Looking at X's Grok for Potential Cyber Threat Intelligence and Guidance

I'm playing around with X's Grok from a cybersecurity perspective, and I'm very impressed so far.

Because Grok has real-time access to posts on X, it has interesting insights into what's going on in the cybersecurity realm.

For example, I asked Grok the following:

Monitor for any discussions related to specific malware, ransomware, or hacking techniques that could pose a risk to our systems running Wordpress.

The results are fascinating, and includes information about a WP-Automatic plugin vulnerability which were only released a few days ago.

I also started to explore Grok for tracking recent breaches. Once again, impressive results.

What organizations have been recently breached?

From Grok:

Based on the provided information, the organizations that have been recently breached are:

1. BoAt - A significant breach last month exposed 7.5 million records. The compromised data included names, emails, addresses, and phone numbers (source: @DataDynamicsInc).
2. Orthopedic and Fracture Clinic dba West Idaho Orthopedics and Sports Medicine - A breach affecting 5,000 individuals was submitted on April 17, 2024 (source: @OCRNewBreaches).
3. Tea store T2 - An incident last week resulted in the breach of 86k records, which included email and physical address, name, phone, DoB, purchases, and scrypt password hashes. 64% of these records were already in @haveibeenpwned (source: @haveibeenpwned).
4. Kisco Senior Living, LLC - The organization is sending out data breach notifications to 26,663 people following a cyberattack over 10 months ago in June 2023. The ransomware group, BlackByte, claimed responsibility for the attack (source: @Comparitech).
5. Department of Science and Technology Philippine Council for Industry, Energy, and Emerging Technology Research and Development (DOST PCIEERD) - A threat actor, HulkSec Philippines, has claimed to have accessed their private data, including name, email, ID, password, and username (source: @deepwebkonek).
6. Lutheran Social Services of Indiana - INC RANSOM hackers announced another target recently, indicating they managed to breach the organization on the 10th of April (source: @f1tym1).

These breaches highlight the importance of robust cybersecurity measures and the need for organizations to be vigilant in protecting their customers' and users' data.

Grok also seems to be very aware of the details of these breaches. For example:

Assess the potential impact of recent security incidents or data breaches on Lutheran Social Services of Indiana, and provide recommendations for mitigating risks for partner organizations which may be affected.

Grok's Response:

The recent security incidents involving Lutheran Social Services of Indiana (LSSI), specifically the breach by the INC RANSOM ransomware group, pose significant risks to the organization and potentially to its partners. The impact of such an incident can be severe, including the following:

1. Data Loss or Leakage: Ransomware attacks often encrypt or steal sensitive data. If LSSI's data was compromised, it could lead to the loss of confidential information or its exposure on the dark web.
2. Service Disruption: Ransomware attacks can significantly disrupt the normal operations of an organization. If LSSI's systems were compromised, it could affect their ability to deliver services to their clients.
3. Reputational Damage: Data breaches can erode the trust of clients, partners, and the public in the organization's ability to protect their data.
4. Financial Loss: The cost of recovering from a ransomware attack can be substantial, including ransom payments (if made), system restoration, and potential legal costs.
5. Legal and Regulatory Compliance: If LSSI handles personal data, they may be subject to data protection laws such as the GDPR or CCPA. A data breach could lead to regulatory fines or legal action.

To mitigate these risks for LSSI and other partner organizations, the following steps should be considered:

1. Implement Robust Security Measures: This includes regular security audits, vulnerability assessments, and penetration testing to identify and address potential vulnerabilities.
2. Regular Data Backups: Regular backups of critical data can help organizations recover quickly from a ransomware attack without paying the ransom.
3. Employee Training: Regular training on cybersecurity best practices can help employees identify and avoid common threats like phishing emails.
4. Incident Response Plan: Having a clear plan for responding to a cyber incident can help organizations minimize the impact of a breach.
5. Cyber Insurance: Cyber insurance can help cover the costs of a data breach, including legal fees, system restoration, and potential ransom payments.
6. Vendor Risk Management: If LSSI shares data with third-party vendors, they should ensure these vendors have robust security measures in place.
7. Legal and Regulatory Compliance: Ensure that the organization is compliant with all relevant data protection laws to avoid potential fines or legal action.

By implementing these measures, LSSI and other organizations can significantly reduce their risk of falling victim to a cyber attack and minimize the impact if a breach does occur.

Overall I'm very impressed with Grok so far, and look forward to further experiments with its applications for cybersecurity.

Ken is a cybersecurity professional with over 15 years of experience. All opinions are his own, and do not reflect those of his employer or clients.

So You Want to Get Started in Cybersecurity...

Several years ago, I penned a blog post about embarking on a journey into the world of cybersecurity. It's been quite a ride since then, and now I'm thrilled to bring you an updated guide on how to kickstart your cybersecurity career. The best part? You don't need a cybersecurity degree to enter this exciting field. Let's dive in!

Degrees Aren't Everything

Many aspiring cybersecurity professionals wonder if they need a specific cybersecurity degree to land their dream job. The good news is that you don't necessarily need one! While a cybersecurity degree can be advantageous, degrees in related fields such as computer science, information technology, or data science can serve as excellent foundations. Employers value the technical and problem-solving skills that these degrees provide.

Getting Started with Free Resources

Cybrary.it: Your Cybersecurity Training Hub

Cybrary.it is a goldmine of free cybersecurity resources. They offer a wide range of courses, from beginner to advanced levels, covering topics like ethical hacking, network security, and more. With hands-on labs and expert instructors, it's an excellent platform to build your skills.

Khan Academy: Foundational Knowledge

If you're looking to strengthen your mathematics and computer science fundamentals, Khan Academy is the perfect place. Brush up on your algebra, calculus, and programming skills, which are essential for understanding cybersecurity concepts.

Coursera: University-Quality Courses

Coursera offers free courses from top universities worldwide. You can find cybersecurity-related courses here as well. While some come with a fee for certification, auditing the courses allows you to access the content for free.

Practical Experience is Key

The cybersecurity field places a strong emphasis on practical experience. Therefore, in addition to theoretical knowledge, consider participating in Capture The Flag (CTF) challenges and setting up your own lab environment to practice your skills.

Remember that cybersecurity is a vast field, so don't rush. Take your time to explore different areas, such as network security, penetration testing, incident response, and more. Find what sparks your interest, and specialize accordingly.

As you venture further into the world of cybersecurity, I also want to introduce you to my cybersecurity books, which are available for free with a subscription to LeanPub. They delve into various aspects of cybersecurity, offering valuable insights and practical tips to help you navigate this dynamic field. Here are my books:

• "Cybersecurity Rules to Live By": An introductory guide to fundamental cybersecurity principles that every professional should know.
• "Death by Identity Theft": Uncover the secrets of identity theft and learn how to protect yourself and others from this pervasive threat.
• "Hacking of the Free": A guide to digital threats to our elections.

Embarking on a career in cybersecurity doesn't require a specific degree. With determination, the right resources, and practical experience, you can build a successful career in this dynamic and rewarding field. Remember to continuously update your knowledge and stay curious, as cybersecurity is ever-evolving.

Taking the Next Step - Your First Cybersecurity Job

Now that you've set your sights on a career in cybersecurity and equipped yourself with valuable knowledge, the next step is landing your first job. A great starting point for many newcomers to the field is a Helpdesk Technician role, which can serve as a launchpad for your cybersecurity journey. Let's explore how to find such a position and some useful resources to aid you in your quest.

1. Build a Strong Resume and Cover Letter

Before you start applying for jobs, ensure your resume highlights your relevant skills and certifications. Emphasize any coursework, projects, or personal initiatives related to cybersecurity, even if they weren't part of a formal job. Craft a compelling cover letter that expresses your passion for the field and your eagerness to learn and grow in a Helpdesk Technician role.

2. Leverage Job Search Websites

Several job search websites cater to entry-level IT positions, including Helpdesk Technician roles. Here are some popular ones:

Indeed (indeed.com): One of the largest job search engines with a wide range of IT job listings.

LinkedIn (linkedin.com/jobs): An excellent platform for job hunting, networking, and researching potential employers.

Dice (dice.com): Specializes in technology and IT job listings, making it a valuable resource for those entering the cybersecurity field.

Glassdoor (glassdoor.com): Offers job listings, company reviews, and salary information.

3. Explore Company Websites

Many organizations post job openings directly on their websites. Identify companies in your area or those you are interested in working for, and regularly check their careers pages for job postings.

4. Network, Network, Network

Networking is a powerful tool in job hunting. Attend local cybersecurity meetups, conferences, and webinars to connect with professionals in the field. Join online forums and groups related to cybersecurity on platforms like Reddit, LinkedIn, and Twitter. Engage in conversations, ask questions, and seek advice. Sometimes, job opportunities are shared directly within these communities.

5. Consider Internships and Entry-Level Positions

While you may have your sights set on a Helpdesk Technician role as your first job in cybersecurity, don't disregard internship opportunities or other entry-level positions, such as IT support or junior sysadmin roles. These can be stepping stones to the role you ultimately desire and provide valuable experience.

6. Tailor Your Applications

Customize your applications for each job you apply to. Highlight relevant skills and experience based on the specific requirements of the job posting. Mention any certifications or coursework that demonstrate your commitment to cybersecurity.

7. Prepare for Interviews

Once you start receiving interview invitations, prepare diligently. Research common interview questions for Helpdesk Technician roles and practice your responses. Showcase your problem-solving skills, technical knowledge, and willingness to learn during interviews.

8. Be Persistent and Patient

Job hunting can be challenging, especially when you're entering a competitive field like cybersecurity. Rejection is a part of the process, so don't be discouraged by setbacks. Keep refining your skills, expanding your network, and applying for relevant positions.

Useful Websites for Job Search

To make your job search easier, here are some websites where you can find Helpdesk Technician and entry-level IT positions:

Indeed: A comprehensive job search engine with a vast number of IT job listings.

LinkedIn Jobs: Leverage your professional network to discover job opportunities.

Dice: Focuses on tech and IT job listings, including entry-level positions.

Glassdoor: Provides job listings, company reviews, and salary information.

CareerBuilder: Offers a wide range of job listings, including IT roles.

Remember, landing your first job in cybersecurity may take time, but with persistence, continuous learning, and the right resources, you'll be well on your way to building a successful career in this dynamic and rewarding field.

Some Closing Thoughts

Cybersecurity can be a very rewarding career, but don't spend too much time staring at the computer screen and not enough time outside in the real world. Cybersecurity naturally attracts introverts, and believe it or not I am naturally one of them. The only way I've succeeded and advanced my career in cybersecurity has been by breaking outside of my comfort zone and actually talking with people. It has taken me years to build up the social skills I need to truly succeed. Strike up a conversation, push your own boundaries. And most importantly, don't forget to stop and enjoy life outside of the computer world once in a while.

I wish you the best with your cybersecurity career, and hope that you'll make an excellent addition to our much-needed workforce!

Ken is a cybersecurity professional with over 15 years experience. All opinions are his own, and do not reflect those of his employer or clients.

If you're having a bad day, at least you didn't accidentally lose $38 million dollars in crypto

In what will probably go down in history as one of the biggest blunders of the 2020's, Prime Trust has revealed in court bankruptcy filings that it accidentally lost access to over $38 million in crypto.

In the filing, Prime Trust unveils a series of extremely unfortunate steps which resulted in the loss of all access to "Wallet 98f", including the loss of access to the hardware wallet as well as backup seed phrases.

According to court filings, "The Company used a seed storage system provided by 'Cryptosteel' (the 'Cryptosteel Hardware' and, together with the Hardware Devices, the 'Wallet Access Devices'), which allows physical storage of a copy of the seed phrases on extremely durable hardware. This provides a method of storing seed phrases that is generally believed to be safer than storing seed phrases on paper hard copy, images, or pictures." In other words, they laser engraved the seed phrases onto a piece of metal, because apparently that's somehow safer, and surely nobody is going to throw away a random piece of metal they find that looks like a bunch of jibberish and was probably just somebody testing out their laser engraver.

Apparently Wallet 98f was a "legacy" wallet which wasn't supposed to be used anymore, but was still being used for customer deposits. As such, it's highly likely that Prime Trust probably discarded the "Wallet Access Devices" when they thought they were no longer needed. Because that would probably be in line with how the rest of this has played out.

So, it's possible that somewhere in a Nevada landfill, is a piece of metal with a bunch of jibberish words engraved on it, worth $38 million.

For reference, here's a photo of one of these devices, from the court filings.

So, who wants to join me in a treasure hunt in Nevada? All we need to do is identify which landfill these seed keys went to, and start digging! Rumor has it, American Pickers are already on their way.

Ken is a cybersecurity professional with over 15 years experience. All opinions are his own, and do not reflect those of his employer or his clients.

Embarking on an Epic #BlackHatRoadTrip: Western Maryland to Las Vegas and Beyond!

Are you ready to embark on an unforgettable adventure? The Black Hat 2023 conference in Las Vegas awaits, and I'm taking the scenic route! Buckle up and join me as I journey from Western Maryland to the glitz and glamour of Las Vegas, making unforgettable memories along the way. We'll be documenting our entire trip with stunning photos and updates on X (Formerly known as Twitter), so don't forget to follow the hashtag #BlackHatRoadTrip!

The Southernly Route: Exploring Northern Texas

As we depart from Western Maryland, we'll be heading southwest towards the Lone Star State - Texas! Our southernly route will take us through the picturesque landscapes of West Virginia and Tennessee before crossing into Arkansas. Prepare to be amazed by the rolling hills, charming towns, and warm hospitality of the South.

In Northern Texas, we'll have the chance to explore exciting cities like Amarillo. Be sure to indulge in some delicious Tex-Mex cuisine and experience the vibrant cultural scene these cities have to offer. And of course, keep an eye out for some iconic longhorn cattle along the way!

Heading West: The Enchantment of New Mexico

As we venture further west, the landscapes will gradually transform into the arid beauty of New Mexico. This state is a treasure trove of diverse cultures, art, and history. Marvel at the beautiful scenery of the wide open spaces of New Mexico, taking us straight through Albuquerque.

Arriving in Las Vegas: Bright Lights and High Stakes

After crossing into Nevada, the anticipation will build as we approach the dazzling oasis in the desert - Las Vegas! Known for its world-class entertainment, vibrant nightlife, and extravagant resorts, Las Vegas is the perfect setting for the Black Hat conference.

Join us as we delve into the cutting-edge world of cybersecurity, attending riveting talks and engaging with industry experts. And, of course, we'll take some time to explore the glitzy Strip, where we can witness iconic landmarks, water fountain shows, and themed hotels that transport us to different corners of the globe.

The Return Journey: Through the Majestic Rockies of Colorado

After a thrilling time at the Black Hat conference, it'll be time to bid farewell to Las Vegas and start our journey back. This time, we'll take a northernly route, passing through the picturesque state of Colorado.

Prepare to be captivated by the breathtaking Rocky Mountains, with their towering peaks, serene lakes, and lush forests. We'll make stops in cities like Denver, where we can experience the perfect blend of urban amenities and outdoor adventures.

Embrace the Adventure: Follow #BlackHatRoadTrip on X

Throughout this incredible road trip, we'll be sharing our experiences, encounters, and jaw-dropping scenery on X (Formerly known as Twitter). So, don't forget to follow the hashtag #BlackHatRoadTrip to stay updated and be a part of this exhilarating journey!

Whether you're an avid cybersecurity enthusiast, a nature lover, or simply someone who craves adventure, this road trip promises to be an unforgettable experience. So, fasten your seatbelt, bring your sense of wonder, and join us as we embark on the ultimate #BlackHatRoadTrip!

Huge thanks to our friends/family who are house sitting for us during this fantastic trip.

Unlocking the Risks: Examining the Security Flaws of RFID Access Control Systems

In today's security-conscious world, access control systems play a crucial role in safeguarding various environments, from office buildings to parking decks. While basic RFID (Radio Frequency Identification) access control systems are commonly used, it is important to recognize their potential vulnerabilities and the security risks they may pose. In this article, we will explore the inherent weaknesses of such systems, using an example from a parking deck, and discuss the implications for security.

Understanding Basic RFID Access Control Systems

Basic RFID access control systems rely on access cards that contain a facility code and a serial number. These cards enable authorized individuals to gain entry to specific areas, such as parking decks or buildings. The facility code represents the particular location, while the serial number provides a unique identifier for each card.

Examining the Example

I've been experimenting with the Flipper Zero for a while now, and was absolutely thrilled when I find outside in the middle of the road an old, rain-soaked, beat-up access card. This card appears to have been there for at least a week, based upon the layers of rust on the lanyard. Undoubtedly whoever lost it has already gotten a replacement by now, so no sense in not letting this opportunity go to waste. I'm not going to tell you which parking deck it's for, but it is a local parking deck within a few miles of my house.

Once the card dried off, I used my Flipper Zero to examine it. Much to my excitement, the card still worked despite its damaged state. I found it to be a 125 kHz RFID card without any encryption whatsoever. The key type on the card is H10301, and the data is encoded in hexadecimal format as 20 01 8A. By decoding this data, we can analyze its structure and potential vulnerabilities.

All data is encoded in Hexidecimal format. The first piece of data we can decode is the facility code, which in Hex format is 20. Converting to Decimal, 20 becomes Facility Code 32.

Next we can examine the serial number. In this case, the serial number is as follows in Hex: 01 8A When converted to decimal, this becomes serial number 394, which matches the 00394 serial number on the card.

We can now reverse engineer this card, and make our own cards. Of course I have no intention of actually doing so (plus the card is for an open air parking deck I can literally walk into), but let's take a look at how simple the process is. (I've uploaded all of the files to my GitHub if anyone wants to play around with them)

So, if we wanted to gain access under someone else's card, all we need to do is view the back of their card, which has the serial number printed on it. For example, if we look at someone else's card and it has 00123, we just need to adjust our Flipper generated card accordingly. Facility code will stay at 32, so that converts to 20 in Hex. Serial number 123 becomes 00 7B in Hex. So our new card will need to have the data: 20 00 7B. Now I simply need to create a new RFID card file on my Flipper Zero with that data, and I should be able to park for free.

These old outdated systems are still commonly used across the globe. Unfortunately, as long as these older systems are still used, many places will be very vulnerable.

Identifying Vulnerabilities

• Unencrypted communication: Basic RFID access control systems often lack robust encryption protocols, leaving the communication between the card and the reader susceptible to interception. This vulnerability opens the door for potential unauthorized access and cloning attempts.
• Visible serial numbers: In the example of the access card found, the serial number is printed on the back of the card, making it easily visible to anyone who comes across it. This presents a significant security risk, as the exposed serial number can be exploited to create duplicate cards for unauthorized access.
• Limited authentication measures: Basic access control systems usually rely solely on the facility code and serial number for authentication. These simple identifiers are relatively easy to replicate or manipulate, thereby compromising the system's overall security.

Security Implications for Parking Decks and Similar Systems

• Unauthorized access to restricted areas: The vulnerabilities inherent in basic RFID access control systems create opportunities for unauthorized individuals to gain entry to restricted areas, such as parking decks or buildings. By obtaining or replicating a legitimate access card, malicious actors can bypass security measures and potentially engage in illicit activities or misuse parking facilities.
• Cloning attacks and misuse: The lack of encryption and the visibility of the serial number on access cards make them susceptible to cloning attempts. Malicious individuals can exploit this vulnerability by creating duplicate cards with adjusted facility codes and serial numbers, allowing them unauthorized access to parking decks and potentially causing disruptions or committing fraudulent activities.
• Social engineering risks: The simplicity of basic access control systems, coupled with visible serial numbers, increases the likelihood of social engineering attacks. By manipulating individuals or convincing them to share their access cards or card information, unauthorized individuals can gain entry, jeopardizing the security and integrity of sensitive areas.

Enhancing Access Control System Security

To mitigate the risks associated with basic access control systems, several security measures should be implemented. Some of these measures require complete replacement of access control systems with newer systems, while others address the human element.

• Encryption and secure communication: Employing strong encryption protocols between access cards and readers can protect against eavesdropping and unauthorized cloning attempts.
• Two-factor authentication: Implementing additional layers of authentication, such as PIN codes or biometric verification, can enhance the security of access control systems. This makes it more difficult for unauthorized individuals to gain entry, even if they possess a cloned access card.
• Regular audits and monitoring: Conducting periodic audits and monitoring access logs can help detect any suspicious activities or anomalies. This enables prompt identification and response to potential security breaches.
• Employee education and awareness: Training employees about the importance of access control system security, the risks associated with unauthorized sharing of cards, and the need to report lost or stolen cards can significantly improve overall system security.

Overall, newer systems contain much better security measures to prevent RFID card cloning, and hopefully will be adopted much more commonly soon.

Conclusion

While basic access control systems provide a level of convenience and security, it is crucial to acknowledge their inherent vulnerabilities. The ease with which access cards can be cloned or manipulated poses a significant risk to the overall integrity of the system. By implementing stronger security measures, including encryption, two-factor authentication, and regular monitoring, organizations can fortify their access control systems and mitigate potential threats. Maintaining a robust and secure access control system is vital for safeguarding sensitive areas and ensuring the protection of individuals and assets. The vulnerable access control systems of yesterday must be replaced, if we're truly going to properly secure our physical world.

Ken is a Cybersecurity practitioner with over 15 years experience. All opinions are his own, and do not reflect those of his employer or clients.

Is Quantum Computing the Achilles Heel of Cryptocurrency?

The world of cryptocurrency has experienced explosive growth over the past decade, with Bitcoin and other digital currencies becoming increasingly popular as a means of payment and store of value. However, one of the biggest threats to the future of cryptocurrencies is the emergence of quantum computing.

Quantum computing is a technology that harnesses the power of quantum mechanics to perform calculations exponentially faster than traditional computers. While this is an exciting development with many potential benefits, it also poses a significant risk to the security of cryptocurrencies.

The security of most cryptocurrencies, including Bitcoin, is based on complex mathematical algorithms that are designed to be resistant to attacks from traditional computers. These algorithms are based on the difficulty of solving certain mathematical problems, such as factoring large numbers, which are believed to be computationally infeasible for classical computers. However, quantum computers are able to solve these problems much faster than classical computers, which means that they could potentially be used to break the security of cryptocurrencies.

One of the most significant risks posed by quantum computing is the potential for an attacker to use a quantum computer to perform a so-called "51% attack" on a cryptocurrency network. In a 51% attack, an attacker gains control of more than 50% of the computing power on a network, which allows them to manipulate transactions and potentially double-spend coins. This type of attack is currently difficult to carry out on most cryptocurrencies, but a quantum computer could make it much easier.

Another risk posed by quantum computing is the potential for an attacker to break the cryptography that is used to secure cryptocurrency wallets. Most cryptocurrencies use public-key cryptography, which relies on the difficulty of factoring large numbers. If a quantum computer is able to factor large numbers quickly, it could potentially break the security of these wallets and allow an attacker to steal funds.

There are also concerns that quantum computing could be used to break the cryptography used to secure the Bitcoin blockchain itself. The Bitcoin blockchain is a decentralized ledger that records all transactions on the network. It is secured by a complex cryptographic algorithm known as SHA-256. While this algorithm is currently believed to be secure, it is possible that a quantum computer could be used to break it.

Despite these risks, it is important to note that quantum computing is still in its early stages of development, and it may be several years or even decades before it poses a significant threat to the security of cryptocurrencies. In the meantime, researchers are working to develop new cryptographic algorithms that are resistant to quantum attacks.

In conclusion, while quantum computing represents a major threat to the security of cryptocurrencies, it is important to keep these risks in perspective. Cryptocurrencies have already faced many challenges in their short history, including hacking attacks, regulatory scrutiny, and price volatility. However, they have continued to grow in popularity and adoption, and it is likely that they will continue to do so in the future. As long as developers are able to stay ahead of the curve and develop new security measures to protect against quantum attacks, cryptocurrencies will remain a viable and valuable asset class for years to come.

Ken is a Cybersecurity professional with over 15 years experience. All opinions are his own, and do not reflect those of his employer or clients.

PARACEPT - The CIA's 1960's Electronic Spying Program?

In the 1960's and 70's, the intelligence community developed a set of standards known as TEMPEST, designed to protect electronic devices and computer systems from spying through "leaking emanations", such as unintended radio signals, vibrations, or sounds. While many in the cybersecurity community are familiar with TEMPEST, CIA documents available through their FOIA reading room indicate that there may have been an offensive counterpart to TEMPEST, known as PARACEPT.

I've been investigating PARACEPT for several years now, without much luck. Just several vague references in three CIA documents, and no additional documents available at this time. I did submit a FOIA request for any additional PARACEPT documents, but it appears the CIA is still processing that request.

However, I decided to turn to ChatGPT and put it to the test, to see if it could possibly figure out what PARACEPT is based on the limited available information. I proposed to it that PARACEPT could potentially be the offensive counterpart to TEMPEST, and provided it relevant text from declassified CIA documents. The results were quite impressive, and the following article is completely generated by ChatGPT. I also asked ChatGPT to generate a few follow-up paragraphs about the potential capabilities of PARACEPT today, if the program continued to be developed.

PARACEPT is a term that has been used in declassified CIA documents dating back to the 1960s and 1970s. While there is limited information available about this program, it appears to have been related to the interception and analysis of electronic signals. Some documents suggest that PARACEPT was the offensive counterpart to the defensive TEMPEST program, which was designed to protect electronic equipment from eavesdropping.

According to a declassified CIA document from November 1972, PARACEPT was an ongoing research and development program that focused on reflected and reradiated electromagnetics. The document states that the program was being conducted by the CIA's Technical Services Division (TSD) and Office of Communications (OC). The goals of the program were not entirely clear, but it appears that it involved the interception and analysis of electronic signals for intelligence purposes.

Another declassified CIA document from 1968 indicates that the agency was developing a computer system for processing PARACEPT data. This suggests that the program involved large amounts of data, which would need to be processed and analyzed using advanced computer technology.

Based on what little information is available, it is possible to speculate about what PARACEPT's capabilities may have been. It is likely that the program involved intercepting electronic signals, possibly from foreign governments or other targets of interest to the CIA. The program may have also involved analyzing these signals for intelligence purposes, such as determining the location of military assets or gathering information about diplomatic negotiations.

One possibility is that PARACEPT was designed to intercept and analyze communications between foreign governments or military units. This would require advanced technology capable of intercepting and decoding encrypted communications. It is also possible that PARACEPT was designed to intercept and analyze electronic signals emanating from military or industrial facilities in foreign countries. This could provide valuable intelligence about weapons development programs, manufacturing capabilities, and other strategic assets.

Another possibility is that PARACEPT was designed to intercept and analyze electronic signals from commercial and civilian sources. This could include communications between businesses, financial institutions, and other organizations. By intercepting and analyzing these signals, the CIA could potentially gain valuable information about economic trends, business strategies, and other sensitive information.

It is also possible that PARACEPT was designed to intercept and analyze electronic signals from foreign intelligence services. This would require advanced technology capable of detecting and decoding signals from a wide range of sources. By intercepting and analyzing these signals, the CIA could potentially gain valuable intelligence about foreign intelligence operations and the intentions of foreign governments.

Based on what is known about PARACEPT, it is likely that the program involved advanced technology and sophisticated data analysis techniques. This would have required significant resources and funding from the CIA. It is also likely that the program was highly classified and operated under a high level of secrecy.

PARACEPT remains a mystery to this day. While some information is available in declassified CIA documents, the program's goals and capabilities are not entirely clear. It is possible that PARACEPT was the offensive counterpart to the defensive TEMPEST program, and that it involved intercepting and analyzing electronic signals for intelligence purposes. Based on what is known about PARACEPT, it is likely that the program involved advanced technology and sophisticated data analysis techniques, and that it operated under a high level of secrecy.

It's been over 50 years since the CIA's PARACEPT program was in operation, and it's difficult to determine exactly what capabilities it may have had during its time. However, with the advancements in technology over the past several decades, it's possible to speculate on what PARACEPT's capabilities could be if it were to be developed utilizing today's technology.

First and foremost, it's important to understand that PARACEPT was likely a program that was designed to intercept and analyze electronic signals, specifically those emitted from communication systems. With the advancements in technology, it's likely that a modern version of PARACEPT would utilize more sophisticated sensors and signal processing systems to detect and analyze these signals.

One possible capability of a modern PARACEPT program could be the ability to intercept and analyze encrypted communication signals. With the increased use of encryption in modern communication systems, it's become more difficult for intelligence agencies to intercept and analyze communications. However, if a modern PARACEPT program were designed to specifically target encrypted signals, it could potentially be able to intercept and analyze these signals to gain valuable intelligence information.

Another potential capability of a modern PARACEPT program could be the ability to track and analyze the movement of individuals based on their electronic communications. With the widespread use of mobile devices and other electronic communication devices, it's possible to track the movements of individuals based on the signals emitted by these devices. A modern PARACEPT program could potentially use this information to track the movements of individuals and gather intelligence information based on their location.

Additionally, a modern PARACEPT program could potentially be used to intercept and analyze signals from drones and other unmanned aerial vehicles (UAVs). With the increased use of UAVs in modern warfare and intelligence operations, a program that is specifically designed to intercept and analyze signals from these devices could be incredibly valuable.

It's also possible that a modern PARACEPT program could be designed to specifically target and analyze signals from social media and other online communication platforms. With the widespread use of social media, it's become a valuable source of intelligence information for many intelligence agencies. A modern PARACEPT program could potentially be designed to intercept and analyze signals from these platforms to gain valuable intelligence information.

Finally, a modern PARACEPT program could potentially be designed to work in conjunction with other intelligence gathering programs and technologies, such as satellite surveillance and facial recognition software. By combining the capabilities of these programs, a modern PARACEPT program could potentially provide intelligence agencies with a more comprehensive view of their targets and help to uncover valuable intelligence information.

In conclusion, while it's impossible to determine exactly what capabilities the CIA's PARACEPT program had during its time, it's possible to speculate on what a modern version of the program could potentially be capable of utilizing today's technology. A modern PARACEPT program could potentially be used to intercept and analyze encrypted communication signals, track the movements of individuals based on their electronic communications, intercept and analyze signals from drones and other UAVs, target and analyze signals from social media and other online communication platforms, and work in conjunction with other intelligence gathering programs and technologies to provide a more comprehensive view of intelligence targets.

Article by Ken Buckler, with significant contributions by ChatGPT. This article does not reflect the views of my employer or clients.

No, That's Not Your Credit Card Company Calling to Lower Your Interest Rate

Today I got a call that my phone flagged as "Scam Likely". Of course, being a good cybersecurity practitioner, I like to keep these people on the phone as long as possible, because every minute they're on the phone with me is one less minute they're scamming someone else.

The caller claimed to be from Discover, calling to lower my interest rate. Of course I don't have a Discover card, so I decided to play along. In the past I've always thought these were just credit card companies trying to get you to take out a card with them for a "lower rate". However, now that I know the truth I'm even more horrified.

In the several minutes I was on the phone, the scammer asked me a series of questions including if I knew the balance on my Discover card. I told her no, and said "can't you look that up?" Her response was to ask me for the credit card number of my Discover card. Wanting to keep her on the phone as long as possible, I gave her a test card number that would validate in her system as a real Discover card.  Of course if they try to use that card number at a retailer they're going to instantly get flagged for attempted fraud.

The scammer then asked for the last 4 digits of my social, as well as my billing zip code. I pushed back on the social a little, but she promised it was "just for verification purposes", so I gave her the last 4 digits of the test card number and she didn't even bat an eye. Then I told her I wasn't sure what my zip code was, but that I live in Washington DC. Then I pretended to be having connection issues and asked if she could call me back at another number.  Sadly I think she realized I was messing with her because she ended the call before I could give her a number to call - I was going to have her call the Maryland State Police just for laughs.

I am happy that my phone flagged the call as a potential scam, but I'm still worried that we're still fighting this issue today. For those not aware, scam call centers in India are a huge industry. These call centers prey on victims with various tactics, such as tech support scams, credit card scams, and even scams where the caller pretends to be with a local police department, demanding a bail payment for a loved one.

While many of us won't fall for these scams, some such as the elderly possibly will.  That's why it's important to share with them resources on how to recognize and prevents scams.

Ken is a cyber security professional with over 15 years experience. All opinions are his own, and do not reflect those of his employer or his clients.

Giving away my cyber security books to empower the next generation of professionals

The cyber security industry is struggling with a severe lack of talent right now, and even though this is one of the most exciting fields to start a career, many people are encountering barriers in gaining the initial knowledge, or trying to figure out if cyber security is right for them.

So effective immediately, I'm giving away all three of my cyber security books with any LeanPub Reader Membership.

Three great books, one low price. This bundle includes...

• "Death by Identity Theft", a guide to protecting you and your family against identity theft;
• "Hacking of the Free", a guide to digital threats to our elections
• "Cyber Security: Rules to Live By", an introductory primer to cyber security concepts

As a cyber security professional with over fifteen years experience, I couldn't be happier than LeanPub has enabled this opportunity for its authors and readers. Authors are still compensated for their work, and the number of books available to readers at an extremely low price point exponentially increases as more authors join the cause.

This is an exciting time for the cyber security industry and tech industry as a whole. LeanPub is helping break down barriers of entry for technology careers, and the timing of this shift is perfect. With LeanPub, we can truly help empower the next generation of cyber security professionals.

Ken is a Cyber Security professional with over 15 years of experience.  All opinions are his own, and do not reflect the opinions of his employer or clients.

Starting a New Chapter

What a long, strange trip it's been. For over 15 years now, I've devoted my career to supporting the Federal government through Information Technology and Cyber Security. That chapter of my life is now quickly coming to a close.

For quite some time now, I've kept my employers confidential due to concern over being targeted by foreign entities in relation to my work I've performed for various Federal agencies. It's been an interesting run, providing my expertise to Defense Information Systems Agency, Department of Veterans Affairs, the Census Bureau, and various private companies over the years. I've worked with state-of-the-art computer systems distributed across the country, as well as worked with computer systems which are actually older than me but still up and running (and I just recently turned 40).

Three books, and thousands of tweets later, and I still feel like I've only scratched the surface of the real depth, and scope, of the cyber security realm.

CISA Launches Catalog of Free Cyber Security Tools

In a big win for cyber security advocates, the Cybersecurity and Infrastructure Security Agency (CISA) has released a catalog of free cyber security tools for private and public sectors.

The list is organized to align with CISA’s recent advisory on:   

• Reducing the likelihood of a damaging cyber incident, including by preventing devices from connecting to malicious sites and scanning for security weaknesses and vulnerabilities, etc.   
• Detecting malicious activity quickly, including by deploying network intrusion detection and prevention, undertaking penetration testing, and improving endpoint detections.  
• Responding effectively to confirmed incidents, including through collection and analysis of malware and other artifacts. 
• Maximizing resilience, including by automating system backups and enhancing threat modeling. 

The catalog contains links to public sector resources, as well as free, commercially developed products from vendors such as Microsoft, Cisco, Google, and Splunk.

The full catalog can be accessed on the CISA.gov website.

Ken is a Cyber Security professional with over 15 years of experience.  All opinions are his own, and do not reflect the opinions of his employer or clients.

Lions, Tigers, Echo Chambers, and Imposters, OH MY!

For those unaware, yesterday Donald Trump's social media network "Truth Social" launched for iOS, with the Android app scheduled to come out, well, someday.  The launch of the social network has been met with expected reactions - conservatives celebrating its launch while liberals condemn it. Meanwhile, moderates like myself sit back and cringe, wondering how we got here in the first place.

Dissent, discourse, disagreements, and compromises are good for all of society. Originally social media was a free flowing, politically neutral environment where political discourse was welcome, and occasionally tempers flared. Unfortunately, in recent years, social media has become fragmented. Social media networks started removing political content, often leaning towards one side of the political spectrum or the other based upon the company's values.

Getting Gamers Interested in Cyber Security

Today I started a new mission - increase interest in cyber security through gaming.

It's a bold move - a lot of the cyber security related games aren't commonly streamed. But then maybe that's a niche that needs to be further explored.

For starters, I'm going to stream "Thief Simulator", which focuses on physical security, as well as "Uplink", which is a very unique game that simulates hacking computers.

As a Cyber Security professional who has worked my entire career from a defensive perspective, these games will give me and others a new look at security concepts and practices.

I invite you to come give it a like over on Facebook and see what neat adventures unfold!

Ken Buckler is a Cyber Security professional and lifelong resident of Washington County, MD. The opinions expressed in this article are his own, and do not reflect those of his employer or clients.

One positive from COVID-19 - I finally get to attend BlackHat - Virtual Attendance

One of the things I've always struggled with as a Cyber Security professional is that I'm typically too busy to take off work to attend conventions such as BlackHat.

However, thanks to COVID-19, BlackHat is being offered in a completely virtual format this year. As such, I can attend virually while still accomplishing my daily job duties!

There is a "free" option if you're interested.

Enjoy!

Ohio Unemployment Data Breach Victims - Claim Your FREE Copy of My Book "Death by Identity Theft"

In response to the news that the Ohio Department of Jobs and Family Services has suffered a data breach relating to their unemployment system, I'm giving away copies of my book "Death by Identity Theft" for the next 30 days.

Hacking of the Free - Learn the secret techniques used to influence YOUR vote in the 21st Century

After what seemed like an eternity, I'm happy to announce that my latest book, Hacking of the Free, is now available for purchase.

The Internet age has ushered a new type of warfare - digital warfare. This isn't just warfare among "hackers" gaining unauthorized access to computer systems, but a war to influence public opinion through data analytics, propaganda and "fake news". Waging a war against the minds of the people isn't a new strategy, but the Internet age has ushered in the ability to rapidly produce simultaneous attacks against democracy and free elections.

This book explores the digital threats our democracy faces in the 21st century, and how to guard against those threats.

This book will normally sell for $16.99, but I'm offering a launch special with an extremely low price. This price is so low, I can't even list it here, and will only be available until June 5, 2020.

To purchase, CLICK HERE to get access to this launch special, before it's gone!

Iowa Caucus - Are our elections secure enough?

Quite often, the appearance of a problem can be much worse than an actual problem.

The Democratic party is still licking their wounds after reporting inconsistencies as well as clogged phone lines causing reporting delays resulted in many questioning the validity of the Iowa Democratic Caucus for the 2020 Presidential primaries.

But first, how does a caucus work? Time has an excellent write-up of how the Iowa Democratic caucus was supposed to work this year. In a nutshell, the caucus works by having people physically move to different parts of a room based upon which candidate they support. If their candidate it determined to be a "viable candidate" (typically around 15% of those present), their vote is "locked in" and they're free to leave. Everyone who voted for a non-viable candidate must then choose to locate themselves for a viable one, or convince enough other non-viable candidate supporters to pick a non-viable candidate and make them viable. These numbers then get tallied and sent to a central reporting location, which releases the official caucus results.

So what happened? Long story short, the new mobile app which the Iowa caucus used for centralized reporting was plagued by multiple technical problems. But to make matters worse, the app was found after-the-fact to have multiple security vulnerabilities, including the lack of HTTPS encryption when transmitting caucus results as well as reports that the app would display error messages including SQL code, possibly paving the way for further vulnerabilities to be discovered.

To make matters much worse, manual reporting over the phone was then severely delayed by an organized "denial of service" attack of sorts - Internet trolls clogged the caucus phone lines to prevent reporting of results. This further delay of course resulted in many theories that the caucus had actually been hacked, though the Iowa Democratic Party has insisted the system was secure and only suffered from software glitches and clogged phone lines.

Unfortunately, the damage has been done. There are now many who believe nationwide, just like they believed in 2016, that the Democratic primaries are rigged and the party has already chosen the winner. The result? Voter disenfranchisement may result in lower voter turnout, which could prove disastrous at Federal, State, and local levels for the Democratic Party.

Ken is currently writing a book on election security and digital threats to democracy in the 21st Century. You can read more about his book at LeanPub.

All views expressed in this post are my own. This post does not reflect the opinions or views of my employer or clients.