One Article Review
| Source |  taosecurity |
|---|---|
| Identifiant | 1896679 |
| Date de publication | 2020-09-03 11:11:10 (vue: 2020-09-03 15:13:17) |
| Titre | The FBI Intrusion Notification Program |
| Texte | The FBI intrusion notification program is one of the most important developments in cyber security during the last 15 years. This program achieved mainstream recognition on 24 March 2014 when Ellen Nakashima reported on it for the Washington Post in her story U.S. notified 3,000 companies in 2013 about cyberattacks. The story noted the following:"Federal agents notified more than 3,000 U.S. companies last year that their computer systems had been hacked, White House officials have told industry executives, marking the first time the government has revealed how often it tipped off the private sector to cyberintrusions...About 2,000 of the notifications were made in person or by phone by the FBI, which has 1,000 people dedicated to cybersecurity investigations among 56 field offices and its headquarters. Some of the notifications were made to the same company for separate intrusions, officials said. Although in-person visits are preferred, resource constraints limit the bureau's ability to do them all that way, former officials said...Officials with the Secret Service, an agency of the Department of Homeland Security that investigates financially motivated cybercrimes, said that they notified companies in 590 criminal cases opened last year, officials said. Some cases involved more than one company."The reason this program is so important is that it shattered the delusion that some executives used to reassure themselves. When the FBI visits your headquarters to tell you that you are compromised, you can't pretend that intrusions are "someone else's problem."It may be difficult for some readers to appreciate how prevalent this mindset was, from the beginnings of IT to about the year 2010.I do not know exactly when the FBI began notifying victims, but I believe the mid-2000's is a safe date. I can personally attest to the program around that time.I was reminded of the importance of this program by Andy Greenberg's new story The FBI Botched Its DNC Hack Warning in 2016-but Says It Won't Next Time. I strongly disagree with this "botched" characterization. Andy writes:"[S]omehow this breach [of the Democratic National Committee] had come as a terrible surprise-despite an FBI agent's warning to [IT staffer Yared] Tamene of potential Russian hacking over a series of phone calls that had begun fully nine months earlier.The FBI agent's warnings had 'never used alarming language,' Tamene would tell the Senate committee, and never reached higher than the DNC's IT director, who dismissed them after a cursory search of the network for signs of foul play."As with all intrusions, criminal responsibility lies with the intruder. However, I do not see why the FBI is supposed to carry the blame for how this intrusion unfolded. According to investigatory documents and this Crowdstrike blog post on their involvement, at least seven months passed from the time the FBI notified the DNC (sometime in September 2015) and when they contacted Crowdstrike (30 April 2015). That is ridiculous. If I received a call from the FBI even hinting at a Russian presence in my network, I would be on the phone with a professional incident response firm right after I briefed the CEO about the call.I'm glad the FBI continues to improve its victim notification procedures, but it doesn't make much of a difference if the individuals running IT and the organization are negligent, either through incompetence or inaction.Copyright 2003-2020 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and w |
| Envoyé | Oui |
| Condensat | according i if the this 000 2000 2003 2010 2013 2014 2015 2016 2020 590 ability about achieved after agency agent agents alarming all although among andy appreciate april are around attest been began beginnings begun bejtlich believe blame blog blogspot botched breach briefed bureau but call calls can carry cases ceo characterization com come committee companies company compromised computer constraints contacted continues copyright criminal crowdstrike cursory cyber cyberattacks cybercrimes cyberintrusions cybersecurity date dedicated delusion democratic department despite developments difference difficult director disagree dismissed dnc documents doesn during earlier either ellen else even exactly executives fbi federal field financially firm first following: former foul from fully glad government greenberg hack hacked hacking had has have headquarters her higher hinting homeland house how however importance important improve inaction incident incompetence individuals industry intruder intrusion intrusions investigates investigations investigatory involved involvement its know language last least lies limit made mainstream make march marking may mid mindset months more most motivated much nakashima national negligent network never new next nine not noted notification notifications notified notifying off offices officials often omehow one opened organization over passed people person personally phone play post potential preferred presence pretend prevalent private problem procedures professional program reached readers reason reassure received recognition reminded reported resource response responsibility revealed richard ridiculous right running russian safe said same says search secret sector security see senate separate september series service seven shattered signs some someone sometime staffer story story the story u strongly supposed surprise systems tamene taosecurity tell terrible than them themselves through time tipped told unfolded used victim victims visits warning warnings washington way when which white who why won would writes: www yared year years you your |
| Tags | Hack |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.