An ideas site for network intelligence

Ransomware: Lurking on Defended Networks

Spiceworks post on RansomewareA post on A Spiceworks community post demonstrated that a network with at least pretty-good defenses could nonetheless infected with ransomware. It’s a sobering reminder that is best read by users responsible for patching their own machines, or by admins responsible for keeping workstations current across their network.

 

Big Data Environmental Impact Study? Case of Commuter Rail Onboard Cameras

Newspaper editorial image

MTA Onboard Camera Proposal: Editorial by Mike Barry

Whether you agree or disagree with the idea of cameras on commuter rail, it’s a fair question to speculate whether the agency overseeing the potential plan has done a thorough job of considering its implications. While this editorial by Mike Barry questions the plan’s efficacy and expense, broader questions of security, privacy and systems management should also be addressed.

The Long Island Rail Road is part of the largest commuter rail system in North America. Its public oversight is performed by the Metropolitan Transit Authority, whose officials are familiar with environmental impact studies mandated for station rennovation projects and construction efforts like the current $8B East Side Access project.

The impact of rolling out onboard cameras, depending of course on the scope and numerous other details, could be significant. Because of Big Data Variety, the cameras could be used to track individuals and employees. Using additional data from ticket machines and station surveillance cameras, the precise itineraries of some passengers could be inferred. How would individual privacy be protected? How would the huge archive of video footage be preserved, archived, protected? Who would be given access to the video streams? What training would be given to users of the data? What legacy systems would be impacted? What are the implications for passenger, employee, infrastructure forensics?

There are numerous questions like these to be considered — so many that a study analogous to an Environmental Impact Study might be needed. For lack of a less clumsy term, call it a Big Data Impact Study.

As the Internet of Things (#IoT) takes hold across previously anonymous aspects of living, such impact studies could prove to be one the important ways to protect privacy and to implement sometimes disregarded aspects of security and risk management.

Slow Pace of Forensics Dogs JPMorgan Chase Cyberattack Postmortem

Dealbook logo New York Times logo

Dealbook by New York Times

Despite discovering the attack in “late July,” the NYT Dealbook story reports that investigators are still unsure about many aspects of what was described as “a huge cyberattack” on JPMorgan Chase. Recently disclosed information revealed that the scale of the attack — apparently launched from overseas — indicated that around nine other financial institutions were also attacked, most likely by the same group.

The lag between the discovery and report (on 3 October) reveals the difficulties faced in uncovering the source and impact of such attacks. While few additional details have been reported, except that JPM Chase defenders were able to blunt the “burrowing” attack before any confidential information was disclosed, these facts alone suggest that even well-funded, presumably top flight defense can be compromised by dedicated attackers. More importantly, even after such attacks have been to some extent foiled, it remains difficult to assess the scope or source of the attacks. The NYT Dealbook report says current opinion has it that attacks were initiated by groups loosely connected to the Russian government, but this evidence is likely not definitive.