everyone: older news
by Brent Kirkpatrick
(Date Published: 10/26/2017.)
In the Australia hack in fall 2016, weak username and password combinations were used together with a weakness in the help-desk portal to breach sensitive documents on arms sales. These documents contained cyberwarfare details, information about new warships, details about a sale of F-25 fighters to Australia, details about Boeing P-8 Poseidon anti-sub jets, details of C-130 Hercules transport aircraft, and details about guided bombs.
In the South Korea hack in Sept 2016, an intranet, believed to be air-gaped from the Internet, was breached using an antivirus software. The cyber-attack first focused on an anti-virus software, embedded malware into the antivirus, and then exploited an intranet that was accidentally left connected to the Internet. Classified documents were breached which included joint U.S.-South Korea plans to decapitate the North Korean government.
In the NATO attacks in spring 2017, the personal cell phones of NATO soldiers were targeted. Soldiers were stalked, and their personal information reveled to them by the attackers. The NATO command is concerned that attacks such as these could be used to track troop movements and deployments.
Clean-Up. Incident response driven by data and AI.
Rob Taylor. "Australia hack nets data on U.S. arms." Wall Street Journal. Oct. 15, 2017.
Timothy W.Martin and Kwanwoo Jun. "Internet connection enabled Seoul hack." Wall Street Journal. Oct. 12, 2017.
Incident Response, Part 1: Planning