Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Cybercrime groups are selling their hacking skills. Some countries are buying

Friday, February 26, 2021

Categories: ASCF News Cyber Security

Comments: 0

Cyber-criminal hacking operations are now so skilled that nation-states are using them to carry out attacks in an attempt to keep their own involvement hidden.

report by cybersecurity researchers at BlackBerry warns that the emergence of sophisticated cybercrime-as-a-service schemes means that nation states increasingly have the option of working with groups that can carry out attacks for them.

This cyber-criminal operation provides malicious hacking operations, such as phishingmalware or breaching networks, and gets paid for their actions, while the nation state that ordered the operation receives the information or access it requires.

It also comes with the added bonus that because the attack was conducted by cyber criminals who use their own infrastructure and techniques, it's difficult to link the activity back to the nation state that ordered the operation.

"The emergence, sophistication, and anonymity of crimeware-as-a-service means that nation states can mask their efforts behind third-party contractors and an almost impenetrable wall of plausible deniability," warns the BlackBery 2021 Threat Report.

Researchers point to the existence of extensive hacking operations like Bahamut as an example of how sophisticated cyber-criminal campaigns have become.

Originally detailed by BlackBerry last year, Bahamut uses uses phishing, social engineering, malicious apps, custom malware and zero-day attacks in campaigns targeting governments, private industry and individuals around the world – and had been doing so for years before being uncovered.

Researchers note how "the profiles and geography of their victims are far too diverse to be aligned with a single bad actor's interests", suggesting that Bahamut is performing operations for different clients, keeping an eye out for jobs that would make them the most money – and when it comes to funding, certain nation states have the most money to spend on conducting campaigns.

Not only does the client nation state end up gaining the access they require to hacked networks or sensitive information, it allows it to be done with a reduced chance of it being linked back to the nation state – meaning that it will potentially avoid consequences or condemnation for conducting attacks.

"Threat actor identification can be challenging for threat researchers due to several factors, such as overlapping infrastructure, disparate targeting, and unusual tactics. This is especially true when only part of a campaign is outsourced," said the report.

Bahamut has continued to be active since its initial disclosure last year, with campaigns targeting government agencies linked to foreign affairs and defence across the Middle East. The group has also been conducting campaigns against targets in South Asia, with a particular focus on smartphone attacks.

While protecting networks from determined cyber attackers can be difficult, there are cybersecurity practices that organisations can apply in order help keep intrusions out, such as only providing remote access to sensitive information to those who absolutely need it and constantly examining the network for unusual activity that would be classed as suspicious.

Photo and Link: Cybercrime groups are selling their hacking skills. Some countries are buying | ZDNet

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.