Saturday, May 31, 2014

Military Leave Scam (Facebook/Phishing)

[edit: I am removing the photographs on the outside chance that they are not really the pictures of the piece of trash who is pulling this scam].

I don't normally "dime" people out on non-life threatening things, but this has really got me ticked off as it's someone who messed with MY family!
An older scam appears to be resurfacing....the Soldier that needs help going on leave to be with you. A cousin of mine was hit with this and luckily she started to question everything he was saying and the pics he sent.

The scam is, in some version, a long-distance relationship with an supposed Officer in [pick your branch]. He really wants to take leave to come and spend time with you, but he is on a "secret/underground/important" mission and can't get free (time off) unless he has a replacement. So, he needs you to send an email to some General/Colonel stating that you REALLY need him to allow your boyfriend to come home for leave for some emergency. Plus, he also needs money and after you write his leadership, you'll get a "bill" of charges for his leave to come see you.

The guy that tried to scam my cousin is: He claims to be a USMA graduate, a CAPT in the 23rd Artillery Division (which isn't real). Says he is stationed at Red River Army Depot (but lives in California???), in this non-existent unit, sent my cousin a crack-head DoD ID card (looks more Chuck-E-Cheese), claims to be from Poland, Virginia, and/or England. Even worse, claims to be a hero/veteran. Pictures he sent her looked like UK/Aus/NZ uniform, although even those pics were wrong!

Also, his "official" Army email is an AOL address, which is NOT how the US Military does things, and his unit/CO email address is, again, NOT a valid military address, at least to my knowledge.

One of the last correspondences (see below) that she got from him/his "unit" detailed the following:
"He is a Captain, 23rd Artillery Special Ops located in TX based out of Red River Army Depot.  Leave to be his house or my house.  Was told he just needed a darn good reason from family.  Says has almost 20 years in.  Army saying they need pay for flight and replacement officer.  Underground mission was mentioned once."

 This guy is a SCHMUCK!!! put it nicely.
Since there is already a lot of information on the web about this type of scam, I am not going to go into much detail. However, I would like to post some pics of the emails and pictures that my cousin received from this loser!
Emails from "his Unit Leadership"



[Edit: Picture Removed]

[Edit: Picture Removed]

[Edit: Picture Removed]

[Edit: Picture Removed]

Of all the pictures he sent my cousin, one is my absolute favorite. He tried so hard to convince my cousin that this format was an alternate DEERs card!!! What a TOOL!!!!!!

[Update: More info]

Just wanted to add here that, after I read the records of my cousin's email and IM exchanges with this uber-tool, I am even more convinced that he needs, at least, a very large and long-lasting blanket party. In multiple messages he claimed to have "lost more men" during the previous night's "dangerous mission" outside of RRAD. It was obvious just part of his scam to try to get my cousin to worry about him and to try to get her to speed up the "leave payment" that his "unit" required. Jeez, I wouldn't mind whoopin' this boy one or two times!!!!

Monday, May 5, 2014

Annual Simulator Training

I watched an interested episode of Nova with the family the other night. It detailed issues with cruise ships and their sinking and compared similarities between disasters such as the recent Italian ship in which the Captain hit a BIG rock, the Titanic, and the Oceanos. A large part of the comparisons dealt mainly with the ships and the Captains. However, part of the episode dealt with crew training.

In the aviation world, at least in the US, pilots are apparently required to take annual simulator training. Maritime crews and Captains are not. Neither are Network Security professionals. Wait. What's this about annual simulator training for nerds?

It's simple least in my head; I admit that I may be foggy after having a Cinqo de Mayo dinner with the family at Chili's. But I think it makes sense, at least some sort of annual event for all types of network security folks, not just DoD exercises or SANS training courses....or even the rush to submit CPEs for your CISSP at the end of the cycle. I may be putting the majority of us nerds into the same container as I am personally, but here's my points:

1. I am frequently moving from one project to the next. Although some may have solutions in the same domain (pun intended!) as others, there is no one-size-fits-all, at least I haven't found it yet. In the last 12 months, for example, I have had to work out solutions using: flash, php, perl, python, bash, batch, PowerShell, new exploits and old exploits, etc, etc. Have you not had to do the same? I'm certainly not complaining, although it can be frustrating on job interviews if you haven't touched perl in 12 months and you get a specific question only to have the answer stuck on the tip of the tongue. :-(

2. What's old is new and what's new is old. While base methodologies and languages haven't changed a whole lot over the last decade, it's safe to say that solutions using said methodologies and languages, or some combination thereof, have certainly changed. Do you use the same type (or even the exact same) script for some task you've been doing over the last decade. I care to venture the answer is no...or at least I think it should be. For example, what I used to like to do in Perl or Batch/Bash scripts, I now like to do in PowerShell (and Perl and Batch/Bash). Some GUI tools even catch my fancy every once in a while. :-)

3. Who's the bad guy? He's not the same one he was decade ago. Probably not even the same he was a year ago (or it could be a she, to be fair!). Does the adversary (being he, she, or them) use the same tactics, techniques, and and methodologies as a year ago. Sure, beaconing will always be beaconing...but even this has changed over the years in terms of ports, protocols, services, encryption, data, etc, etc, etc.

4. Certification providers and requirerers (not sure that's a real world) have moved towards a demand for recertifying, annual training requirements, or a combination thereof. That's all fine and dandy and usually not that complex to satisfy. But, is it REALLY satisfying? If you took a SANS course last year just to learn something new and/or satisfy some CPE/CMU/C?? requirement, could you sit down today and perform even half of the tasks you learned. No...I don't think most people can unless that training was already a part of their job function or they found a way to incorporate it as such! Fact is our training and our knowledge, in any field really, is perishable. If you don't use it, you WILL lose it and that's the cold hard fact of the matter.

I have at least 15 different and specific skills/languages/tools listed on my resume. I can even talk to all of them to some extent. However, there is a number of them that I need to use the manpage for to refresh myself because of the perishability of the skills (and sometimes because the ever-so-slight differences between some scripting languages). I mention this not as a focal point of this post, but just a way to maybe bring the point home a little bit more, that we computer security nerds live a world that is as horizontal as it is vertical and our tools are as perishable as mayonnaise on the back porch on a hot summer day.

This brings me to the thought of "Annual Simulator Training" for computer security nerds. If we had, regardless of industry or threat, or better yet, tailored to industry and threat, an annual training on a simulator, wouldn't this in fact allow us time to re-learn, re-master, re-visit the tools we don't get to use often enough, or in ways that are challenging enough. I am sure that one of the two people who read this blog has already thought "Doesn't the DoD or USCYBER already do an annual training/simulation event?" The answer would be yes. However, the number of players in the "big" simulation is not a realistic sampling of the network security nerds inside the DoD/USCYBER complex itself. Not to mention, it's training only for this finite number of participants.

There are options available now in terms of simulation environments for network protection, detection, response, analysis, etc. But they are targeted to specific customers (read: If you have enough cash or credit, you can have a simulation network that works 50% of the time...if you're lucky!!!). Furthermore, as with the Captains and crews of marine vessels, there is no one specific requirement for annual simulation training in our field. True that there are the requirements of CPEs/CMUs and the opportunities that some individuals get based solely on there employment location and/or provider. However, I would argue that the private sector is as important as the government and public sectors in terms of how we are equipped to protect and defend. And if the level of importance is the same across the board, at least to all US interests (private, public, and governmental), then the training exercises and environments should be further extended to support annual simulation training for all of us network defenders and penetration testers! Furthermore, if these training capabilities were extended, this would allow for federal support/mandate of an annual simulation training environment.

Now, before anyone shoots me for thinking that I want the federal government to be "all up in our business," let me say this: I don't want them in our business, I want them to better support our business. I think in doing so, we all benefit regardless of sector. Furthermore, it might help stop some of the hair-brained, half-cocked, knee-jerk reactions that I see in terms of policy shifts and requirements development (why should baselines shift every time some CISO or some Colonel gets wind of some "new" threat?).

OK. I'm going to stop here and take a giant leap off of my soap box! Hope you enjoyed this episode (psychotic episode???) and stay tuned for a word from our sponsors. :-)