Guest Speaker:

Dean Marcis

Meet Dean Macris, instructor at the United States Coast Guard Academy for the Cyber Team. Learn about the Academy, the Cyber Team, Dean’s generalist approach to cybersecurity and information technology, and what it takes to enter the field!

Learn more about USCGA’s Cyber Team here: https://uscgacyber.com

Visit https://uscgacyber.com/about.html to learn more about the US Coast Guard Academy Cyber Team

SIM Hijacking Campaign by “The Community”

What Happened?
On December 1st, the US Department of Justice announced that they had caught and sentenced the last member of an international hacking group, known as “The Community”, who was responsible for a SIM hijacking campaign that stole millions of dollars from its victims. Garrett Endicott, a 22 year old resident in Missouri, was the 6th member to be arrested.

What did The Community Do?
How did they steal so much money? The Community would bribe an employee of a mobile phone provider to get access to the phones, or the Community would pose as their victim, call the person’s mobile phone providers customer service and ask that the phone number be switched to a SIM card that the Community controlled. This allows them to receive all of the various forms of two-factor authentication methods, including text messages, and phone calls to the community/s own devices. With this information, they can log into many of the victims accounts by resetting the passwords and/or requesting two-factor authentication methods that allow them to bypass security measures. This could be their cloud storage, their emails, accounts on websites, and more importantly, their cryptocurrency, also known as digital currency, exchange accounts! As a result of The Community’s hacking, people from all over the country were affected, and the amount of cryptocurrency lost was valued from under $2000 to $5 million.

Response

The FCC have come up with new rules in order to help fight back against these SIM hijackings. They proposed that the mobile phone providers needed to have more secure methods of authenticating a person’s identity before agreeing to any kinds of requests for a transfer from their service to a new phone or to another carrier. They also requested that there should be a new rule that would make it mandatory for providers to tell their customers when there was a SIM switch or a port-out request made on their accounts.

Credits to Images used in the Video

• https://cloudsek.com/sim-hijacking-an-imminent-threat-to-anybody-with-a-phone/
• https://medium.com/coinmonks/the-most-expensive-lesson-of-my-life-details-of-sim-port-hack-35de11517124

Relevant Terms

SIM Hacking:

• Subscriber Identity Module Hacking, where the victim’s cell phone number is taken from their device and transferred to the hackers device. All of the victim’s texts or calls go to the hacker’s device.

“The Community”

• A hacking group that used SIM hacking to steal millions of dollars in cryptocurrency

The Federal Communications Commission (FCC):

• They are in charge of handling international and interstate communications that use technology (including cable, wire, television, etc.)

Technology Corner – Password Protection

This show’s technology segment topic was password protection. Passwords are essential to protecting you online identity and safeguarding personal information.

In this segment we tested examples of passwords using a password strengthening tool: https://www.security.org/how-secure-is-my-password/

Using the password 12345 we see that this would be cracked instantly (see below):

Strong Passwords contain are long, complex, have symbols and numbers, and are hard to guess but easy for you remember. The password used below has over 16 characters and meets the requirements of a strong password. Notice that it would take 500 quadrillion years to crack this password.

How strong is your password? Check by visiting Security.org’s Password Strength Tool.
Visit https://www.security.org/how-secure-is-my-password/

Cyber Opportunities

BSides San Francisco

BSides San Francisco is a non-profit organization dedicated to expanding the knowledge of information security as they are hosting a two-day open conference! The BSidesSF conference is a source of education, cooperation, and ongoing discussion regarding information security. The date for BSidesSF 2022 is June 4-5, 2022!

This conference will be in person and tickets are currently on sale at https://bsidessf.regfox.com/2022 so you can join this amazing security community for two days of learning and excitement. If you also want to help out, BSidesSF is seeking volunteers as well! They will also update their website with further details later if you check them out at https://bsidessf.org/volunteer.

Rewriting The Code

Our next opportunity is perfect if you are a high school girl thinking of going to college to study computer science, cybersecurity, or information security. Monthly panels organized by college students will discuss their experiences and answer questions from high school females participating in Code.org and Rewriting the Code, which is an organization focused on helping college women majoring in computer-related degrees. Five monthly panels of Rewrite the Code women will share their perspectives. Make sure you register on rewritingthecode.org! The adjustment to college, internships, imposter syndrome, pay scales, gender gap, and many more will all be discussed. They will be hosting five panels! The first panel will be on January 26, and the following dates are shown below.

• 2nd panel: 2/23/2022
• 3rd panel: 3/23/2022
• 4th panel: 4/27/2022
• 5th panel: 05/25/2022

CyberStart America

Our final opportunity is to apply for scholarships and participate in CyberStart America! You get free access to a fun cybersecurity training game when you join CyberStart America! There are more than 200 interesting cybersecurity tasks where you may play as a cyber agent and solve cybercrime using genuine cybersecurity tactics. You can acquire practical cybersecurity knowledge by learning Python programming, cryptography, Linux, and much more just by playing. You can also gain valuable industry experience by completing tasks based on real-world cybersecurity scenarios. Simply by playing, you can win life-changing prizes that will assist you in finding a rewarding profession. If you complete as many tasks as possible in CyberStart, you may be eligible for scholarships from the National Cyber Scholarship Foundation! The National Cyber Scholarship Foundation is pleased to announce that in 2022, they will provide more than $5 million in scholarships for advanced cybersecurity training. To find out more information check out https://www.cyberstartamerica.org/ to register and apply for these amazing scholarship opportunities!

Visit: https://bsidessf.org/

Visit: https://rewritingthecode.org/

 
Visit: https://www.cyberstartamerica.org/