Weekly Security Roundup with Clinton Pownall

By Clinton Pownall
 President & CEO
 Computer Business

Hackers Leak 8.4 Billion Passwords … World Population is 7.8 Billion. As the world is still reacting to a rash of high-profile cyber attacks, including the recent hacking of JBS, the world’s largest meat packer, the Colonial Pipeline attack, and the massive SolarWinds breach, CyberNews reports a mind-boggling figure. “What seems to be the largest password collection of all time has been leaked on a popular hacker forum,” the article reads. “A forum user posted a massive 100GB TXT file that contains 8.4 billion entries of passwords, which have presumably been combined from previous data leaks and breaches.” The global population for 2021 is estimated to be 7.8 billion. Most computer users have far more than one password, and the list is an accumulation of breaches going back some years, but the thought there are more breached passwords than human beings is astonishing—in a very disappointing way. CyberNews provides a leaked password checker, noting that a security hash is used to prevent your inquiry from being added to the billions of leaked passwords.

“Are We Waiting for Everyone to Get Hacked?” That’s the headline of a recent New York Times interview with Leon Panetta, former Secretary of Defense, and former Director of the Central Intelligence Agency, who voiced the question in frustration with the growing number of, and severity of, cyberattacks on U.S. organizations. Nearly a decade ago, Panetta tried to sound the alarm for cyber threats, warning of an impending “Cyber Pearl Harbor.” At the time, some criticized him for comparing the threat to the Pearl Harbor attack that brought the U.S. into World War II. The New York Times quotes Panetta as saying: “They said you should be very careful about using that word, and my response was, ‘Call it whatever the hell you want.’ It’s a national security threat. Don’t try to fool yourself that somehow, just because you don’t like the words, the threat is not real.” He is still sounding the alarm about the enormous threat of cyberattacks, telling The New York Times: “It’s like there’s a fire and you’re ringing a bell, but the fire department doesn’t show.” There’s an old adage: “Think globally, but act locally.” That fits well with Panetta. Concerned that the family Lexus connects to the Internet, and could be hacked, The New York Times reports: “A few years ago, he fixed up his dad’s old 1951 Chevy truck, and that is what he uses to get around. When he does drive the Lexus, he has careful instructions for his passenger: “I tell my wife, ‘Now be careful what you say.’”

“America’s Military Is Urged To Hack Back.” That’s from a recent headline for a Forbes article on successes by the FBI in hacking cryptocurrency accounts to recover extorted funds. The article describes what it terms a “previously unreported court document” detailing how the FBI last year was able to seize $455,000 from a cyber currency account as part of its investigation into a ransomware group based in Eastern Europe. The article notes that some would like to see more such aggressive actions. “When I was at U.S. Cyber Command, our mission was to defend the nation in cyberspace. And we talked about defending against nation state attacks,” Brett Williams, former director of operations at the Pentagon’s U.S. Cyber Command and cofounder of IronNet Cybersecurity, told Forbes. “I think we’ve got to expand our view of how we use… our offensive capabilities, how we use our ability to go after the attackers where they live. … Our job has to be to go after the attackers who have a strategic impact on our country.”

U.S. Senate Asked to Consider Best Way to Fight Cyber Criminals. Reuters reports U.S. Senate Majority Leader Chuck Schumer is initiating a review of recent high-profile cyberattacks on governments and businesses to find out whether a legislative response is needed. “Today I am asking Chairman Gary Peters of our Homeland Security Committee and our other relevant committee chairs to begin a government-wide review of these attacks and determine what legislation may be needed to counter the threat of cybercrime and bring the fight to the cyber criminals,” Schumer said. The article notes Schumer is also seeking a $500 million increase in the U.S. Cybersecurity and Infrastructure Security Agency’s budget in response to recent ransomware and other cybercrime incidents.

“Cyber Standards are Key in Battling Ransomware Attacks.” The development of a set of cybersecurity standards—similar to the generally accepted accounting principles (GAAP) that businesses use for financial information—could go a long way in arming companies with more options when it comes to cybersecurity breaches and make them more likely to report when these events happen, according to cybersecurity experts interviewed by CNBC. “In accounting we have GAAP, which is a body of work built up so that when you’re looking at a company’s books and numbers, you know what they mean,” said Michael Daniel, President and CEO of the Cyber Threat Alliance and a former cybersecurity coordinator on the National Security Council Staff under President Obama. “Similarly, in the physical world, there are standard, expected security protocols that are fairly universal. A business will routinely install cameras, a fence, and locks on the gates at a plant, manufacturing facility or distribution center. We do not have similar standards in cybersecurity.” Jamil Farshchi, Chief Information Security Officer for Equifax, agrees. “In most of the attacks we’re seeing today, cyber attackers are taking advantage of failures in fundamentals,” Farshchi said. “Unfortunately, the reality is that few companies have made the level of investment needed to combat today’s cyber threats.”

Clinton A. Pownall is the President & CEO of Computer Business Consultants and has been in the IT field since 1990. Pownall served in the U.S. Navy for six years as a Weapons Systems Technician and has a Bachelor of Science in Computer Engineering. Through Computer Business, he was one of the first to pioneer VoIP technology using satellite communications. He is a member of the Florida Police Chiefs Association, and advises law enforcement agencies on cyber security. Pownall serves on several boards and committees and has a strong affiliation with various arts and education groups, local school districts, and served in regional efforts of the Bill & Melinda Gates NextGen Foundation. He’s served as a Vice President of the Board of Director for the Orlando Shakes Theater and is heavily involved in the South Lake Chamber of Commerce, West Orange Chamber of Commerce, and the Orlando Economic Partnership.