The Newseum & me

IMG_0886.jpg

Cybersecurity experts and the journalists who report on them often struggle to understand each other. That was the point of a recent event jointly sponsored by the Newseum and the Center for Media Innovation at Point Park University. We brought together experts, journalists and students to find points of commonality. The event highlighted some common concerns, which I address in my latest media column

 

WASHINGTON – They don’t even have the words.IMG_0879.jpg

Cybersecurity stories fill the headlines almost daily: The Equifax breach potentially compromised personal data of more than 140 million Americans — nearly half of us. Yahoo finally acknowledged losing email addresses and passwords for every single customer — about 3 billion accounts. We’re still waiting to find out just how much the Russians hacked into the 2016 general election .

We see such headlines so often that many of us have become numb to the potential risk. Worse, reporters covering these stories don’t always know how to describe the real danger — or how to separate legitimate threats from hyperbole. Too often, they lack the vocabulary, context and experience to converse with technical experts and convey meaningful alerts to the public. Instead, the public hears a wall of noise in which relatively minor events get similar billing to those that really threaten our lives. Read more…

This also turned out to be a great time for our students to take a look at the Newseum exhibits. After the event, we toured the museum’s FBI exhibit on cybersecurity, led by the Newseum Institute’s COO Gene Policinski.

IMG_0903.jpg

This also turned into an opportunity for David Hickton, the former U.S. Attorney for Western Pennsylvania, and me to revisit one of our favorite moments. The Newseum exhibit includes a photo of David and my frontpage story from the Tribune-Review on the day after federal prosecutors in Pittsburgh charged five Chinese military officers with stealing computer secrets.

IMG_0893.jpg

Advertisements

Pittsburgh’s place in cybersecurity

screen-shot-2017-01-03-at-10-29-31-amWith the Obama administration striking back at supposed Russian hackers and the Trump administration raising questions, Pittsburgh continues to remain at the center of much of this discussion.

When the White House named two suspected top Russian hackers accused of meddling in the president election, it identified Evgenii Bogachev. As a suspect, he’s already familiar to federal prosecutors in Pittsburgh: They indicted him in 2014 for running the massive GameOver Zeus scam.

David Hickton, the former U.S. Attorney for Western Pennsylvania, told me that he hopes the Trump administration will keep up the push to identify foreign hackers and hold them accountable:

“This is serious business and we realized this is serious business a long time ago,” Hickton told the Tribune-Review. “It’s not something we can put aside. We need to get to the bottom of this and resolve it.”

Separately, the Independent Journal Review raises some interesting points about cybersecurity and attribution. It linked back to one of my old stories to note that there’s not really any such thing as a totally secure computer:

 

“Really, the only safe computer is one that’s turned off and unplugged from the Internet, and even that may not be safe,” [J. Keith] Mularski told an audience at Carnegie Mellon University on Monday evening as he and co-panelists Nicolas Christin, an information systems security expert in CMU’s Cylab, and Pittsburgh Tribune-Review investigative reporter Andrew Conte debated the pros and cons of an increasingly wired world.

screen-shot-2017-01-03-at-10-29-13-am

Ransomware goes rogue

It’s bad when hackers lock up computers and hold them for ransom — but it’s about to get a whole lot worse. My first freelance article for the Tribune-Review delves into this frightening new world where hackers don’t want your bitcoin and they’re interested in deleting more than your files…

dt.common.streams.StreamServer

As bad as it seemed when hackers locked up computer systems at Los Angeles’ Hollywood Presbyterian Medical Center in February, demanding a $17,000 ransom, the attack could have been much worse, experts tell the Tribune-Review.

The cybercriminals used so-called ransomware that seeks victims through emails and websites, then locks their computer equipment until they pay a ransom.

dt.common.streams.StreamServer-1When a victim pays the ransom — typically in digital bitcoins — the thieves provide a digital key to unlock the system. Yet hackers who aren’t motivated by money could refuse to offer a key, said Brian Nussbaum, a former security intelligence analyst who teaches computer security at State University of New York at Albany.

“There is certainly the potential for you to have organizations where the data is simply gone,” Nussbaum said. Read the full story here.

Cyber warfare: Exclusive

I always love being the only reporter in the room.

When that happened again at the Journal of Law & Cyber Warfare conference in New York City, I landed exclusive interviews with top NATO experts planning for both future online wars — and the kind of ongoing cyber-skirmishes that we see with more frequency.

dt.common.streams.StreamServerNEW YORK — After President Obama publicly blamed North Korea for a computer attack on Sony Entertainment and vowed the United States would respond in some fashion, that country’s Internet service went out for more than nine hours.

No one knew whether the United States caused the outage. But if it did, the administration could have been justified in taking Continue reading

Getting sources on the record

An old, bearded photo of me hosting Essential Pittsburgh at WESA-FM.

An old (bearded) photo of me hosting Essential Pittsburgh at WESA-FM.

The thing about covering cybersecurity is that some of my best sources never want to be identified. They know just how bad things can get with hackers and so they stay out of the limelight. As they tell me, “You don’t need to name us. Just know we’re here working to keep people safe.”

That’s fine, but it doesn’t fill newspapers (or the Internet, for that matter).

I finally got three top cybersecurity experts in Pittsburgh to sit down with me for interviews. Because the moment was so rare, I told them I would do a story for the Tribune-Review — but I also wanted to know if they would do the interviews on Essential Pittsburgh, the daily talk show on WESA 90.5 FM, Pittsburgh’s NPR station.

A cool shadowy photo of FBI agent Chris Geary. Taken by the Trib's Stephanie Strasburg.

A cool shadowy photo of FBI agent Chris Geary. Taken by the Trib’s Stephanie Strasburg.

They all agreed. First, you can hear two Pittsburgh FBI agents — Mike Christman, assistant special agent in charge of cyber, and Chris Geary, who heads one of two Pittsburgh-based cyber investigations teams. They talk about growing up nearby and how they take threats to Pittsburgh companies as a personal issue.

Later, I interviewed Maria Vello, president emeritus of the National Cyber-Forensics & Training Alliance, a Pittsburgh nonprofit that tracks down black hat hackers — and that keeps such a low profile you’ve probably never heard of them. Maria’s description of the precautions she takes with her own debit card and online persona will freak you out. It did me.

images_0Finally, I talked with Peter Singer, author of a new fiction book (with nonfiction footnotes) about the consequences of a cyber attack on the United States. We figured that interview would round out a solid hour of cyber talk!

PA Bar Association journalism award

dt.common.streams.StreamServerJust found out the Pennsylvania Bar Association picked my cybersecurity reporting as the winner of its journalism competition for a special report/series. This is a big deal for the Trib and a nice recognition from a group of professionals that I respect.

The story looked at how hackers are targeting lawyers because they often have great information on their clients that is propriety, highly valuable and typically very well organized! The Bar Association plans to give out the William A. Schnader Print Media Award for Special Report/Series in November.

The Untouchables for the digital age

An inside look at an FBI hacker sting: Drinking Red Bulls to stay up all night. Posing as online criminals. Assembling an international hall of justice at Europol.

I had the rare opportunity to see behind the scenes as the FBI in Pittsburgh brought down the Darkode online black market. I spent some time with the Bureau as they disabled the network and then I had an exclusive interview with the undercover agents about how it went. The case ultimately involved 70 criminals from Brazil to Pakistan to the campus of Carnegie Mellon University.

J. Keith Mularski, the FBI cyber guy in Pittsburgh, once posed as the hacker Master Splyntr to take down a crime ring.

J. Keith Mularski, the top FBI cyber guy in Pittsburgh, once posed as the hacker Master Splyntr to take down a crime ring.

Assistant U.S. Attorney Jimmy Kitchen and two FBI agents from Pittsburgh sat two weeks ago around a large square table inside the ultramodern, glass-walled offices of Europol, Europe’s leading law enforcement agency.

The Pittsburghers were joined by top prosecutors and police officers from 20 nations. Some were familiar from FBI training they had done in Pittsburgh, and others had become friendly during the previous six months as they worked together to take down Darkode, a private online black market for hackers and criminals.

“It was like we were the United Nations,” Kitchen told the Tribune-Review in an exclusive interview. “We had our little placard in front of us that said, the United States, and every country had its own.”

Read more: http://triblive.com/news/editorspicks/8749274-74/agents-darkode-fbi#ixzz3g45WTx91

Then my colleague Mike Wereschagin jumped in when I needed help tracking down the local man charged in the FBI’s Darkode sting. Our boss Jim Wilhelm challenged him to come up with this killer lede…

Agents say this CMU student operated online as a hacker known as Android.

Agents say this CMU student operated online as a hacker known as Android.

A fresh-faced college student who once designed a mobile app to bring Pittsburghers together slipped from his prestigious Carnegie Mellon University classrooms into the shadows of the Web, where he sold a program that put thieves inside people’s pockets, federal authorities said Wednesday.

Read more: http://triblive.com/news/editorspicks/8749286-74/culbertson-fbi-android#axzz3fmxQzP3p