Tag Archive for: Homeland

Homeland Security bug bounty reveals huge number of flaws

/in


The outcome of a bug bounty program for the Department of Homeland Security (DHS) has been revealed, and it’s not particularly encouraging news for a government agency synonymous with cyber security.

Participants of DHS’ first-ever bug bounty program, named “Hack DHS,” confirmed that they found a worrying number of security bugs.

A large monitor displaying a security hacking breach warning.
Stock Depot/Getty Images

They discovered a total of 122 security vulnerabilities in external DHS systems, according to The Register and Bleeping Computer. Twenty-seven bugs were recognized as “critical severity” flaws.

The Hack DHS initiative saw more than 450 security researchers participate in the program. For their efforts, the government agency paid out a total reward of $125,600 that was distributed amongst the ethical hackers.

As aptly highlighted by The Register, the aforementioned payout figure pales in comparison to what other organizations pay to bug bounty hunters.

For example, Intel has previously offered up to $100,000 for successfully uncovering specific vulnerabilities.

Other technology giants like Microsoft offer 10s of thousands of dollars for finding flaws, while Apple paid a single individual nearly the entirety of the Hack DHS bounty by giving him $100,000 for hacking a Mac.

Google, meanwhile, has awarded nearly $30 million to individuals enrolled in its own bug bounty programs. In one particular case, the company gave a self-taught teenage hacker $36,000 for reporting a certain bug.

Considering the fact that one of the Department of Homeland Security’s key responsibilities involves cyber security, many may understandably be concerned that such a high amount of security bugs were found in the first place. Moreover, the somewhat lackluster payment tiers associated with Hack DHS could be a potential deterrent to future interested parties.

All things considered, it seems the DHS is not as secure as many Americans would have hoped it would be.

A physical lock placed on a keyboard to represent a locked keyboard.
piranka/Getty Images

Homeland Security’s quest to become more secure

Hack DHS was originally introduced in December 2021. Any hacker who joined the program would have to provide a comprehensive breakdown of any vulnerability they find. They also have to detail how that flaw can be…

Source…

Trident University International Welcomes New Homeland Security Faculty Member

/in


Dr. Franklin Ammerman has been elevated to a Full-time Professor in Trident’s College of Health and Human Services. He joined Trident as an adjunct instructor in 2013 and has an extensive background in criminal justice, including 26 years at the FBI.

CHANDLER, Ariz., Nov. 29, 2021 /PRNewswire-PRWeb/ — Dr. Franklin Ammerman has joined Trident University International’s (Trident) College of Health and Human Services as a Full-time Professor. In this role he will teach and develop courses in homeland security, emergency and disaster management, and criminal justice.

Dr. Ammerman joined Trident in 2013 as an adjunct instructor in the Homeland Security Department. He has taught courses such as Domestic Terrorism and Cybersecurity, Cyberterrorism and Cyber Warfare, and Cyber Threat Intelligence, as well as the Capstone Project in Homeland Security.

Previously, Dr. Ammerman served for 26 years as a Special Agent with the Federal Bureau of Investigation (FBI). During his time with the FBI, he handled issues relating to homeland security and counterterrorism, as well as general criminal cases.

He also spent three years as a homeland security instructor at the FBI Academy in Virginia where he served as a subject matter expert in national security strategies, racially-motivated violent extremism, radicalization and mobilization to violence, and anti-government violent extremism.

“Trident’s students will benefit from Dr. Ammerman’s ability to bring his military, criminal justice, and academic experiences to life in the courses he teaches,” states Dr. Patricia Rhynders, Interim Dean, Trident’s College of Health and Human Services.

Prior to his work at the FBI, Dr. Ammerman served in the U.S. Armed Forces for nine years.

Dr. Ammerman holds a Ph.D. in Business Administration, with specializations in homeland security policy and leadership, from Northcentral University in Arizona. He earned a Master of Public Administration from Troy State University in Alabama, and a Bachelor of Science in Police Administration from Eastern Kentucky University.

About Trident University International
Founded in 1998, Trident University International is a member of the American InterContinental University

Source…

Hackers targeted US drinking water and wastewater facilities as recently as August, Homeland Security says

/in


WASHINGTON – The nation’s top civilian cybersecurity agency issued a warning Thursday about ongoing cyber threats to the U.S. drinking water supply, saying malicious hackers are targeting government water and wastewater treatment systems.

Authorities said they wanted to highlight ongoing malicious cyber activity “by both known and unknown actors” targeting the technology and information systems that provide clean, drinkable water and treat the billions of gallons of wastewater created in the U.S. every year.

The alert, which disclosed three previously unreported ransomware attacks on water treatment facilities, was issued by the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA). It was the result of analytic efforts by DHS, the FBI, the Environmental Protection Agency and the National Security Agency.

One DHS cybersecurity official described it as the routine sharing of technical information between federal agencies and their industry partners “to help collectively reduce the risk to critical infrastructure in the United States.” Added a second Homeland Security official: “It’s not any indication of a new threat. We don’t want anyone to think that their drinking water supply is under attack.”

Both officials spoke on the condition of anonymity in order to elaborate on the agency’s public statements.

Despite their assurances, the advisory disclosed that in March 2019, a former employee at a Kansas-based water and waste water treatment facility unsuccessfully tried to threaten drinking water safety by logging in with his user credentials – which had not been revoked at the time of his resignation – to remotely access a facility computer.

In that case, a federal grand jury in Topeka, Kansas accused Wyatt Travnichek, 22, of tampering with the water treatment facilities for the sprawling, eight-county Post Rock Rural Water District.

The indictment, announced March 31, alleges that Travnichek’s job for the utility was to monitor the water plant remotely by logging into its computer system. Two months after he left his job with the water district in January 2019, it said, Travnichek logged in remotely with the intent of shutting shut down…

Source…

Homeland Security Warns of Cyberattacks Intended to Kill People

/in


Homeland Security Secretary Alejandro Mayorkas is warning that the next cyberattack could end up killing people — a dangerous and imminent shift from ransomware to “killware.”

In an interview with USA Today, Mayorkas noted that the Colonial Pipeline ransomware attack in April, which shut down much of the gas supply along the East Coast, was distracting from a far more egregious hack.

“And that is an attempted hack of a water treatment facility in Florida, and the fact that that attack was not for financial gain but rather purely to do harm,” he told the newspaper.

The hack almost led to the contamination of much of the water supply in Oldsmar, Florida, with a remote hacker attempting to increase the amount of sodium hydroxide 100 fold. The chemical, more commonly known as lye, is lethal at higher undiluted concentrations.

“The attempted hack of this water treatment facility in February 2021 demonstrated the grave risks that malicious cyber activity poses to public health and safety,” Mayorkas told USA Today. “The attacks are increasing in frequency and gravity, and cybersecurity must be a priority for all of us.”

Thanks to the rise of internet-connected devices all across America, hackers have far more potential weaknesses to exploit.

Eventually, cyber attackers could end up posing a very real threat. In a July report, security firm Gartner warned that “cyber attackers will have weaponized operational technology environments to successfully harm or kill humans” by 2025.

Even more worrying than the Oldsmar incident is the potential of hackers targeting hospitals. Such an attack could lead to patients suffering grave long-term consequences to their health and even risk dying.

Worse yet, private healthcare providers are often not reporting ransomware hacks to the government, according to USA Today.

Earlier this month, a woman sued a hospital after it failed to report a ransomware attack that reportedly led to the death of her newborn child. Hackers gained control over the Springhill Medical Center in Alabama back in 2019. The hospital never acknowledged the attack, according to The Wall Street Journal.

According to Gartner’s report, it will soon make financial sense to…

Source…