DoD

Navy Information Warfare

October 29, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
October 29, 2019

As a ten-year regular volunteer at the USO O’Hare, there’s a sly grin on my face knowing all the U.S. Navy personnel featured in this video have visited the Terminal 2 center at least once in their careers and should make every InfoSec News reader happy these men and women are learning about information warfare, cybersecurity (both offensive and defensive) and wireless networking, among other security topics, nearly two years of college training over the span of six months.

Hat tip: Soldier Systems

EC-Council Website Defaced Twice In A Weekend [Updated]

October 19, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
February 23, 2014
[Updated]

Today’s defacement of the EC-Council (the second time this weekend) by Eugene Belford (a.k.a. The Plague) threatens the compromise of the 60,000+ security professionals who currently hold CEH certifications.

Individuals who have achieved EC-Council certifications include the US Army, the FBI, Microsoft, IBM, the United Nations, National Security Agency (NSA). Also, the United States Department of Defense has included the EC-Council Certified Ethical Hacker program into its Directive 8570, making it as one of the mandatory standards to be achieved by Computer Network Defenders Service Providers (CND-SP)

In the most recent defacement, Eugene Belford has stated that “P.S It seems like lots of you are missing the point here, I’m sitting on thousands of passports belonging to LE (and .mil) officials” leading the InfoSec News staff to believe considering the mail on the defacement page is from Edward Snowden’s Yokota Air Base e-mail asking for an exam code, with a copy of his U.S. Passport and a letter from John A. Niescier, an Information Security Officer with the Department of Defense Special Representative, Japan stating that he has verified Edward J. Snowden has at least five years professional information security experience in the required domains.

Eugene Belford has potentially sixty thousand other similar statements from undercover law enforcement agents, intelligence professionals, and members of the United States Military, creating an additional quagmire and has you wondering why the EC-Council has all this personally identifiable information sitting unprotected online?

Former National Security Agency / Booz Allen Contractor Edward Snowden is an (ISC)² member.

October 19, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
July 11, 2013

On July 4th, The New York Times reported NSA contractor Edward Snowden trained and certified as a Certified Ethical Hacker by the EC-Council, a certificate which has since been rescinded by the organization. After what could be called stall tactics with myself, the (ISC)² has now confirmed that Edward Snowden is in fact currently an (ISC)² member.

While the (ISC)² staff wouldn’t go as far as to say what certification Edward Snowden holds, merely receiving a credential from (ISC)² automatically makes one a member. On Tuesday evening, an (ISC)² Member Services Advisor wouldn’t comment whether or not Edward Snowden is currently a CISSP citing “security issues are involved” and the (ISC)² privacy policy prevents them from being able to confirm his certification status or personal information”

After pointing out the (ISC)² Privacy Policy to the advisor that states “It is an implied duty that (ISC)² identify and attest to the certified status of those individuals who do possess our certification. As such, (ISC)² will verify whether an individual is certified by (ISC)² or not upon receiving sufficient identifying information regarding the subject of the inquiry.”

On late Wednesday evening, a Global Communications Manager for (ISC)² replied that “(ISC)² can verify that Edward Snowden is currently an (ISC)² member.” The Global Communications Manager for (ISC)² goes on to state that “the (ISC)² is in the business of validating the knowledge, skills, and abilities of such professionals, it cannot guarantee a member’s conduct or professional judgment. Mr. Snowden, like all other (ISC)² members around the world must do when they sit for an (ISC)² credential exam, signed an agreement to abide by the (ISC)² Code of Ethics as a condition of maintaining his (ISC)² certification.”

Like the EC-Council, the (ISC)² has an established ethics complaint procedure that is initiated when a member of the public, an employer, or an (ISC)² member submits a complaint to the (ISC)² Ethics Committee when one of their members violates the Canons of the Code of Ethics.

Protect society, the common good, necessary public trust and confidence, and the infrastructure.
Act honorably, honestly, justly, responsibly, and legally.
Provide diligent and competent service to principals.
Advance and protect the profession.

It should be pointed out that a member of the public can only complain about a breach of Canons I or II, principals (those with an employer/contractor relationship with the certificate holder) may complain about violations of Canons III, and only other professionals (those who are certified or licensed as a professional AND also subscribe to a code of ethics) may complain about violations of Canon IV.

Its entirely possible that while Edward Snowden sorts out his asylum requests until he’s formally charged by the U.S. Government, he will be still be allowed under (ISC)² membership regulations to continue practicing security in Iceland, Venezuela, or the SVR Headquarters in Yasenevo.

The (ISC)² Global Communications Manager concluded the mail stating “Mr. Snowden’s previous employers should be applauded for seeking out a certified professional to carry out their very important work. Unfortunately, in the end, no organization can completely ensure those individuals will exercise professional judgment at all times.”

(Screenshot / The Guardian)

Former NSA contractor, Edward Snowden, Now Former EC-Council (C|EH)

October 19, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
July 5, 2013

The New York Times is reporting that former National Security Agency / Booz Allen Hamilton contractor “on the lam” Edward Snowden became a Certified Ethical Hacker in 2010.

Snowden’s resume, which has not yet been made public has been described by those that have seen it, sheds new light about this “systems administrator” who morphed his skills to become an information security expert, skills that the N.S.A. and other government agencies have been very desperate to recruit.

In July 2012, General Keith Alexander, Director of the National Security Agency, gave the keynote address at DEF CON 20, the world’s longest-running and largest underground hacking conference, looking to recruit hackers like Edward Snowden to work for the N.S.A.

In 2010, Snowden attained his (C|EH) “certified ethical hacker” certificate by studying coursework that satisfied DoD Directive 8570 requirements by a company that is no stranger to controversy which has a tendency to forgo ethics and profit off plagiarized content from other sources.

EC-Council, the organization behind the (C|EH) and Certified Network Defense Architect (CNDA) has a code of honor that requires ethical hackers to keep private any confidential information that they obtain. EC-Council President, Sanjay Bavisi, told the New York Times that he was aware only of one other person who had lost his certification for making information public.

Edward Snowden’s profile will now be studied by counter-intelligence officials looking for clues about how to hire skilled hackers without endangering government secrets.

(Gen. Alexander photo by ASTCell via hackerphotos.com)

DoD Cyber Awareness training in less than three minutes

October 4, 2019 By William Knowles

By William Knowles @c4i
Senior Editor
InfoSec News
October 4, 2019

Bozhe moy! Held every October, National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry to raise awareness about the importance of cybersecurity and to ensure that all Americans have the resources they need to be safer and more secure online, yadda yadda yadda…

Let’s be honest, one month out of the year to concentrate on cybersecurity awareness is a real waste of time and resources, Every day should be National Cybersecurity Awareness Day. An informal poll of InfoSec News subscribers who have taken their annual DoD/DISA Cyber Awareness Challenge only really remember Jeff, Tina and that guy who steals your phone every year.

This slightly NSFW video covers a lot of ground in less than three minutes and might be onto something, another InfoSec News informal poll of non-cybersecurity aware people showed users were able to grasp the security concepts presented. (No idea if the low cut Russian military costume helped or hurt) Nevertheless, its free cybersecurity awareness training, Enjoy!

Bozhe moy!