Josh Moulin: How Your Computer Can Be a Threat to National Security

Josh Moulin,

 

Cyber attacks and warfare are among the greatest threats to the United States.  The federal government and private industry spend billions of dollars every year in people and technology to defend critical systems and data.  Our cyber defenders must stop the threat every time an intrusion attempt is made, but our adversaries only have to get it right once.  Daily media reports of cyber breaches, loss of personal information, disclosure of classified information, and state-sponsored advanced persistent threats (APTs) fill the headlines.

 

Image courtesy of TrendMicro

Government agencies and the private sector are attacked literally every hour of every day by unskilled hackers trying for any vulnerability they can find.  The real concerns however, are organized crime rings and foreign countries that have armies of highly skilled attackers with the financial backing and patience to get into networks and stay inside once they have created an opening.  These organizations will pay developers thousands of dollars to create custom malware, often referred to as “zero day” attacks that will slip past network security defense-in-depth systems and exploit computers because security systems haven’t seen this new threat before and don’t know to stop it.

A common tactic used by attackers is to obfuscate their Internet Protocol (IP) address, making it more difficult to trace illegal activity and to put blocks in place on network devices such as firewalls or routers.  One way this obfuscation occurs is when an attacker hijacks another computer and then uses the hijacked computer to do their criminal activity.  These hijacked computers are often referred to as “jump points.”  When an attacker uses a jump point to do their hacking, it will make it look like the jump point was the source of the attack.

When I was in law enforcement I investigated a case just like what was described above.  An organized crime ring found a vulnerable computer in the Pacific Northwest that they exploited and took control over, making it their jump point.  The attacker then used this jump point to exploit another computer that belonged to an employee of a medical facility.  Once the medical center computer was compromised, the attacker proceeded to obtain the credentials necessary to drain tens of thousands of dollars from the medical center’s bank account.

During the investigation, an IP address was identified as the source of this attack.  I obtained a subpoena for the Internet Service Provider (ISP), which held that IP address and discovered it was assigned to an elderly couple in a nearby state at the time of this attack.  A search warrant was obtained for their residence and law enforcement seized their computer and sent it to us for analysis.  In short, we discovered that this unfortunate elderly couple had nothing to do with this attack except for providing a high-speed Internet connection and vulnerable computer to the attacker.  We were never able to identify the attacker in this case.

 

Image courtesy of techweekeurpose.co.uk

The case highlighted above is financially motivated, but it could have easily been an attacker using this jump point to hack into national security information or the energy infrastructure.  There are some easy steps any computer owner can take to harden themselves against becoming an accomplice to a cyber-terrorist.   Some of the steps computer users can do to protect themselves and the country include:

  1. Always have anti-virus software installed and updated daily with the latest definitions.
  2. Install operating system security patches and updates.
  3. Keep third-party software applications updated.
  4. If using WiFi at home, ensure it is protected with encryption and consider other steps such as MAC address filtering and hiding the SSID.
  5. Turn off your computer and/or Internet connection if away for an extended amount of time.
  6. Use a firewall (software or hardware).
  7. Don’t click on links embedded in email messages when they are suspicious or untrusted.
  8. Use tough passwords and don’t re-use passwords (e.g., don’t use the same password to login to your computer as you do for your email and Internet banking).
  9. Use encryption on all your devices when available.

Everyone should practice these and other information security steps to protect themselves from becoming a victim of identity theft, financial fraud, forgery, and other criminal activity.  By reducing the number of exploitable computers within the United States it protects our citizens and our nation from this type of cyber attack.

*     *     *

Josh Moulin has a long history of public service, beginning in 1993 as a Firefighter and EMT. After eight years of working assignments including; suppression, prevention, training, and transport ambulance, Josh left the fire service with the rank of Lieutenant when he was hired as a police officer.

Josh spent the next eleven years in law enforcement working various assignments. Josh worked as a patrol officer, field training officer, arson investigator, detective, forensic computer examiner, sergeant, lieutenant, and task force commander.

The last seven years of Josh’s law enforcement career was spent as the commander of a regional, multi-jurisdictional, federal cyber crime task force. Josh oversaw cyber crime investigations and digital forensic examinations for over 50 local, state, and federal law enforcement agencies. Under Josh’s leadership, the forensics lab was accredited by the American Society of Crime Lab Directors / Laboratory Accreditation Board (ASCLD/LAB) in 2009.

Josh has been recognized as a national expert in the field of digital evidence and cyber crime and speaks across the nation on various topics. He has testified as an expert witness in digital forensics and cyber crime in both state and federal court on several occasions. He also holds a variety of digital forensic and law enforcement certifications, has an associate’s degree and graduated summa cum laude with his bachelor’s degree.

In 2012 Josh left law enforcement to pursue a fulltime career in cyber security, incident response, and forensics supporting a national security federal agency. Josh now leads the Monitor and Control Team of a Cyber Security Office and his team is responsible for daily cyber security operations such as; incident response, digital forensics, network monitoring, and log analysis. Josh also holds an active Top Secret security clearance.

Josh is happy to answer questions for authors and can be contacted at:

Website: http://JoshMoulin.com

LinkedIn: http://www.linkedin.com/in/joshmoulin

Twitter: https://twitter.com/JoshMoulin

Facebook: http://www.facebook.com/joshmoulincom

Google+: https://plus.google.com/u/0/b/103854822765147479965/103854822765147479965/posts

YouTube: http://www.youtube.com/user/JoshMoulin

 

background: #bd081c no-repeat scroll 3px 50% / 14px 14px; position: absolute; opacity: 1; z-index: 8675309; display: none; cursor: pointer; top: 188px; left: 333px;”>Save

4 replies
  1. Josh Moulin
    Josh Moulin says:

    Kathy,

    I have seen this happen personally and usually the culprit is unsecure wireless. For example, a person leaves their WiFi router open, not requiring a password to access the Internet. When the sex offender neighbor decides to look for open WiFi, they connect to the victim’s wireless router and starts to download their child pornography. Once this happens, all the police will see is the unsuspecting person’s IP address associated with the illegal activity, not the bad guy neighbor (or war-driver sitting in front of your house). What should have happened is the FBI conducts a quick forensic preview, determines there is nothing illegal on the computer, returns all of the equipment, and gives your family a little lesson on how to secure their equipment.

  2. Kathy Crouch
    Kathy Crouch says:

    My nephew and his wife were hacked through their Internet provider. The FBI showed up at their door and confiscated their computers saying they had child porn on them. Turned out they didn’t, wouldn’t dream of it with two small children. Someone had used their ISP. It upset them and cost his wife her job.

  3. Josh Moulin
    Josh Moulin says:

    Hi Pat…I’m impressed, not too many users out there on a Linux machine. Yes, Linux is generally considered more secure than say…Windows. There are several reasons for this including; Linux users are generally more sophisticated and security conscious, choosing good habits like strong passwords, there are less exploits available for Linux than Windows, there are less Linux machines being used on the Internet, so writing malware for them is not as effective, software written for Linux is usually more secure (like not running as root), Linux is more secure because of how it deals with running services and open ports, and Linux exploits tend to be identified and patched much faster than other operating systems.

    The number of exploits and malware is a big reason why Linux is more secure and this is why Macs are more secure. Nothing is immune, but if a hacker is going to spend the time to write malicious code to do something like steal information than why not target the most prevalent operating system (OS) available?

    Most of the intrusion cases I have investigated involving Linux machines were servers offering up some public facing service like a web server, email server, file server, etc. and the application was attacked (like Apache for example).

    I hope this helps, thanks for the question!

  4. Pat Brown
    Pat Brown says:

    I had always heard jump points referred to as zombie machines.

    I use a Linux machine with a strong password and understand they’re hard to hack. Is this true?

Comments are closed.