Sunday, September 11, 2016

Compromising National Security Through Public Schools

One of the most pernicious and successful ways in which cybernetic systems can be compromised is through the act of social engineering.  In other words, a human who has secure access to a system or systems is duped or is compromised by misplaced trust in a third party to granting access to the otherwise secure system.

In recent weeks, at least two public announcements have given me grave concern that the EO Smith School systems may have been compromised  in the recent past.

Most recently, the FBI issued the following;

"Targeting Activity Against State Board of Election Systems Summary 
The FBI received information of an additional IP address, 5.149.249.172, which was detected in the July 2016 compromise of a state’s Board of Election Web site. Additionally, in August 2016 attempted intrusion activities into another state’s Board of Election system identified the IP address, 185.104.9.39 used in the aforementioned compromise.
Technical Details The following information was released by the MS-ISAC on 1 August 2016, which was derived through the course of the investigation. In late June 2016, an unknown actor scanned a state's Board of Election website for vulnerabilities using Acunetix, and after identifying a Structured Query Language (SQL) injection (SQLi) vulnerability, used SQLmap to target the state website. The majority of the data exfiltration occurred in mid-July. There were 7 suspicious IPs and penetration testing tools Acunetix, SQLMap, and DirBuster used by the actor, detailed in the indicators section below. "
The document goes into further detail of system contagion;

"Conduct vulnerability scans on local government and law enforcement websites and promptly remediate any vulnerabilities (or contact your hosting provider to do so on your behalf). Particular attention should be paid to SQLi vulnerabilities. Website hosting providers should also pay attention to vulnerabilities on other websites on the same server, which may provide a back-door into the local government's website."

Earlier ARSTechnica reported the existence of a previously unknown attack vehicle;

 ""Once installed, the main Project Sauron modules start working as 'sleeper cells,' displaying no activity of their own and waiting for 'wake-up' commands in the incoming network traffic," Kaspersky researchers wrote in a separate blog post. "This method of operation ensures Project Sauron’s extended persistence on the servers of targeted organizations."
Kaspersky researchers said they discovered the malware last September after a customer at an unidentified government organization hired them to investigate anomalous network traffic. They eventually unearthed a "strange" executable program library that was loaded into the memory of one of the customer's domain controller servers. The library was masquerading as a Windows password filter, which is something administrators typically use to ensure passwords match specific requirements for length and complexity. The module started every time a network or local user logged in or changed a password, and it was able to view passcodes in plaintext.
The main purpose of the malware platform was to obtain passwords, cryptographic keys, configuration files, and IP addresses of the key servers related to any encryption software that was in use. Infected groups include government agencies, scientific research centers, military organizations, telecommunication providers, and financial institutions in Russia, Iran, Rwanda, China, Sweden, Belgium, and possibly in Italian-speaking countries."
A number of years ago, some EO Smith students claim to have installed software (thought to be a for-credit school project) onto EO Smith, Town of Mansfield, CT and Mansfield Public Schools. Recent events have disclosed that the software was not written by the students but was outsourced to an eastern block country's software development firm paid for and sponsored by the student's parents in one form or another.

An internet search reveals numerous claims by the students about the scope and effectiveness of the software that appear to have no basis in fact. School officials claim the software was never allowed to co-exist with legitimate school systems.

Further discussion of this issue will be conducted at the September 20th curriculum meeting.

The revelations introduce disturbing questions about the academic veracity of the school's program, the ethical veracity of the claims of the students, and serves as a wake-up call to all public schools when it comes to their system relationship to broader government systems.



No comments: