Thursday, December 12, 2013

CBTS chooses Wapack Labs and Red Sky Alliance for Cyber Threat Intelligence and Analysis

CBTS chooses Wapack Labs and Red Sky Alliance for Cyber Threat Intelligence and Analysis

CBTS's Advanced Cyber Security Team joins Red Sky Alliance


Share with Twitter Share with LinkedIn

Share with Repost.us

MANCHESTER, N.H.Dec. 12, 2013 /PRNewswire/ -- Red Sky® Alliance Corporation (Red Sky® Alliance) www.redskyalliance.org , the leading global information security collaborative cyber intelligence
and analysis firm, announced today that CBTS's Advanced Cyber Security team has joined the
membership, and will be partnering with Red Sky's Wapack Labs to supply targeted security intelligence a
nd analysis to CBTS and its customers. 
"As the security industry shifts to address targeted attacks, the CBTS Advanced Cyber Security team
is leading the way by delivering innovative products and services that enable customers to implement
intelligent analysis and adaptive defense based security programs that help businesses prevent,
detect and mitigate loss resulting from cyber assaults.   Our Red Sky Alliance membership coupled
with Wapack Labs' Threat Analysis and Intelligence services will ensure our customers have the
most up-to-date and accurate information," said Brian Minick, VP, CBTS.
"Wapack Labs has made great strides in identifying threat intelligence sources not readily available
to other companies, and has been analyzing the resulting data for almost two years. We opened
Wapack Labs in April, 2013 to help companies who might not be prepared, or legally allowed to
participate in the Red Sky Alliance collaborative. CBTS is a great partner who can deliver defensive
strategies built around Wapack Lab's intelligence and recommendations. We're very much l
ooking forward to working with them," said Jeff Stutzman, CEO Wapack Labs.
About Wapack Labs
Wapack Labs, located in the technology mills of Manchester, NH is a Cyber Threat Analysis and
Intelligence organization supporting Red Sky Alliance and others. The Lab offers expert level
targeted intelligence analysis answering some of the hardest questions in Cyber. The Lab
developed and hosts the Red Sky Alliance automated threat intelligence and analysis
databases (TIAD) and WhoisRecon. It has performed research, analysis and forensic for
dozens of global companies in hundreds of international locations. More information on
Wapack Labs can be found at www.wapacklabs.com.
About CBTS
The CBTS is a wholly owned subsidiary of Cincinnati Bell (NYSE: CBB). The company
combines the data networking capabilities of Cincinnati Bell with next-generation managed
services that provide companies with flexible solutions for end-to-end IT deployment.
The CBTS business model can help organizations increase productivity and operational 
efficiency while reducing costs and risks through solutions that focus on business continuance, 
compliance, security, and technology infrastructure. For more information, visit www.cbts.net
Media Contact:
Jim McKee, CFO
Wapack Labs Corp.
jmckee@wapacklabs.com
314-422-8185

Tuesday, December 10, 2013

FS-ISAC Leverages Wapack Labs to Help Protect Financial Services Members

Nice press release.. we've been wanting to figure out how to work with the FS-ISAC for quite some time, after supporting them during my days with DoD. This is a great group, and we're very much looking forward to the next year!

Jeff
PRESS RELEASE

Financial Services Member Organizations Will Benefit from Latest Cyber Threat Analysis and Intelligence Services from Top Provider of Targeted Intelligence Analysis

MANCHESTER, N.H., Dec. 10, 2013 /PRNewswire/ -- Wapack Labs Corporation announced today that it has finalized an agreement with the Financial Services Information Sharing and Analysis Center (FS-ISAC) to provide cyber threat analysis and intelligence services to the FS-ISAC membership in 2014.  Members of the organization include over 4,400 Banks, Credit Unions, Exchanges and Clearing Houses, Securities Firms, Asset Managers, Insurance Companies, Industry Utilities and Associations and Payment Processors.
"For over 14 years we have provided the latest cyber security intelligence to our members and this agreement with Wapack Labs enables us to enhance our offerings to our membership," says William Nelson, president and CEO, FS-ISAC. "We work with a limited set of high value partners that share our mission to protect our industry from the latest threats. We look forward to delivering to our members targeted intelligence analysis that can become part of each member's comprehensive risk reduction strategy."
Wapack Labs began operations on April 01, 2013, and performs tailored threat intelligence and analysis services for Red Sky Alliance Corporation www.redskyalliance.org, the leading global information security collaborative.  Red Sky Alliance serves global companies from cross-industries.  Wapack Labs current clients include one of the G-8 nations' National Level Computer Emergency Response Team. 
"Moving forward as a key threat analysis and intelligence resource for the FS-ISAC allows us to assist the global community of financial institutions, and provides a broader range of cyber situational awareness for our both those members and our clients," stated Jeff Stutzman, CEO at Wapack Labs.
Typically, the threat analyses provided by Wapack Labs assists users to protect themselves against future advanced persistent threats, insider risk, cyber-based fraud, and theft of banking and finance information.
About Wapack Labs
Wapack Labs, located in the technology mills of Manchester, NH is a Cyber Threat Analysis and Intelligence organization supporting Red Sky Alliance and others. The Lab offers expert level targeted intelligence analysis answering some of the hardest questions in Cyber. The Lab developed and hosts the Red Sky Alliance automated threat intelligence and analysis databases (TIAD) and WhoisRecon. It has performed research, analysis and forensic for dozens of global companies in hundreds of international locations. More information on Wapack Labs can be found at www.wapacklabs.com.
About FS-ISAC
The Financial Services Information Sharing and Analysis Center, formed in 1999, is a member-owned non-profit and private financial sector initiative. It was designed and developed by its member institutions. Its primary function is to share timely, relevant and actionable physical and cyber security threat and incident information to enhance the ability of the financial services sector to prepare for, respond to, and mitigate the risk associated with these threats. Constantly gathering reliable and timely information between its members, and from financial services providers, commercial security firms, government agencies, law enforcement and other trusted resources, the FS-ISAC is uniquely positioned to quickly disseminate physical and cyber threat alerts and other critical information. This information includes analysis and recommended solutions from leading industry experts. Please visit our website (www.fsisac.com) for additional information.
Media Contact:
Jim McKee, CFO
Wapack Labs Corp.
jmckee@wapacklabs.com
314-422-8185
SOURCE Wapack Labs Corporation
http://www.prnewswire.com/news-releases/fs-isac-leverages-wapack-labs-to-help-protect-financial-services-members-235252701.html


RELATED LINKS
http://www.redskyalliance.org
http://www.fsisac.com

Saturday, October 26, 2013

What is Wapack Labs? What is its relationship with Red Sky Alliance?

First, before I begin, I'd like to take a moment and announce the passing of one of our guys. Chris Wierda, one of the newer guys in the lab, passed away last weekend of a massive heart attack. He was 43, a heck of a nice guy, an Army Infantry vet. He'll be missed.

BT BT

I just sent a note to one of the sources we use in identifying information that might be of help to our members. If you've ever sourced folks, you'll know that even at 6:30 in the morning when you might otherwise be having your first coffee, you might still find yourselves quelling the "the sky is falling" messaging when every source feels their gouge is more important than anything else in the world today.

Why sources? Because cyber comes in all shapes and sizes.  This blog is a bit different. We've done some amazing work in the lab and I rarely tell anyone about it, so I thought I might today.

As a bit of clarification, Red Sky is about information sharing of good cyber intelligence and network defense. When our guys post information to Red Sky members, it comes from smart guys, but also from things that smart guys have developed in Wapack Labs. The idea in the lab is to both perform second and third level dedicated for those who need it, but also, we use it to find new sources of unusual, high value information, collect that information, and turn that information into actionable intelligence to support members of the Alliance. But in doing so, we almost always come across a ton of other really interesting information that we then distill down to answer other questions.  We have the ability to do computer forensics, analysis, break down PCAP, and all of the other things needed to be able to help defenders protect their networks --and we do. We work these issues and post findings for members in the Red Sky and Beadwindow portals. But at the same time, when going through these processes, data identified gives us a really great perspective on other problems.

And on that, it should be noted... Information isn't intelligence. Intelligence comes from being able to identify the nuggets in information that might be helpful in aiding decision makers on courses of future actions. This is what Wapack Labs does. Red Sky is where we put that intelligence. Wapack Labs is where we develop and analyze it.

What kind of intelligence are we talking about?  Cyber defense obviously, but also insider threats, competitive intelligence, M&A, and self examination as starters.  With enough smart guys (we're keeping it small), we could easily go into dozens of others, but these are really fun so we'll focus here for now!

So beyond the cyber that we push to the portal, here are a couple of examples of non-cyber focused work that we end up obtaining as part of the process:


  • Insider Threats: Last week we had the ability tell a global consumer electronics company that they have an insider threat problem. We had done research supporting cyber defense. This work that lead us to conversations (open source of course) of a specific group. One of the guys does security consulting work in a number of companies, and we had a conversation with one of them last week. This work has lead us to start an insider thread in the portal. 

  • Mergers, acquisition, or outsourcingWould you buy or use a company without doing due diligence?  Since earlier this spring, we've answered questions from companies about possible merger and acquisition targets, and this week we're being contracted for the third time to answer questions about a bunch of companies who're being looked at for large scale IT outsourcing by a non-member. The questions usually go something like "We're thinking about using tell us what you know about them."

  • Infrastructure: While not necessarily intelligence focused, the Lab has received a number of requests where companies want to know about themselves! Our last paper went something like this... "We've been through a number of acquisitions and divestitures. What do you guys know about our infrastructure?" We're not into mapping networks, but the answer might be more along the lines of "We found that you still have web servers and a DMZ residing ." -or- "we found a dozen or so of your addresses registered as VPNs with a (ahem) third party." (This isn't a good thing.)  Interestingly enough, there's a TON of open source, free information out there that can be used to find out about a company's infrastructure and if you know how, you don't need to even touch the network to find it and answer questions like this.

So if you've wondered what Wapack Labs does, but were maybe to shy to ask, this is what it does... cyber defense, R&D, analysis, and anything else we find fun, interesting (and of course, revenue generating!). 

BT BT

I'm keeping it short today. It's been a heck of a week! 

So until next week. 
Have a great weekend.
Jeff




Tuesday, September 3, 2013

The Collision of Privacy and the Digital Age

With so much to gripe about with the HITECH Act, I bet many people missed a real devil in its details.  Under the old HIPAA rules, a breach was considered an event that was defined as a disclosure that put an individual’s PHI at “significant” risk – gotta love  the specifics!  To make things a little clear, the HITECH Act alters the definition to a “presumption” that a breach of PHI has occurred if that PHI is improperly handled or disclosed.  This can be abated if the healthcare entity can prove that there was a “low risk” that the PHI was compromised.  Glad HHS cleared this up!

Technology in the healthcare sector is advancing rapidly.  Cloud, mobile, and other technologies are reducing costs, giving patients more options, and assisting healthcare providers in quickly identifying ailments.  As a security professional, I can attest that these technologies are not “low risk”.  The Act of simply transmitting data between vendors or simply being connected to the Internet is inherently risky. 

Large healthcare providers who have been dealing with HIPAA for years have a head start on HITECH compliance.  Mature security plans that safeguard data, IT teams, and dedicated security professionals are commonplace.  Because of this maturity, the larger organizations can leverage these new technologies and reduce healthcare costs putting them at a competitive advantage over the smaller service providers.  So what about the smaller providers?

All said the smaller healthcare providers have some unique advantages over their much larger counterparts.  For example, smaller service providers are less likely to have the volumes of patient data to manage, less network connections to protect, and a more intimate relationship with patients to help define the technologies that most benefit the patient and the provider.  Knowing the risk appetites for both the patient and the service provider are going to be crucial in how healthcare functions - a new dimension of the doctor-patient relationship.

To say the HITECH Act puts the business of smaller healthcare providers at risk may be an understatement.   The challenge will be leveraging new technologies yet keeping risks low enough to stay off HHS’s website for non-compliance – for sure a daunting challenge for the smaller service providers.  There will no doubt be a delicate balance between reducing costs and providing good service.  More importantly, as a new generation of connected patients comes of age, market forces will dictate that PHI be mobile and easily received.  Here are a few things to consider:

1)      Assess your current exposure.  Before you implement any new technologies, what new risks are you assuming by rolling out new technologies?  Map those new risks to your current risk mitigation plan and if you don’t have a plan, implement one!
2)      Transfer risk to your partners.  HITECH obligates a legal chain of accountability from one service provider to another.  Make sure you clearly understand the responsibilities of your partners, providers, and subcontractors if there is a breach.  Don’t get caught on this!
3)      Education.  Real security happens at the human level.  Educate your staff as well as patients to the implications of improperly using, transmitting, or handling PHI.  Humans are the weakest link in any security strategy but it is far better to have educated humans than those that “didn’t know” taking home a thumb drive with PHI on it was really bad!

With some forethought and planning, the future for small service providers is equally as bright as the large ones.  Wapack Labs knows the risks associated with technology and how those risks can be mitigated. We offer full security solutions for the small to medium service providers including HIPAA gap analysis, security architecture, digital forensics, and advance threat protection.   If you have any questions or comments, email me directly – rgamache@wapacklabs.com.


Rick Gamache is Partner and Managing Director of Wapack Labs.  Rick is a CISSP with over 25 years in the security sector and has served as an expert security auditor to the private and public sectors.

Monday, September 2, 2013

The Pocket Sized Attack



Back in July Reuters reported on warnings by a UN team regarding mobile device vulnerabilities.

Last week, I got an email notice from the Facebook gods that once again their policies were changing, among them some updates to language concerning what data you're sharing with mobile devices.

4 days prior to that, I saw this article in the New York Times about malicious software being installed by clicking on a video link.

And immediately prior to that, Red Sky and Wapack Labs came out with a Priority Incident Report in which it was stated:
"Kaspersky recently reported that five million Android devices have been infected with malware, through Google Cloud Messaging, which allows hackers to send update messages directly to applications installed on a device.[i] The malware is designed to steal the victims information including the phone’s contact list and is the most diffused agent in over 97 countries."

As I mentioned previously, one of the most common vectors that bad people use to get into the intellectual property of companies large and small is through you and your contacts.

Being able to hijack a contact list allows hackers to gain a treasure trove of information that otherwise would take multiple phishing attacks over long periods of time. Names, addresses, phone numbers, company info...all of which can be used in very specific social engineering.

I'm delivering a presentation in a few weeks to a group of concerned parents that are exactly the same as every other parent. They are concerned about their children and want to do everything they can to protect them. What makes this group intriguing is that they have extremely high net worth.

Does this make them any different than you and me? Not in the least.

Hackers will use any vector they can to get the information that they need. High net worth individuals tend to be in CXO type positions or have significant influence in their companies. If their children are not using safe online practices, it could expose the parent to attacks both physical and cyber.

These days, most parents will have their children listed as contacts and vice-versa (at least one would *think*). To the hacker, it's all about who is in your contact list and how that information can be exploited. They have no problem compromising a child's mobile device to gain access to home networks of powerful people.

For some reason, the folks that I speak to tend to believe that cyber attacks will only occur on their laptop or home computer or company network. They forget that the device that they hold in their hand is a 4 ounce key to their entire life, sometimes much more powerful and valuable than anything you may have on your daily PC.

Just because you can fit it in your pocket doesn't mean it is any less susceptible to compromise.

Stay vigilant, stay up to date with your security patches, and for goodness sake, don't click that sketchy Facebook video link on your phone.

Friday, August 23, 2013

Airports and APTs




I'm sitting here at Logan Airport waiting for a flight. Like a lot of folks, I am a people watcher. As the crowds float by, I am fascinated by human interactions. What I tend to notice more often than not is the complete and utter lack of personal security most adults display.

Humans by nature are very trusting individuals, and this is the crux of the problem, especially to those of us in the world of security.

Society dictates that we be polite to one another, and it is a common belief that in general people are not out to do us harm.

This statement, although primarily true, has a weakness: there are always people willing to do us harm. The Media makes a living off of reporting it.

As folks stand in line, I am often amazed by the amount of information that they give out: where they are going, who they are meeting, if they are alone, where they are from, what they do for a living, and on and on. This information, in the hands of a malicious person can be an entry point into your personal and professional data. If we are willing to give up our personal security to complete strangers at an airport, how can it be expected that we make a paradigm shift as a culture towards cyber security? How do we make people more vigilant in their ever increasing dependence on current technology?

Hold that thought.

So as I sit here in the terminal, I'm also reflecting on the notion of short term vs long term "pain". The website Hackmageddon lists current cyber security threats and there is always some interesting analysis to be found. For example, 57% of the cyber crime perpetrated last month is general financial theft, fraud, and the like. Only 4% of crimes in the previous month are the Advanced Persistent Threats: highly targeted industrial espionage attacks. This is where intellectual property of high profile companies is stolen, resulting is significant and negative financial impacts.

What kinds of intellectual property? How about the plans for your next phone or your next network-connected television or the control systems of your car? 

If you're more concerned about the 57% than the 4%, then we have some work to do. The short term cyber crime (credit card theft, etc) is painful for the individual. There is no doubt about that. However, losing the intellectual property that is driving this country's future innovation is hurting all of us at once and will lead to longer term national impacts.

So how does this all tie together?

Typically, hackers will use exploits in general human interactions and security practices to gain access to the networks that drive our companies.

Maintaining proper security practices is vital to keeping us all safe. If you're new to security and are reading this blog, you are well ahead of most individuals. One of the best ways to learn more is to actively engage with other people passionate about the same topics. That's what we do every day at Wapack Labs in the Beadwindow™ portal. Get in touch with us and join the conversations.

Friday, August 9, 2013

Silence Ain't Golden



I'm a gun guy.

I shoot frequently, I attend as much training as I can, I research gear incessantly, and I am constantly staying up to date on what is "best of breed" in the industry. I network with folks to get news on trends and understand why a product does or does not work. This social connection is the single most important influence in my purchasing.

I read books on tactics, mindset, preparedness, and avoiding violence in the hopes of one day being able to use that knowledge to help myself and those around me should I ever be in a situation where it is needed.

I owned a small profitable business. I am very active in social media. I have many terabytes of information stored across disk arrays in my house that make my electricity provider very happy.

I spent MANY years at a top networking company in the IT organization.

I own a big dog.

Nutshell, I take my environment and situational awareness very seriously.

Why is it then that until recently, I did not take the same precautions with my digital security?

Why? Because when I step away from my keyboard, I don't see anyone in my environment that can physically harm my equipment. And this is bad.

As a small business owner, I rely on my systems to work when I need them. I do not want to find myself in the Ron Burgandy-type situation of saying that "60% of the time, my credit card processing works every time"

I also do not want to leave myself open to unknown threats.

Now more than ever, SMBs are hosting their websites, card processing, customer data, and financials out in the cloud. Often times, these systems are secure at the individual account level, but what about the host themselves? Are they not subject to attack? Do you know the ins and outs of their disaster recovery or intrusion prevention strategies? No? How does that make you feel?

Let's suppose you are a brick and mortar retail owner that runs Quickbooks on their personal laptop in the office, and then goes home or to a coffee shop and surfs the web and checks email? You happen to unknowingly install malware. This vicious little bit of code then contacts a Command and Control server (CNC) and alerts the hacker that info is ready for the taking. From that point, you, your financials, and your customer data are compromised. Depending on the sophistication, your machine can then be used to penetrate others.

Point is, most small companies or individual businesses do not spend enough time considering the implications of the security of their data environment. They expect that their backups are being backed up by some geek in a closet, and if something goes wrong, they just get restored and running without a hitch. Unfortunately, most of us learn the hard way that this is far from reality.

As business owners, we host with companies that are recommended by friends. We use products recommended by peers. We read Amazon reviews religiously. Why is it then that we don't use the same peer group style of interaction to maintain vigilance over our digital world? Because we don't want anyone knowing our business.

This is where I have changed my point of view. As a life long student, I find that the best way to learn is to talk to the folks that have been there and done that. The people that are experts in their fields and are more than willing to give me advice to spare me pain. Freeing myself of my own ego in this regard has allowed me to learn more than I ever imagined.

The moral of the story:
As individuals, we spend an infinite amount of time and energy preparing ourselves for physical situations, but rarely apply the same consideration to our digital lives. We're afraid to reach out for help or talk to others for fear of appearing weak.

It's time to change that mindset. This isn't about being weak. It's about becoming strong. Take a look at what is going on over in Beadwindow® at Wapack Labs. These are the experts that can help and they are doing it by the best way we as humans know how: by talking to each other.

Join our conversations.

Wednesday, July 3, 2013

The Secret Lives of Computers

The Secret Lives of Computers:

The things you find in a digital forensic investigation




It is often asked “Why would I ever conduct a forensic investigation on a computer?!” Well if you are concerned about what people are doing on a computer (or cell phone), what is going on it, coming from it, or happening to it then it benefits you to conduct an investigation. A digital forensic investigation sounds like a big complicated procedure, but an initial examination can have a relatively quick turn around and give you plenty of information. In some cases involving white collar crime, a single investigation (with an affidavit) can be brought to civil court to produce injunctive relief or even settlements.

So let's begin to answer the mysteries of a computer investigation and see if it is something that would benefit you, your company, or legal situation. In a preliminary forensic investigation many questions can be answered if you are concerned about something specific, but typically we like to try and shed light on the following:

File Activity

No, unfortunately I can't show you files jumping around or being active, but I can show you creation, deletion, and modification. In most cases this file activity drives the rest of the investigation. When we plot out file activity on a timeline it begins to tell a tale of what was going on with the computer at the time. For instance if we see large file creation on a certain date, then that usually indicates things like installing programs or copying files from one place to another. If we see a lot of file deletion, then that could mean that someone is trying to “burn” or “shred” the evidence. If you couple large creation and deletion together then that could point to someone copying files from one place (let’s say your company’s network server) to the local system, copying off the computer (maybe to a thumb drive) and then wiping them clean. Or so they think.

USB Drives

USB devices are becoming more ubiquitous and increasing to incredibly large capacities. The amount of data that used to be contained in several servers is now placed onto one 2TB external hard drive. While their capacity is very large, their physical size gets smaller and smaller. Are you aware of all the things that your employees are carrying on a thumb drive? Very few companies implement a policy to control the flow of information to external devices. In my experience, a majority of my investigations have included someone plugging a thumb drive into their computer days, if not hours before they leave the company. Are you sure they only took their personal photos and music, or did they just clean out all of your client records and proprietary information?

Internet History

Internet history can sometimes be the most telling of all the information in a computer. How often do you go to work, log into your computer, and then go directly to Gmail and log into your personal email? Few companies restrict this type of personal access (although they may frown upon it). Today many applications and services are becoming “cloud ready”. This means that information is no longer stored on your local systems. Instead this information travels out over the Internet and is stored on some other company’s servers. Is it secure in travel? Is it safe when sitting on those servers? Many services like Dropbox also offer huge amounts of storage space for people to upload information to. An employee could easily upload information from their system, to Dropbox, and then access it from anywhere else in the world.
If you aren’t concerned about movement of data through the Internet, maybe you are concerned about what your employees are doing on their computers as far as spending too much time on Facebook or playing games. Plenty of HR people lose sleep over what is being done and said over things like Facebook or Instant Messaging. In many cases a computer investigation can collect and parse this type of information and even give you remnants of the pages that the person looked at. For investigations pertaining to harassment, chat logs can be collected and produced for legal counsel (in many cases even if they had been deleted).

Wait, there’s more…


These are just a few of the things that a standard preliminary investigation could offer you. If you have a concern about what is happening on your work or personal computers, then please give Wapack Labs a call to find out how we can help. Whether you are in HR, legal, IT, or own your own business, there are several ways that we could help put your mind at ease or solidify a legal action. Our certified and experienced digital forensic examiners can assist with almost any type of digital investigation. We specialize in helping even those that have never heard of digital forensics or are wary of technology in general. Don’t worry, we speak English too and won’t get overly technical! Wapack Labs is located in Manchester, NH and services all of New England. Call us at 603-606-1246, email me at dkirmes@wapacklabs.com, or stop by our lab at 250 Commercial St. Suite 2013.

Friday, June 21, 2013

Info. Security: Do you have the right people for the job?

Information Security:
Do you have the right people for the job?


When you have a problem at your house (or are building a new one), do you trust your general contractor to do the specialized and sophisticated work? If your pipes burst, don’t you want a licensed and experienced plumber to take care of it? If you choose a dedicated and specialized professional for these jobs, why aren’t you doing the same thing with your IT security? Why trust the same guy that plugs in your printers and keyboards with sophisticated work like managing your network security, protecting you against targeted attacks, and preventing your client and private information from being stolen?

In today’s digital landscape hackers are becoming more sophisticated and precise in their attacks. These attacks come from all corners of the internet: from China looking to steal proprietary intellectual property, from Iran looking to disrupt bank transfers, and from “hacktivists” like Anonymous and other groups. How can you depend on your IT group (either in house or consultant) to know and defend against all of these online threats? The reality is that you can’t. When it comes to information security, you need someone that has seen the threats first hand and knows how to protect against them.

Here at Wapack Labs we have experts with proven track records in the field. Our analysts and digital forensic examiners have years of real world experience protecting companies large and small from targeted and complicated attacks to their information networks.  Backed by the power of its parent company Red Sky Alliance, Wapack Labs is able to bring the knowledge and information sharing of Fortune 500 companies to the table to protect your network.



We know how to protect you and your data, and we have developed a layered solution that will make sure that you are secure from every angle. Here at Wapack Labs, we have developed the Socrates Solution (our own version of the Socratic Method). This solution combines information security protection from industry leaders into an easy to install solution that we manage for you! The impact to your company is minimal and you don’t need to train your current staff to operate or manage the equipment. Once a simple setup is done, everything is managed off site from our location in Manchester, NH. The Socrates Solution protects against threats from the outside at the perimeter (right where your modem is) all the way down to the individual workstation. If your business needs to conform to HIPAA, PCI, or Sarbanes–Oxley regulations then the Socrates Solution is for you and can give you Data Loss Prevention (DLP) to make sure that none of your personal and client information is getting out.


If you are concerned about your current security setup, or just have questions as to how we can help you, don’t hesitate to give us a call at 603-606-1246 or email me at dkirmes@wapacklabs.com

Friday, June 14, 2013

We are a week away from the official start of summer and things could not be going better here at Red Sky and Wapack Labs. This week we had the entire team from both the Wapack Labs and the Red Sky side in the office in Manchester, NH. This facilitated as both a meet and greet and as a “hive mind” to share ideas. This experience was wonderful and really let loose the creative energies of the whole team. Having such bright and driven people collaborating and creating great work product is both inspiring and satisfying when you can look back and see all your hard work pay off.

This week Red Sky Alliance saw a great milestone with our 50th fusion product. This consists of roughly 1000 pages of technical APT analytics covering 11 known and emerging threats. Along with the great analytic work that is being done here at Red Sky, we are also seeing steady growth in the membership. The new members we are bringing on help expand the information gathering and bring different types of industries to the table.

Also in the office this week were some of our interns that are participating in the Red Sky Institute. Our analysts are working hand in hand with these intelligent and aspiring individuals to show them the ropes of the Infosec world. The interns are eager to learn and have jumped in head first trying to learn as much as possible from our world class analysts. With their core academics from their respective Universities combined with Red Sky know how, it won’t be long before they are getting their hands dirty and shedding light into the darkest corners of the deep web.


Wapack Labs is also seeing some great strides in our products and analytics. Along with our current forensic and incident response investigations, we are also developing our Socrates security product. This product will be a turn-key solution for small businesses that are worried about network security –APT, targeted event, etc., as well as PCI and HIPAA compliance. The idea is that using this very lightweight MSSP model, Red Sky can test information gathered from the customers networks for the presence of what Mandiant likes to call evil, while at the same time broadening the ability to capture new data from this largely ignored business segment. We’re starting in New England and for those small businesses this is a great way to get big company protection using enterprise tools and an expert analytic capability at a small business price. This security platform is perfect for anyone accepting credit card information, we specialize in protecting patient information in your doctor office or client information with insurance companies and many, many more. 

Saturday, June 1, 2013

Breaking new local ground with Wapack Socrates!

This local Manchester market is very different from the national and global markets I'm used to. I have no problem picking up the phone and talking with the CISO of a Fortune 500, but the hair dresser who's running her own shop up the street? Damn. That's HARD! I tell the Fortune 500 CISO he's got problems with cyber actors, and he understands. We talk about full packet capture, finding the needles in the haystack of needles, and live over the wire investigations and he/she gets it. But the financial planner or the doctor, or the insurance agent, or the commercial banker, or the hair dresser up on Elm Street? They have no idea what cyber means to them, how it might affect their business, how to recognize it, or what to do about it even if they did!

We're on it.

Introducing Wapack Labs' Socrates services.
  
Wapack Labs will come to your company, install a sensor on your network, and diagnose any issues found. As an example, during our testing, we recorded over 4,000,000 scans on our test network and over 40 attempts to compromise our network --this was in 48 hours! Likely many of these were automated, but the automated attempts usually lead to a botnet infection --used to steal credit card data! As a larger company, this might not surprise you at all. In fact, the numbers probably sound small, but to the mom and pop on the corner, well, they need to know what it means. Wapack is a local company servicing not only the Red Sky Alliance, but also Elm Street. Forensic Services, Socrates, R&D, Analysis. We can help you too.  Derek does a great job on forensics, and is working through the Socrates build-out.  Interested in a trial? Drop us a note!

We've had a terrific week on the R&D side of the house. 

WhoisRecon: Wapack Labs created an analysis tool called WhoisRecon. WhoisRecon is a graphic analysis tool used to discover, provide a representation, and dynamically create relationships of  Whois searches individually or in batch. WhoisRecon is perfect for pen testers, analysts, and investigators! We introduced the beta WhoseRecon for our Red Sky Alliance team this week and testing is now open to the larger security community! Check out whoisrecon.com, or send us an email if you are interested in beta-testing. 

Red Sky Jive Chat: We posted our first screenshot of our new Jive Chat for the portals. It looks great, and the Jive community seems to have gone wild over it. We'll be looking for our first beta user beyond Red Sky for revenue opportunities soon.

Research and Development is going well. We're working on a threat intelligence and analysis database for one of the Red Sky members. We've automated many of the queries needed to pull in data from the right sources, and have gotten to a place where data is fairly normalized.








Saturday, May 25, 2013

"60% of small businesses close within six months of a cyber attack." - Don't be one of them!

"According to a recent study cited by the U.S. House Small Business Subcommittee on Health and Technology, nearly 20% of all cyber attacks hit small businesses with 250 or fewer employees. Roughly 60% of small businesses close within six months of a cyber attack." (Source: Forbes)

This is an amazing statistic. It's something we've been talking a lot about it our local Manchester, NH area. Having just opened in April, we've been doing our networking. For the last several years I've been working in and with large enterprise, global in scope corporations --both as an employee, and as a government Infosec worker --a director at the DoD Cyber Crime Center (DC3). This mostly home based from the Baltimore-DC area, but now, participating in the local ISC2 meetings and talking with the owners of local businesses instead of the CISOs of large companies, I've come to the realization that our government (at least DoD) really has no clue just how bad it is for small and medium sized companies. I recall a conversation with a CISO who told me that nearly 60% of their critical suppliers were companies with less than 25 employees!

So during my local polling at a local Chamber event, many of the companies had no idea what APT was, nor had they any idea that employees walking working from home, leaving the company, angry on the job (scheming to leave), building their own companies on the side, etc., can, and do take information from their current employer. And not only do they take information from their current employer, they often times use this information to compete. The Forbes article talks of an a company who continues to lose contracts to the same competitor, only to realize they'd left the employee's computer access turned on after he left.

Carnegie Mellon has a center that does Insider Threat studies. I did a bit of work with them a few years ago. They do case studies of insider threats --how do insiders break, steal, compete with their former employers either as they're heading out the door, disgruntled and terminated, or just plain through stupidity while still employed (I had an employee once who used our corporate web template to build his own website selling pianos!).  In nearly every case, interactions between HR and the employees managers could have helped prevent many of these issues. In all of these cases, monitoring employee computer use, notifying the employee that their system would be monitored during personnel improvement plans, during the last two weeks of employment, and post employment could have saved these companies a lot of heart ache, and more importantly, a ton of money.

So where does Wapack Labs fit?

Most small businesses have no clue what a forensic lab can do for them.

Wapack can tell you, with high levels of certainty, if employees are, or have stolen from you. We'll make two copies of the hard drive, placing an exact duplicate back in the machine. We'll place the original in our safe (for use in court if needed), and examine the second exact copy. We'll look at everything from outbound emails, to copies of files moved to external media (i.e.: USB sticks).

If you've got a problem employee, don't wait. Call us today for a free consult. We'll help devise a strategy that will help protect you from losses of insider threats. And if you get hit with an attack from outside of your company, Wapack can help with that too.

Happy Memorial Day!

Thursday, May 2, 2013


Your Company Is Walking Out the Door

Today just about every company in America has their vital proprietary information on computers. Everything from email, client lists, pricing models, to trade secrets is stored on company computers. In many cases those computers leave the office daily, or sometimes never show up onsite if the employee works from home. Even if your company utilizes the most rigid security rules and not a single computer leaves the facility, emails are still sent back and forth from smart phones. A lot of the time attachments can be saved directly from emails to the smart phones and then transferred on from there without the company’s IT department ever being aware.

This situation becomes even more precarious when you include companies that allow people to bring their own device (BYOD). In these situations company data often resides on the personal laptop or in a “cloud” solution where the data are available from any device connected to the internet. What happens when the employee leaves? Can you guarantee that nothing was stolen, deleted maliciously, or taken to a competing shop? Without conducting a proper digital forensic investigation by certified examiners you may never know what was taken. Even if your internal IT department does their due diligence in trying to determine a theft, without the proper forensic handling of the evidence, it may not be admissible in court.

Attorney Sid Leach from the law firm Snell & Wilmer wrote an excellent paper (“What Every Lawyer Needs to Know about Computer Forensic Evidence”) pertaining to the valuable information that digital forensic investigations reveal. Whether it pertains to fraudulent activities, non-compete contracts, harassment, or intellectual property theft, Mr. Leach explains that “A forensic examination of a departing employee’s laptop or computer workstation can provide a goldmine of information concerning what the ex-employee was doing”.

In my own experiences I have seen companies both large and small with employees leaving abruptly or on bad terms causing suspicions as to their activities. It is always in the company’s best interest to at least have a forensic examiner create a forensically sound bit-by-bit copy of the device before it is used by another employee. In these situations, even if your company doesn’t proceed with an immediate investigation, at least you have a court admissible copy to work from if anything were to arise in the future. Wapack Labs is a digital forensic firm based in Manchester, NH with certified and experienced digital forensic examiners to handle any investigation or discovery need. Contact us today to see how we can help you!

Saturday, April 27, 2013

Fully operational!

Wapack, while slow, is starting off nicely. Our lab is fully stocked and running its first pieces of analysis. This was our third week in operation at Wapack Labs. It's a great feeling, having our first pieces of work come through the door.
  • We kicked off the lab doing work a nice piece of development business that helped bootstrap the lab.
  • This week we received a set of drives sent to us by an IT consultant. We did our best for these guys. The array had died and the consultant had come to a point where they needed help. We were able to see and make copies of almost everything, and are working at pulling data off as we speak. Not everything will come off cleanly, but hopefully enough to allow their customer to keep operating.
  • This week we were asked to author a proposal for another piece of work through a local  law firm. Our proposal is in. Fingers crossed.
In Wapack, while we're not doing criminal work yet, we have capabilities that can help management, HR, corporate attorneys identify employee ethics/misuse, export issues, or privacy information losses. I used to do work with some folks at Carnegie Mellon who specialized in insider threats... one of the hardest threats to detect and mitigate. In almost every case, insiders used computers to send intellectual property outside of the company --for various reasons --maybe they were starting their own company, helping another, or selling data. Often times, these employees were on personal improvement plans, had been told they needed to find new employment, or maybe just saw the writing on the wall. In most cases, the employee misuse could have been identified before the employee left by simply monitoring use during the time when an employee was suspected, notified, investigated, or had been told they were being terminated.

After termination, many employees will delete information from their drive. This is not always a reason for concern. Wapack can, often times, restore data that had been deleted. We can, as well, help identify information that might be being sent out of a company before the employee is terminated. Sampling employee laptops, submitting terminated employee laptops for analysis, or placing restrictions on employee movement while under a personal improvement plan or termination notice are all considered good practice, and Wapack Labs can help. Give us a call!

-Jeff


Friday, April 12, 2013

Why use Digital Forensics? Let us help you solidify your case!

Why Use Digital Forensics?

Working in the digital forensics field has opened my eyes to many other professional practices. Specifically in my job I deal with a lot of lawyers, law firms small and large, and plenty of litigation protocol. One of the most interesting aspects of the law field to me and specifically when dealing with on-stand experts, is that you don’t ask a question you don’t already know (or think you know) the answer to. This important factor made me think: Why don’t more litigators use digital forensics in their cases? Having a certified forensic expert helping you in your case is like giving you the answers to questions you haven’t even thought about asking!

Recently I worked in Chicago where I collaborated with lawyers throughout the country who had various levels of experience with digital forensics and computer investigations. One of my most memorable cases was an attorney from a very small law firm in the suburbs of Chicago who dealt with Employment and Labor law. This attorney had come to me with ongoing litigation concerns about an employee who left a company and went to work for a direct competitor within a matter of weeks.  This employee had been in a position where they were privy to a lot of sensitive data about the company (product specs, pricing models, client lists, sales leads, etc.). While we already knew that the employee had violated their non-compete contract, counsel was worried that the business might have been harmed by the theft of this sensitive information. I was brought in to either put these fears to rest, or create a “slam dunk” case with empirical digital evidence.

Not long after our initial conversation where I addressed what kind of things we may find in a digital investigation, counsel was able to procure the work laptop from the company. Within a week of receiving the device I was able to image (duplicate the evidence to be able to work on a copy), parse, index, and analyze the entire system. Combined with a simple questionnaire from the client, I had a complete understanding of the activities on the system. In this case (as with most investigations) I focused on the employee’s last two weeks at the company. I was able to pin down that before leaving the company (and pretty much right before walking out of the door) the employee was attaching USB thumb drives to the system, and copying data to these drives. Along with the USB devices, I could see that through emails and by viewing his Internet history (Gmail, DropBox, LinkedIn) that the employee had been planning to leave the company for some time. The combination of the employee’s actions, coupled with solid digital evidence, proved that sensitive information was taken from the company laptop, and copied to personal devices. Information provided by digitial forensic examination of the laptop provided counsel with ample means to win their case.

The best part for me on a personal level was that this case was the first time the attorney had ever used a computer investigation. It provided me the ability to teach counsel exactly what we do, how digital forensic science is proven in court, and how best to phrase his questions and shape his case to present what we found. Not only was this his first case involving digital forensics, but it was my first deposition as well! That give and take provided a great working relationship for the case going forward and the follow on investigations that arose from it.

At Wapack Labs we are driven to provide that same level of service to litigators throughout the Employment and Labor, Intellectual Property, and Technology law practices. Give us a call to see how we can help! Find us online at http://wapacklabs.com/ or give us a call at 603-606-1246. Be sure to follow us on LinkedIn as well as this blog.