Tag Archives: security

Australian Meteorology Bureau Breach

“You’re only as strong as your weakest link.” For the Australian government, this phrase is extremely relevant today. The Australian Cyber Security Center confirmed yesterday that a 2015 attack on servers at Australia’s Bureau of Meteorology was initiated by a foreign intelligence service. You may be thinking, “What could hackers want with weather data?” The answer is nothing. By hacking into the weakest part of the Australian government’s network, the hackers were able to work their way throughout the system by breaching the poorly protected meteorology division.

Various reports have stated that China is behind the attacks but the Australian government states that it will not be naming a source. The Australian Cyber Security Center (ACSC) noted that the security controls in place “were insufficient to protect the network from more common threats associated with cybercrime.” They also estimate that every password on the Meteorology Bureau’s network was already compromised by the time that the investigation into the matter began.

Technology has allowed governments around the world to better store data and control their resources; unfortunately, as an entity’s cyber footprint increases, so does the type and number of potential risks that threaten them. It is vital that modern-day governments around the world put in place the countermeasures to protect their systems and data.

Ransomware Dundee: A Report on Cyber Crime Down Under

Taking advice from the internet and using it in real-life situations is not usually a lifehack that I would advise; that being said, I am here to offer a bit of advice. If you ever open your mailbox and find a USB flash drive, please do not insert said drive into your computer unless you know who put it there and why they didn’t just deliver it to you directly. This may seem like common sense to most people, but residents of a Melbourne, Australia suburb did not seem to possess this rudimentary level of technological knowledge.

Police in Pakenham, Australia are currently investigating reports from numerous residents that mysterious USB drives have been appearing in mailboxes throughout the community. When inserted into a computer, the flash drive runs a program offering a free Netflix subscription. Once the user initiates the process of signing up for the service, ransomware installs itself onto the machine. For those unfamiliar with the technology, ransomware has become a relatively common method of predatory cyber activity. Ransomware works by encrypting files stored on the user’s computer, then charging the user a fee to unlock their personal files. The ransomware forces the user to pay the fee in Bitcoin so there is no trace as to where the funds are going to or who is receiving them.

So far, only three residents have stepped forward and admitted to being duped into installing the application, though police believe that others have been impacted and are too embarrassed to step forward. Over the past few years, large-scale organizations have been impacted by ransomware and have paid extreme amounts of money to unlock their files. One of the more popular targets of ransomware purveyors are healthcare organizations. One prominent example of this is an attack earlier this year on the Kansas Heart Hospital. Ransomware forced the hospital to pay over $17,000 (miniscule compared to the original request of $3.4 million) to unlock patient and personnel files and then demanded a second payment to unlock the rest of the files that were still being held captive. Experts claim that the ransomware problem will “get worse before it gets better.”

As students, and as humans in general, we love free stuff. Next time you come across a free flash drive in your mailbox, take a second to think of the potential costs that this “free” piece of technology may bring on you. Personally, I’d much rather pay the $10 for a new flash drive than run the risk of obliterating my computer’s integrity for free.

Data Privacy Day – January 28th

The Top Secret Colonials are promoting a data privacy awareness day on January 28th. Data Privacy Day is meant to help raise the public’s awareness around data security and educate all internet users to be safer online. This day also aims to encourage greater accountability among consumers to better perceive how their information is being shared.

On January 28, the National Cyber Security Alliance (NCSA) will host events in Washington, DC and Los Angeles where privacy professionals will explain solutions to current challenges as well as best practices, such as how to recognize cyber intrusions and establishing an incident response plan. NCSA will also hold Twitter chats centered around data privacy in the days leading up to Data Privacy Day.

Data Privacy Tips (from StaySafeOnline.org):

  • Share with Care
    • What you post can last a lifetime: Before posting online think about how it might be perceived now and in the future and who might see it.
    • Own your online presence: Set the privacy and security settings on web services and devices to your comfort level for information sharing. It’s ok to limit how and with whom you share information.
    • Be aware of what’s being shared: Be aware that when you share a post, picture or video online, you may also be revealing information about others. Be thoughtful when and how you share information about others.
    • Post only about others as you have them post about you: The golden rule applies online as well.
    • Own your online presence: It’s OK to limit who can see your information and what you share. Learn about and use privacy and security settings on your favorite online games, apps and platforms.
  • Personal Information Is Like Money: Value It. Protect It.
    • Think before you act: Be wary of communications that implore you to act immediately, offer something that sounds too good to be true or ask for personal information.
    • Get two steps ahead: Switch on two-step verification or multi-factor authentication wherever offered to prevent unauthorized access.
    • Know what’s being collected, who is collecting it and how it will be used: Information about you, such as the games you like to play, what you search for online and where you shop and live, has value ‒ just like money. Be thoughtful about who gets that information and how it’s collected through apps and websites. Only use a product or service if the company is open and clearly states how it will use your personal information. If you’re not sure what a business will do with your information, ask your parents. Think twice if an app wants permission to use personal information (like your location) it doesn’t need before you say “OK.”
    • Secure your devices: Use strong passwords or passcodes or touch ID features to lock your devices. Securing your device can help protect your information if your device is lost or stolen and keep prying eyes out.
    • Get savvy about WiFi hotspots: Public wireless networks and hotspots are not secure – this means the possibility exists that anyone can see what you are doing on your laptop or smartphone while you are connected to it. Think about what you are doing and if you would want another person to see it. If you use public WiFi a lot, think about using a virtual private network (VPN) that provides a more secure WiFi connection.
    • Now you see me, now you don’t: Some stores and other locations look for devices with WiFi or Bluetooth turned on to track your movements while you are within range. Turn off WiFi and Bluetooth when not in use, and limit your use of free public wireless networks, which stores and locations can use to track what you do online.
    • When in doubt, throw it out: Links in email, tweets, posts, and online advertising are often the way bad guys get access to your personal information. If it looks weird, even if you know the source, it’s best to delete.




Careers with Cyber Forensics: Military, Law Enforcement, Corporate, and Executive – April 22

Careers with Cyber Forensics: Military, Law Enforcement, Corporate and Executive

Wednesday, April 22, 2015
Wheatley Center Critique Space

3:45 pm – Registration
4:00 pm – Pizza will arrive
4:15 pm – 5:30 pm –  Security Presentation
5:30 pm – 5:45 pm –  Question and Answer period

Top Secret Colonials are sponsoring this event!  If you register at the registration table, you will be able to receive SET credit for attending.

Several distinguished speakers will present, including:

  • Christopher J. Mellen 
    Director of the Information Risk Management branch within the Office of the Chief Information Officer for the Executive Office of the President (EOP) of the United States
    His directorate consists of the Records Management Branch, Cyber Integrity (eDiscovery) branch, Information Assurance and Security Operations
  • David Coughanour
    VP, Director PNC-CERT

    Teams responsible for Network Security Monitoring, Cyber Threat Intelligence, Technical Insider Threat Mitigation, and Digital Forensics
  • Edward R. Villarreal
    Incident Response, Mobile Security, and Insider Threat Team Lead for ManTech International onsite at a Large Federal Law Enforcement Agency

    His team provides computer forensic and incident response support to State-sponsored attacks against the Agency’s networks, eDiscovery collections to the Insider Threat Section, and Mobile Security technical expertise to the IT Branch deploying over 30,000 mobile devices.

The Washington Center Experience – From a Student’s Perspective

Have you heard of the newest club on campus…. the Top Secret Colonials?  Their mission is to promote education in cyber security. This group does a variety of fundraisers to raise money for the National Security Seminar in Washington, D.C.

How would you like to spend two weeks in D.C. with your fellow classmates and others from colleges across the country learning about our National Security in Information Systems?

Dr. Paullet and 20 of your classmates did just that. In May, these students took the 6 hour trip to D.C. They got to experience a trip of a life time and learned about our country’s National Security. Upon arrival they checked into their dorm-like apartments, became experts on utilizing the metro, and became friends with other students across the country.

They were privy to a variety of national security information that they otherwise would never have learned. They had to swear to not publicize the information received on social media. They toured the FBI building and got to ask federal agents a variety of cyber security and information systems questions. They visited the ICANN building where they had another question and answer session with those at the top. They were able to learn and ask point blank questions of the presenter, Dr. Fair, in reference to the FATA region and the utilization of drones in military missions. How about a chance to tour the Chinese embassy and ask questions right after the cyber attacks on major Pittsburgh companies?  Yes, they had a chance to do that, too!

A trip to the FISA court gave them the opportunity to speak to FISA Judge Reggie Walton, who, by the way, is from Pittsburgh, PA. They asked questions about recent cases and then were able to tour the judge’s chambers. The list of speakers each day was extraordinary. There were dignitaries, professors, lawyers from the U.S. Marshall’s Office, the Department of Justice, Guantanamo Bay, the Treasury Department and a non-profit organization for educating children in Pakistan. Each speaker talked about how cyber law(s) and information systems security is of the utmost importance in each of the specific federal sectors that they work in.

It wasn’t all work; there was time to explore downtown D.C. and see the city that seems to never sleep, and enjoy great restaurants and shop for awesome souvenirs. They were able to tour a number of our nation’s national monuments, where they had time to explore and take many pictures.

If you have ever thought about a job with the federal government, the students were able to speak and learn about the career paths of those that have served in our Armed Forces and have gone on to other federal and contract positions for our government.

The next National Security Seminar is just around the corner in May. The topics for next year are: Week 1- Inside the Defense and Intelligence Community and Week 2 – Negotiating Global Challenges.

So for an extraordinary adventure that you will never forget …… don’t delay, contact Dr. Paullet if you are interested in the National Security Seminars and earning college credits.

The Washington Center names RMU Academic Seminar University of the Year

Robert Morris University has been named the 2014 Academic Seminar University of the Year by the prestigious Washington Center for Internships and Academic Seminars.

Recently, a group of thirty-two RMU cyber forensics and information security students traveled to Washington, D.C. to participate in The Washington Center’s academic seminar program. The seminar was based on issues of National Security and gave the students an opportunity to learn from leading national security experts. As well as this being an excellent learning opportunity, this served as an opportunity for networking with national security leaders.


The Washington Center chose Robert Morris University as its academic seminar of the year based on many factors; some factors being the Top Secret Colonials fundraising efforts, preparation for the trip, and devotion of the students and faculty regarding the seminar itself.

The students were lucky to have been at the seminar in D.C. while there was extreme information security controversy happening here in Pittsburgh, PA. The group happened to be visiting the Chinese Embassy just hours after it was announced that the U.S. government filed criminal charges of cyber espionage against Chinese officials for allegedly having hacked some of Pittsburgh’s foremost industrial providers including Alcoa, Westinghouse, and U.S. Steel.

Many students having participated in the trip have become advocates for the importance of this seminar, as well as their student-run organization, Top Secret Colonials. TSC secretary, Jake Pancari, stated, “The seminar is a life changing opportunity, something I never could have experienced by just going to class all the time. We witnessed history in the making while we were there, and I got to meet so many influential people working in DC. It’s easily one of the best decisions I’ve made in my time at RMU.”