Posted By: ASK Posted date: July 21, 2017 In:Bottom Line IT No Comments
A fascinating story about how an internet cyber researcher uncovered a completely unprotected server holding highly confidential information on a joint project between the Department of Defense, NYU, and IBM. Mike and Amy discuss how this could have happened and the implications for business owners everywhere in this segment of the Bottom Line IT.
In late December of 2016, Adam was doing what he’s always doing, somewhere between hobby and profession: looking for things that are on the internet that shouldn’t be. That week, he came across a server, on NYU’s famed Institute for Mathematics and Advanced Supercomputing. It was connected to a backup drive that held confidential information on a code breaking machine. It contained dozens of documents with hundreds of pages detailing a project being administered by NYU, the Department of Defense and IBM, named “Winsor Green”.
“Winsor Green” is a password cracking system working together to come up with a highly sophisticated code cracking algorithm and software program designed to excel at the sort of complex mathematics that underlies encryption, the technology that keeps data private. It was intended for use by the Defense Department’s signals intelligence wing, the National Security Agency.
Adam, an American digital security researcher, deals constantly with digital carelessness but was nonetheless stunned by what NYU had made available to the world. He made his findings aware to NYU so the files could be taken down and the files were not made publically available. Thankfully, Adam is a “good guy” but we can only imagine what the ramifications would have been if these files were found by China, Russia or a major hacking network looking to do damage.
The biggest take away from this is, as a business owner, what do you have out there for the world to see? ASK routinely provides cybersecurity assessments for businesses and can detect open ports or devices with no password – or a basic, easy to crack a password. It is important to be aware of the risks out there. If you would like to find out more about a cybersecurity assessment for your business, contact us for more information on our Enhanced Security Services.
You can listen to the segment here:
FOR MORE INFORMATION ABOUT ASK
To learn more about ASK’s Enhanced Security Services and how we can help your business take the hassle out of technology, contact us today!