says that cyber crime has been enhanced by the rapid growth of social media such as Facebook and LinkedIn. Cyber criminals use the social media to learn about their targets and the friends of the targets. It gives them a way to go “phishing” and even more relevantly “spear phishing.” The difference is that “spear phishing” takes aim either at high net worth people or individuals connected to key industries sought by cyber criminals and their government sponsors. “Spear phishing” involves disguising emails and other contacts to look like or appear like a friend or associate, thereby opening the users computer and computer connections to invasive malware that can be used to steal data and information. Paul Joyal points out that sometimes “spear phishing” even involves creating fake personalities who “live” on the Internet and on places such as Facebook and LinkedIn. There are known cases, too, where identities have been pilfered and used by cyber criminals and others misrepresenting themselves. An example of expropriation very recently was the fake Syrian lesbian blogger who appropriated a woman’s photo from Facebook but who actually was an American man living in Scotland. Such techniques have been used to penetrate banking networks, critical infrastructure facilities, and defense companies such as Lockheed Martin. According to Joyal, the Lockheed attack involved the theft of at least a terabyte of information on Lockheed’s stealth Joint Strike fighter (F-35) program.
Technical means alone will not stop cyber attacks, particularly sophisticated attacks built around a strong intelligence gathering network.
Paul Joyal strongly believes that users, especially those in sensitive industries, need to be educated to the threat. Joyal now serves on the Board of Directors of InfraGard. InfraGard is a partnership between the Federal Bureau of Investigation and the private sector. InfraGard is an association of businesses, academic institutions, state and local law enforcement agencies, and other participants dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard Chapters are geographically linked with FBI Field Office territories.Each InfraGard Chapter has an FBI Special Agent Coordinator assigned to it, and the FBI Coordinator works closely with Supervisory Special Agent Program Managers in the Cyber Division at FBI Headquarters in Washington, D.C.
The public private partnership of InfraGard supports information sharing at national and local levels and its objectives are as follows:
- Increase the level of information and reporting between InfraGard members and the FBI on matters related to counter terrorism, cyber crime and other major crime programs.
- Increase interaction and information sharing among InfraGard members and the FBI regarding threats to the critical infrastructures, vulnerabilities, and interdependencies.
- Provide members value-added threat advisories, alerts, and warnings.
- Promote effective liaison with local, state and federal agencies, to include the Department of Homeland Security.
- Provide members a forum for education and training on counter terrorism, counterintelligence cyber crime and other matters relevant to informed reporting of potential crimes and attacks on the nation and U.S. interests.
Membership in InfraGard is free.
The benefits of joining InfraGard include:
- Network with representatives from other companies that help maintain our national infrastructure. Quick Fact: 350 of our nation’s Fortune 500 have a representative in InfraGard.
- Gain access to an FBI secure communication network complete with VPN encrypted website, webmail, listservs, message boards and much more.
- Learn time-sensitive, infrastructure related security information from government sources such as the FBI and DHS..
- Get invitations and discounts to important training seminars and conferences.
- Best of all, there is no cost to join InfraGard.
All persons who apply to join InfraGard are vetted by the FBI.
Paul Joyal believes that education and continuous updates on the threat are a very important tool in countering the threat of cyber crime and cyber terrorism. Obviously, for critical infrastructure protection, it is important for all Americans involved in these organizations and operations can receive constant training and updated information. In this sense InfraGard is an important initiative that deserves support and encouragement.