All Posts By

avery@greymarketlabs.com

The New Battlefront 101: Propaganda

By | Cyber Warfare | No Comments

Information Warfare

Propaganda

While misinformation and disinformation focus on the spread of false or inaccurate information, propaganda focuses on the spread of an idea or narrative intended to influence, similar to psychological or influence operations[1]. When people think of propaganda, they typically think of elections and people creating content about a candidate that is meant to harm or help that candidate. Another form of propaganda is getting people to access information that they aren’t supposed to have. In countries like China or Russia that have controlled media, pushing information that is considered “censored” information by the government is a form of propaganda. This information could be news sources or simply information platforms.

Russia just announced that it would block Instagram, expanding its social media crackdown that had already cut off access to Facebook and restricted Twitter[2]. Creating a way to allow Russians to access Instagram and other blocked social media and news sites will enable them to gain access to information that the government doesn’t censor. This ability to access censored information is propaganda in a non-traditional sense because it is meant to influence the viewer.

Every day, we are bombarded with propaganda – from political messaging to advertising campaigns, and there is no escaping it. We can combat the negative impacts of propaganda by increasing our awareness of the information around us and self-awareness about how we respond to it. Disinformation Nation (https://disinformation-nation.org/combat-propaganda) describes three effective strategies for combating propaganda centered around awareness and self-awareness. In brief, these strategies are

  • When you feel yourself emotionally react to content (e.g., outrage, fear, vindication, etc.), pause. Check the facts. Consider whether the content is worth sharing before sharing it.
  • Be aware (and as much as possible in control) of how you are tracked online. All the major content platforms recommend content they believe you will click on based on your past behavior. When you curate what information they have about you, you can limit the amount of propaganda you are exposed to.
    • User privacy valuing browsers (e.g., Brave and Firefox) and search engines (e.g., DuckDuckGo) to minimize your digital footprint.
  • Expand the diversity of viewpoints that you expose yourself to. This allows you to see when the content that you agree with is trying to exploit your beliefs. All content is biased, so seeing the other biases on a topic will enable you to form well-rounded, intellectually robust opinions instead of simply adopting the opinions of others.

 

***The next article in The New Battlefront 101 series will discuss how cyber attacks on institutions effect people beyond just the company or organization.

___________________________________________________________________________________

Grey Market Labs® is a Certified B-Corp founded with the mission to protect life online. Our Replica™ platform orchestrates, automates, and secures Environments-as-a-Service, making organizations more protected with our patented privacy and Zero Trust architecture and more productive by increasing access to critical data, tools, and workflows simply, on-demand, anywhere. Replica™ support of dozens of use cases that span industries: from disrupting fraud on the dark web, to supporting military operations, combatting human trafficking, and enabling trusted data sharing in healthcare. 

Grey Market Labs® is the first cybersecurity product company recognized as a Certified B-Corp organization.

Contact us to see how we can work together.

Grey Market Labs Named as a 2022 Moxie Award Finalist

By | Company News | No Comments

Grey Market Labs is pleased to have been named a finalist in the 2022 Moxie Award in the category of Cybersecurity. This prestigious award recognizes companies and organizations in the Washington, D.C. metro area that demonstrate Boldness in Business.

This is the first year that Grey Market Labs has been selected to be a finalist for the Moxie Award.

“I want to congratulate our team for enabling us to be recognized among the boldest and most innovative business in D.C.” said Kristopher Schroeder, CEO. “Looking at the other finalists in our category, many are larger or have been around longer, but none have combined cutting-edge patented tech and cyber security products along with our social mission as a certified B Corp. This commitment to doing more in our community and world motivates the team at Grey Market Labs and provides the north star for all our decisions. It truly has made the difference in our growth and success.”

Finalists were recently announced by Katie Jordan, the 2022 Moxie Award chair. “This year’s finalists truly represent the spirit of Moxie and we are excited to help tell the stories of how they have persevered through a difficult time and continue to innovate,” Jordan said. “We look forward to revealing the winners at the 2022 Moxie Award celebration on October 26, 2022, at The Ritz-Carlton in Tysons Corner.”

A complete list of finalists can be found at https://moxieaward.com.

___________________________________________________________________________________

About Grey Market Labs

Grey Market Labs® is a Certified B-Corp founded with the mission to protect life online named one of Inc Magazine’s fastest growing companies. Our patented Replica™ platform orchestrates, automates, and secures Environments-as-a-Service, making organizations more protected with a Zero Trust isolation architecture and more productive by increasing access to critical data, tools, and workflows on-demand, anywhere. Replica eliminates the cyber risks of old, establishes a resilient architecture that self-heals, and automates the complexity of cloud and orchestration, reducing IT burden by over 99.7%.

About Moxie Award

The Moxie Award program is a night full of celebration and connections, honoring the accomplishments and achievements of growing businesses, nonprofits and associations in the DC metro community. Organizations are recognized for having demonstrated boldness and innovation as an integral part of their growth strategy. These outstanding organizations not only help make the DC metro area a great place to do business, but also an incredible place to live, thrive and play.

The New Battlefront 101: Cyber Attacks on Individuals

By | Cyber Warfare | No Comments

Cyber Attacks on Individuals

Individuals can be dramatically affected by cyber attacks and the resulting effect on their identity can be detrimental. Through cell phones and tablets, cybercriminals find it easier to access personal information. This information is collected, used, sold, or released depending on the information gathered. Celebrities and politicians are top targets for directed cyber attacks, but everyday people are also targeted. Most people have heard of celebrities’ nudes being released or politicians’ private affairs being published to discredit or embarrass them. However, everyday information is gathered from unsuspecting individuals, including bank account information, passwords, or additional personal information. Cyber attacks can occur in many ways, including[1]:

  • Access your personal computers, mobile phones, gaming systems, and other internet- and Bluetooth-connected devices.
  • Damaging your financial security, including identity theft.
  • Blocking your access or deleting your personal information and accounts.
  • Complicating your employment or business services.
  • Impacting transportation and the power grid.

When a cyberattack happens, the cybercriminal could take out loans, incur credit, accumulate debt and then flee without a trace. Leaving the individual to rehabilitate their identity through years of work while dealing with bad credit and financial instability. While companies can insure themselves against cyber attacks, individuals are more open to direct impacts. To limit the risks of a cyber attack, individuals should[2]:

  • Implement multi-factor authentication on your accounts and make it 99% less likely you’ll get hacked.
  • Update your software. Turn on automatic updates.
  • Think before you click. More than 90% of successful cyber-attacks start with a phishing email.
  • Use strong passwords, and ideally, a password manager to generate and store unique passwords.

Grey Market Labs Engineer, Emily Kresho, advises that “the keys to avoiding a cyber attack are prevention and education. Individuals should take advantage of antivirus software, virtual private networks (VPNs), a device’s built-in privacy settings, and other prevention methods. It is also important to research common and current cyber attack methods so they are easier to identify. An article might point out a popular technique used by attackers, and the next day you might notice that technique in a suspicious email.” Vigilance is the form of defense against cyber attacks. Keeping an eye on your accounts to catch any unknown or suspicious activity can stop cyber attacks before they get full access to your information.

 

***The next article in The New Battlefront 101 series will discuss how propaganda is used in information warfare to shape opinions.

___________________________________________________________________________________

Grey Market Labs® is a Certified B-Corp founded with the mission to protect life online. Our Replica™ platform orchestrates, automates, and secures Environments-as-a-Service, making organizations more protected with our patented privacy and Zero Trust architecture and more productive by increasing access to critical data, tools, and workflows simply, on-demand, anywhere. Replica™ support of dozens of use cases that span industries: from disrupting fraud on the dark web, to supporting military operations, combatting human trafficking, and enabling trusted data sharing in healthcare. 

Grey Market Labs® is the first cybersecurity product company recognized as a Certified B-Corp organization.

Contact us to see how we can work together.

Kristopher Schroeder Graduates from MissionLink’s Spring 2022 Cohort; Joins Esteemed Alumni Network

By | Company News | No Comments

Arlington, VA—May 24, 2022—Grey Market Labs, a Certified B-Corp founded with the mission to protect life online, is proud to announce that Kristopher Schroeder, CEO, has graduated from MissionLink.Next, an exclusive nationwide network that serves as a force-multiplier and gateway to accelerating innovation and advancing solutions to National Security threats.

Founded in 2010, MissionLink’s mission is to connect passionate problem solvers with next-gen, mission-critical capabilities in NatSec tech to the right resources, customers, investors, advisors and partners to solve the rapidly evolving national security concerns across commercial and federal sectors. For more than 10 years, MissionLink has been on the cutting edge of National Security and is recognized as the organization that has most captured the timeliness and immediacy of the latest security developments, discoveries and breakthroughs.

“We are proud to welcome Kristopher Schroeder into MissionLink’s esteemed alumni network,” said Andy Lustig, cofounder and Organizing Board member of MissionLink.Next. “Our objective is to seed and accelerate innovation across the country, from Washington DC to Silicon Valley, and bridge enterprise and national security missions with dual-use commercial capabilities – and the Spring 2022 cohort is certainly representative of the innovation and momentum happening in NatSec tech.”

Kristopher Schroeder was selected by world class technologists and thought leaders that serve on MissionLink’s Board of Advisors, such as Will Grannis, CTO of Google, and Ron Gula, cofounder of Tenable Network Solutions, to participate in the Spring 2022 Cohort. Throughout the program, cohort members attended a series of events, led by notable speakers such as Dr. Michael Capps, CEO of Diveplane and former founder of Fortnite/Epic Games; Chris Gladwin, CEO of Ocient and former founder and CEO of Cleversafe; Dawn Meyerriecks, former Deputy Director of CIA; Gus Hunt, former CTO of CIA; and Michael Morell, former Acting Director at CIA. Upon completion, cohort members now join a powerful alumni network of more than 500 CXOs; many of which credit MissionLink with providing their company with the game changing access, insight and opportunity needed to drive meaningful growth and impact to their industry and customers. Grey Market Labs now joins the ranks of successful MissionLink alumni which include the founders and CEOs of Rapid7, MAG Aerospace, Cofense, Altamira, Cloudera, Cylance, Crowdstrike, Novetta and Dovel Technologies.

Jeremy King, cofounder and Organizing Board member, also commented, “National security’s mission has become much broader and is rapidly evolving, and the need for collaboration between the government and commercial sector is critical now more than ever. For decades, the answer was ‘public-private partnership’ – we believe it is now time to empower industry innovation and facilitate ‘private-public partnership.’ MissionLink has become the most exclusive room in the country to learn, share and contribute to the thought leadership and innovative technologies for what happens Next.

The MissionLink Organizing Board includes Jeremy King of Benchmark Executive Search; Matt Devost of OODA Inc.; and Andy Lustig and Katherine Ferguson of Cooley LLP. MissionLink is backed by an elite advisory board comprised of the best and brightest minds from the defense, Intelligence and NatSec tech sectors who are deeply committed to building a strong ecosystem for success – including Sue Gordon, former NGA and CIA; Bill Crowell, former NSA; Charlene Leubecker, former CIA; Bob Gourley, former CTO at DIA; Bryan Ware, former DHS; Ron Ritchey, Chief Cyber Architect at JP Morgan Chase; Ellen McCarthy, former Department of State; Fran Landolf, former NSA; Cyndi Gula and Ron Gula of Gula Tech Adventures; Will Grannis, CTO of Google; Jen Sovada of Sandbox AQ; Lt Gen Rhett Hernandez, former Chief of Army Cyber Command; Peggy Styer and Jack Kerrigan of Razor’s Edge Ventures; Tim Newberry, Entrepreneur in Residence at TenEleven Ventures; Wes Blackwell, Partner at Scout Ventures; and Constantine Saab, Partner at Valor Equity.

 

___________________________________________________________________________________

About Grey Market Labs

Grey Market Labs® is a Certified B-Corp founded with the mission to protect life online named one of Inc Magazine’s fastest growing companies. Our patented Replica™ platform orchestrates, automates, and secures Environments-as-a-Service, making organizations more protected with a Zero Trust isolation architecture and more productive by increasing access to critical data, tools, and workflows on-demand, anywhere. Replica eliminates the cyber risks of old, establishes a resilient architecture that self-heals, and automates the complexity of cloud and orchestration, reducing IT burden by over 99.7%.

About MissionLink.Next

MissionLink.Next is a non-profit trade association and exclusive network that includes decision makers, government leaders, top founders and CEOs from across the US who are building the most cutting-edge mission critical capabilities in cyber, AI, virtual reality, IoT, space and quantum science. MissionLink.Next companies are addressing the next generation of threats across national security, healthcare, financial services, ecommerce, social media, life sciences, automotive and transportation, logistics, supply chain, manufacturing and critical infrastructure. Backed by an elite advisory board comprised of the best and brightest minds from defense, Intel and homeland security sectors, MissionLink’s trusted innovation ecosystem fosters access, insight and opportunity to bridge enterprise and national security missions with dual-use commercial capabilities. For more information, please visit the MissionLink.Next website.

The New Battlefront 101: Disinformation

By | Information Security | No Comments

Information Warfare: Disinformation

 

The Problem:

Disinformation is a type of misinformation where someone shares data that they know is incorrect in order to influence individual, group, or public opinion or obscure the truth.  Disinformation may include distribution of forged documents, videos, manuscripts, and photographs, or spreading dangerous rumors and fabricated intelligence.  China has been a major player in the disinformation strategy.

  • China created a “keyboard army” that is a large group of Chinese citizens paid to monitor the internet and influence public opinion on a massive scale online. The end goal is to aggressively defend and protect China’s image overseas[1].
  • Spamouflage Dragon is a pro-Chinese political spam network that camouflages their political messaging with innocent content (showing, for instance, cute animals and dancing girls)[2]. The innocent content creates simple clickbait, but once people click, Spamouflage Dragon shares their political message.
  • Another tactic is fake or hijacked social media accounts, where those accounts become the nexus for disinformation. China’s “wolf warrior” diplomats aggressively defend their home country online through building an audience with viral content, leveraging the influence networks of other autocrats, manufacturing the appearance of popular backing, posting conflicting conspiracy theories, and using ‘positive’ content to drown out criticism[3].

Disinformation contains false or out-of-context true information but the key components are that it always carries a malicious intent, it is deliberately deployed, and often part of a larger influence campaign. These longer term campaigns are often pushed over an extended period with concrete and continuous efforts with the “Big Lie” playbook being a good example. The six stages of media manipulation in the “Big Lie” – from Campaign Planning, to Seeding Information, Eliciting Responses, Adjusting Tactics, then restarting the cycle again and again.

Possible Solutions:

Understanding that first stage (the source and their intent) can go a long way in tackling the disinformation. First, always confirm the information from multiple reputable sources. Secondly, find out who benefits the most and how they are related to the spread of this information. These two questions can go long way with tackling the disinformation. If you don’t know who is pushing the information and whether it’s a true or not, you know it’s not trustworthy.

Combating disinformation at a national level is a hard problem to solve. However, it is possible with time and strategic approach. Grey Market Labs Engineer, Dhaval Vyas, states that “education is a key when it comes to combating disinformation. A well rounded education teaches critical thinking skills, which are extremely helpful with the identification of disinformation. Younger people are particularly vulnerable to fake news and disinformation. Therefore, developing critical thinking skills early on and teaching an ability to manage propaganda, fake news and disinformation effectively can go long way in combating disinformation.” However, this is a longer process.

The technology has amplified the problem of disinformation; however it can also offer a potential solutions. One approach could be using blockchain. Blockchain system uses a decentralized and immune ledger to manage information. It can help provide transparency into the lifecycle of the content by verifying origin and source reputation. The New York Times’s News Provenance Project is utilizing this approach. Another approach could be a use of global registries of labeled fake news. There are already websites available that helps with identification of fake news, such as factcheck.org and politifact.com. Integrating these websites with social media and news organizations through APIs could be very helpful. Lot of fake news is AI generated and it could also be used to identify fake news. Natural networks generate synthetic text, and they are also familiar with habits, quirks, and traits of the text. This makes them well-suited to detect content emerging from those networks.

The terms propaganda, misinformation, and disinformation need to be well defined. Legal structure needs to be added around these terms to allow accountability to be held for the organizations/persons spreading disinformation needs to be brought to justice using these laws. Presently there is little deterrence on spreading disinformation. At a global scale, formulating shared terminology for combating disinformation, and deliberately and continuously responding to foreign-sponsored disinformation is necessary to reduce the impact and potential harm from state sponsored campaigns.

 

***The next article in The New Battlefront 101 series will discuss cyber attacks on individuals.

___________________________________________________________________________________

Grey Market Labs® is a Certified B-Corp founded with the mission to protect life online. Our Replica™ platform orchestrates, automates, and secures Environments-as-a-Service, making organizations more protected with our patented privacy and Zero Trust architecture and more productive by increasing access to critical data, tools, and workflows simply, on-demand, anywhere. Replica™ support of dozens of use cases that span industries: from disrupting fraud on the dark web, to supporting military operations, combatting human trafficking, and enabling trusted data sharing in healthcare. 

Grey Market Labs® is the first cybersecurity product company recognized as a Certified B-Corp organization.

Contact us to see how we can work together.

Grey Market Labs Ranks Among Highest-Scoring Businesses on Inc. Magazine’s Annual List of Best Workplaces for 2022

By | Company News | No Comments

Grey Market Labs named among best workplaces.

Arlington, VA May 10, 2022: Grey Market Labs has been named to Inc. Magazine’s annual Best Workplaces list. Featured in the May/June 2022 issue, hitting newsstands on May 17, 2022, and prominently featured on Inc.com, the list is the result of a comprehensive measurement of American companies that have excelled in creating exceptional workplaces and company culture, whether operating in a physical or virtual facility.

Grey Market Labs is an employee-owned, certified B corporation that prioritizes team member flexibility and innovation. As co-owners, team members are bought into the public benefit mission and are recognized for their impact on the company and mission. Through the Inc. survey, one of our team members said: “Grey Market Labs is a place that I feel fosters independent critical thinking, recruits smart motivated people that lift everyone up, has leadership that is honest and transparent, and has a mission that excites and motivates me.”

As a results-driven and remote-first company, Grey Market Labs does not require team members to work the standard 9-to-5. Instead, team members determine their hours and decide where they want to work (remote, hybrid, or on-site), with no change to compensation. Responsibility to each other and their customers is a key hallmark of success at the Labs. The team travels to meet each other and customers to build connections, not for daily commutes. This gives tremendous flexibility to travel and work anywhere. To build company culture, we meet up regularly for collaboration and host company-wide offsites multiple times a year. This rapidly moves projects forward, fuels innovation, builds those critical connections and trust so important for a distributed team. It also helps drive what benefits the company offers, which are chosen annually by team requests.

Active collaboration between all team members, regardless of job title, is a key feature of Grey Market Lab’s culture. The team works in a highly coordinated way with daily, online chats and robust channels with history dating back to the company’s founding. Roles cut across experience levels and team members self-select areas of expertise, where junior engineers could be working directly with the CTO on a project and then take the lead on another effort.  This has increased buy-in, self-ownership and connectedness to the work.

After collecting data from thousands of submissions, Inc. selected 475 honorees this year. Each company that was nominated took part in an employee survey, conducted by Quantum Workplace, which included topics such as management effectiveness, perks, fostering employee growth, and overall company culture. The organization’s benefits were also audited to determine overall score and ranking.

Grey Market Labs CEO, Kristopher Schroeder says, “My cofounder, Ryan, and I started with a simple goal, to build a product company that we loved to work at. While some days can be hard, this has been the greatest journey of our careers and we are still early! From putting a public mission first at incorporation and now as a certified B-Corp, or making sure flexibility was available for everyone as a remote-first team, every step has been driven with a clear focus to enjoy what we are doing and be the best in our field at the intersection of privacy and productivity.”

“Not long ago, the term ‘best workplace’ would have conjured up images of open-office designs with stocked snack fridges,” says Inc. editor-in-chief Scott Omelianuk. “Yet given the widespread adoption of remote work, the concept of the workplace has shifted. This year, Inc. has recognized the organizations dedicated to redefining and enriching the workplace in the face of the pandemic.”

About Grey Market Labs

Grey Market Labs® is a Certified B-Corp founded with the mission to protect life online. We are driving innovation and change in software and privacy as one of Inc Magazine’s fastest growing companies in the MidAtlantic. Our patented Replica™ platform eliminates the cyber risks of old, establishes a resilient architecture that self-heals, and automates the complexity of cloud and application orchestration, reducing IT burden by over 99%. Replica orchestrates, automates, and secures Environments-as-a-Service, making organizations more protected with our patented privacy and Zero Trust architecture and more productive by increasing access to critical data, tools, and workflows on-demand, anywhere. We empower the most important work of our customers: across Commercial, Federal, and Defense in areas of Fraud Investigations, Countering Human Trafficking, Threat Intelligence and Cybersecurity, Malware Disruption, Data Science for National Security, Secure DevOps and more.

For more information, please visit: www.greymarketlabs.com + www.replicacyber.com

About Inc. Media

The world’s most trusted business-media brand, Inc. offers entrepreneurs the knowledge, tools, connections, and community to build great companies. Its award-winning multiplatform content reaches more than 50 million people each month across a variety of channels including websites, newsletters, social media, podcasts, and print. Its prestigious Inc. 5000 list, produced every year since 1982, analyzes company data to recognize the fastest-growing privately held businesses in the United States. The global recognition that comes with inclusion in the 5000 gives the founders of the best businesses an opportunity to engage with an exclusive community of their peers, and the credibility that helps them drive sales and recruit talent. The associated Inc. 5000 Conference is part of a highly acclaimed portfolio of bespoke events produced by Inc. For more information, visit www.inc.com.

The New Battlefront 101: Misinformation

By | Cyber Warfare | No Comments

Information Warfare

Misinformation

Misinformation is false or inaccurate information and is often spread widely to others, regardless of an intent to deceive. Misinformation itself isn’t a targeted battleground but instead turns into one when information is spread before ensuring it is correct.

The best way to combat misinformation is to research what the information is trying to say. Look into who is behind this information, what is the evidence behind it, and what do other sources say. If the information is an image or meme, doing a reverse image search on Google can verify that image. Another thing to look at is where the information is coming from. If the new sources are biased or neutral, that would completely change the information you are reading. People can check the bias on different media sites with Ad Fontes’ Media Bias Chart.

The monetization model of internet media today incentivizes engagement over the accuracy of information. Most people who spread misinformation on the internet are not doing so willingly; they simply share information they find interesting. Unfortunately, those who want to spread disinformation intentionally can take advantage of these incentives to leverage others as unwitting participants in their distribution of false information and obscure the original source in the process. Many of these false stories pose as plausible but sensational stories. Because it is common for information to be reposted many times without attribution, you may need to dig deeper than the immediate author to learn more about its origins. Grey Market Labs Chief Engineer, Justin Schmitt, recommends, “to search for portions of the article in a search engine; are parts of the article corroborated or copied from other sources? Are these sources reputable, biased, or are they content farms?”

Justin also suggests “to watch for any signs of deep-fake or AI-generated imagery currently in use. Familiarize yourself with common AI imagery capabilities so that you can spot them when you find them in use. For example, ThisPersonDoesNotExist.com demonstrates some AI imagery techniques that some may use when attempting to fake profile pictures. Refresh the page a few times, and you will notice that these AI images, while realistic, often have distinctive patterns which can be used to identify them.”

While misinformation can be intentional or not, its impact on the public’s opinion is extreme. In that sense, this is the more effective and efficient form of cyber warfare because the ability for information to reach many different audiences is unbeatable. All someone needs is a simple share from one other person, then that information goes beyond the initial network and reaches a tenfold audience.

 

***The next article in The New Battlefront 101 series will discuss how cyber attacks on institutions affects everyday life.

___________________________________________________________________________________

Grey Market Labs® is a Certified B-Corp founded with the mission to protect life online. Our Replica™ platform orchestrates, automates, and secures Environments-as-a-Service, making organizations more protected with our patented privacy and Zero Trust architecture and more productive by increasing access to critical data, tools, and workflows simply, on-demand, anywhere. Replica™ support of dozens of use cases that span industries: from disrupting fraud on the dark web, to supporting military operations, combatting human trafficking, and enabling trusted data sharing in healthcare. 

Grey Market Labs® is the first cybersecurity product company recognized as a Certified B-Corp organization.

Contact us to see how we can work together.

The New Battlefront 101: Cyber Attacks on Governments

By | Cyber Warfare, Data Protection, Risk and Liability | No Comments

Governments are a major target of cyber-attacks, which increases during times of conflict. The primary goals of cyber-attacks focused on government and governmental organizations are gathering information, disrupting critical infrastructure, and eroding public trust.

Collecting and Compromising Data: Governments have massive amounts of information on citizens, businesses, academia, and intellectual property that are lucrative targets, especially with the United States’ posture toward Freedom of Information and transparency in government. Even more sensitive is information on military or otherwise classified activities. These could be as simple as communications between embassies on upcoming events or as sensitive as transferring weapons to the Ukrainian military. Regardless, it is a rich target for anti-government militia, international terrorists, industrial espionage, nation-state spies, and any other flavor of cybercriminals. Suppose cybercriminals can steal that non-public data from governments. In that case, they can sell that data, hold it as blackmail, or release it to cause damage to an administration, business, or group of citizens. While not having his data collected through cyber attacks, Alexander Hamilton was a known victim of blackmail. Many victims of blackmail won’t come forward as he did, but with the amount of information that can be accessed on the internet, it can be assumed that the number of blackmail cases has increased.  

Taking Down a Nation: Critical infrastructure includes the vast network of highways, connecting bridges and tunnels, railways, utilities, communications, and buildings necessary to maintain normalcy in daily life. Transportation, commerce, clean water, and electricity rely on these vital systems[1]. These sectors are typically controlled by a government organization or a regulated company that works with the government to provide the service. The energy sector is one of the main targets of cyber-attacks against critical infrastructure, but it is not the only one. Transport, public sector services, telecommunications, and critical manufacturing industries are also vulnerable. The goal of cyberattacks on these sectors is to disrupt economies, destroy critical infrastructure, and disable public services. Our CEO, Kris Schroeder, discussed the goals of Cyber Attacks in a recent ABC News segment. Governments need to decide how to deal with the cybersecurity risks associated with both the physical and cyber systems and assets that control all sectors. Since the incapacity or destruction of one of these sectors would have a debilitating impact on physical or economic security or public health or safety, governments cannot avoid this risk. So they must try to mitigate the likelihood of an attack or transfer the responsibility of an attack to a third party.

Eroding Public Trust: Suppose citizens feel that their government can’t protect them from attack, their faith in their government would decrease. Cyber attacks will only grow in their severity and impact, which will result in increased tensions between governments and citizens. Governments are meant to act as digital stewards and showcase how to react to a cyber attack. However, cyber attacks have caused increased tension between governments, especially the superpowers, so there has been a lack of digital stewardship. The World Economic Forum’s (WEF) annual Global Risks Report highlights the erosion of public trust around governments’ ability to prevent, counter, and retaliate against cyber attacks. WEF specifically calls out that “without mitigation, governments will continue to retaliate against perpetrators (actual or perceived), leading to open cyberwarfare, further disruption for societies, and loss of trust in governments’ ability to act as digital stewards.”

Cyber attacks against a government or nation rarely take a single form. This was especially clear in the Colonial Pipeline cyber attack, which took out a critical infrastructure pipeline. The lack of communication and misinformation eroded public sentiment and trust, causing panic buying of fuel. Grey Market Lab’s Chief Engineer, Fred Kenowski, experienced this impact directly, “working remotely, I don’t depend on driving daily to do my job. However, living in a rural area, many folks depend on a steady fuel supply from a limited number of gas stations for their lengthy commutes, trips to the store, or to keep all their farm equipment running. Shortly after the pipeline shut down, there were long lines at the gas stations filled with folks running on empty or panic buying and stocking up. Later the following day, all the pumps in the county were closed because they were out of gas. It wasn’t initially clear when the pumps would turn on again, and it created a lot of concern with many I spoke to questioning if they would be able to work soon if service wasn’t restored quickly.”

Without clear communication from the government and an immediate solution in sight, there was a lot of panic buying that drained the Just-In-Time supply chain of fuel quicker than was necessary. Prevention is the best medicine, but strong plans must be in place to mitigate the inevitable cyber attack that breaks through and the likely human response it will trigger. The White House released a Best Practices Fact Sheet following the Colonial Pipeline cyber attack focusing on establishing an interagency response group to monitor and address the cyber attack. The US Government Accountability Office created an outline to put the United States in a better position to prevent or more quickly detect and mitigate the damage of future cyberattacks by highlighting the need to develop and execute a more comprehensive federal strategy, mitigate global supply chain risks, and enhance the federal response to cyber incidents[2]. Government should continue to embrace concepts to fundamentally change the landscape and render some of these attacks irrelevant: zero trust architectures, specifically those with isolation, limit the scope of any attack and advanced approaches like moving target defense (i.e. rotation of computer settings on a regular basis) make hacking attempts fail because criminals are always seeing different settings and don’t have a fixed thing to attack.

 

***The next article in The New Battlefront 101 series will  discuss how misinformation affects public perspective.

___________________________________________________________________________________

Grey Market Labs® is a Certified B-Corp founded with the mission to protect life online. Our Replica™ platform orchestrates, automates, and secures Environments-as-a-Service, making organizations more protected with our patented privacy and Zero Trust architecture and more productive by increasing access to critical data, tools, and workflows simply, on-demand, anywhere. Replica™ support of dozens of use cases that span industries: from disrupting fraud on the dark web, to supporting military operations, combatting human trafficking, and enabling trusted data sharing in healthcare. 

Grey Market Labs® is the first cybersecurity product company recognized as a Certified B-Corp organization.

Contact us to see how we can work together.

The New Battlefront 101: Introduction

By | Cyber Warfare, Risk and Liability | No Comments

Battles and wars were previously fought head-on, on a physical battlefield, but now we are seeing a transition in how and where battles are fought. These battles are now fought in the digital and physical worlds. This way of fighting will become the new normal, especially when developed countries are at the forefront. In this article, we will cover what cyber attacks are, how they happen, and what you can do to protect information.  We will also cover information warfare and how information can be used to change public perspective.

More cyber attacks are being announced and everyday sensitive, proprietary, and vulnerable information is at risk. Recently, Microsoft had partial source code pertaining to Bing and Cortana stolen as part of a cyber attack. The White House also just warned about possible plans by the Russian government to target critical American infrastructure and released a best practices fact sheet for institutions and individuals to refer to in order to protect themselves.

Cyber attacks aren’t the only type of digital warfare that people need to be concerned about. Information warfare has profoundly and permanently changed how wars are fought. People are using the internet during almost every waking moment of their lives. Every time they actively access the internet (to check the weather, access Instagram, transfer money, etc.), they are being bombarded by information. Additionally, people are having their information collected whenever they access the internet, including passively by their installed apps collecting data from phones at all times. That information is then distributed to data actors who sell or act on the collected personal information.

Cyber Attacks

Anyone can be a victim of cyber attacks, and they are common as ever now. Personal information, account information, and anything posted online is at risk for a cyber attack. These cyber attacks aim to disable, disrupt, destroy, or control computer systems or to alter, block, delete, manipulate or steal the data held within systems and accounts. Every major company or government in the world has had some sort of cyber attack. Those attacks can result in breaches of information or systems being shut down. Below are some of the most common types[2]:

  • Malwareis malicious software, including spyware, ransomware, viruses, and worms. Malware breaches a network through a vulnerability, typically when a user clicks a dangerous link or email attachment that then installs risky software.
  • Phishingis a type of social engineering attack often used to steal user data, including login credentials and credit card numbers. It occurs when an attacker, masquerading as a trusted entity, dupes a victim into opening an email, instant message, or text message and providing personal or sensitive information.
  • Man-in-the-middle(MitM) attacks, also known as eavesdropping attacks, occur when attackers insert themselves into a two-party transaction.  The goal of an attack is to steal personal information, such as login credentials, account details and credit card numbers.
  • denial-of-serviceattack floods systems, servers, or networks with traffic to exhaust resources and bandwidth. As a result, the system is unable to fulfill legitimate requests.
  • Structured Query Language (SQL)injection occurs when an attacker inserts malicious code into a database that uses SQL and forces the server to reveal information it usually would not.
  • zero-day exploitis an unknown exploit that exposes a vulnerability in software or hardware and can create complicated problems well before anyone realizes something is wrong.
  • DNS tunnelingis a method of cyber attack that encodes the data of other programs or protocols in DNS queries and responses. DNS tunneling often includes data payloads that can be added to an attacked DNS server and used to control a remote server and applications.

Since cyber attacks are inevitable, people, institutions, and governments must decide how they want to respond to these attacks’ risks. The different risk mitigation strategies for cyber threats are Mitigate, Avoid, Transfer, Accept, and Escalate a Risk. To mitigate risk is to do something to reduce the impact or the probability of a threat. Organizations can avoid risk by choosing different products, adding additional security to their information, can hire additional resources, adopting different technical solutions, or changing project scope. Transferring risk puts the risk on another party, typically by outsourcing that operation to another organization. So, the new organization is responsible for the risks. When organizations decide to accept the risk, they decide that risk is an acceptable risk and will not take any actions to mitigate the risk.

Cyber attacks can threaten someone’s way of life. Still, the risks and chance of attacks decrease dramatically through proper education and preparation. The government, private companies, and nonprofits all share ways to protect yourself, such as Cybersecurity & Infrastructure Security Agency, FireEye, and “No More Ransom”.

Information Warfare

Information has been the maker and breaker of wars, as generals relied heavily on information gathering about opposing forces when making their battle plans. George Washington credits his spies and information gathering as a key reason for defeating the British. It’s no different today on the cyber battlefield. The advent of the internet in the mid-1980s has restructured the landscape of information sharing, availability, gathering, and dissemination. However, just because all this information is out there doesn’t mean that this information is good. The saying that “a lie can travel around the world and back again while the truth is lacing up its boots” was true when Mark Twain said it and still is today.

Misinformation (Fake news, fabricated images, and clickbait articles) are spread faster and further than researched-backed information. Facebook has been fighting a losing battle with falsified information, and everyone has seen that information on their feed. For example, 49% of adults in the United States shared information online, which they later found was made up[1]. People often don’t even know that they shared information was incorrect until after the fact. Still, by the time they realize the information has already been circulated to their connections. However, in the same survey, 10% of those adults admitted to sharing information online that they knew was false which introduces a new problem of disinformation – the practice of knowingly spreading false information.

False information creates worlds of problems, but just the ability to access information and the promotion of information is another tactic used in information operations or information warfare (aka IW). GAO.gov defines Information Warfare as the use of information-related capabilities during military operations to influence, disrupt, corrupt, or usurp the decision making of adversaries and potential adversaries while protecting our own. Propaganda is one example and has been used for centuries to spread information to different groups that may not have access to that information. While propaganda itself has a bad connotation, it can be beneficial and involves many different ways of sharing information. Propaganda can be written, musical, or visual and plays upon and channels complex human emotions towards a desired goal. The Uncle Sam poster is the symbol of American patriotism starting in World War I and We can do it! poster became a symbol for female workers’ morale in World War II.

Misinformation, disinformation, and propaganda all have their place on the cyber battlefield. They all rely on the spreading of information to influence public opinions and alter outcomes of diplomacy, negotiations, and all out conflict.

 

***The next article in The New Battlefront 101 series will  discuss how cyber attacks on governments effect everyone.

___________________________________________________________________________________

Grey Market Labs® is a Certified B-Corp founded with the mission to protect life online. Our Replica™ platform orchestrates, automates, and secures Environments-as-a-Service, making organizations more protected with our patented privacy and Zero Trust architecture and more productive by increasing access to critical data, tools, and workflows simply, on-demand, anywhere. Replica™ support of dozens of use cases that span industries: from disrupting fraud on the dark web, to supporting military operations, combatting human trafficking, and enabling trusted data sharing in healthcare. 

Grey Market Labs® is the first cybersecurity product company recognized as a Certified B-Corp organization.

Contact us to see how we can work together.

Zero-Trust Principles: Best Practices Refined

By | Data Privacy, Data Protection, Risk and Liability | No Comments

The Office of Management and Budget released a memo outlining the Federal Government’s strategy for implementing a zero-trust architecture (ZTA) across their technology footprint. This memo is part of a broader effort to modernize US cybersecurity in the wake of a string of high-profile attacks on the US and US companies.

While some of the requirements in the memo are already commonplace security policies, there are a few guidelines in the memo that might be a dramatic change from the strategy some organizations are currently employing. Here’s our summary of some of the new guidelines we think you shouldn’t miss:

  1. Authenticate users to applications, not to networks. It’s no longer good enough to lean on perimeter security to trust that traffic on your network is trustworthy. Single-sign-on solutions are mature and widely supported – use them for every application!
  2. Use multi-factor authentication (MFA), but don’t use one-time passcodes, SMS passcodes, or push notification prompts. These are susceptible to phishing attacks. Use a solution that is resistant to phishing, like FIDO2, WebAuthn, or PIV.
  3. Stop requiring that users regularly change passwords or use special characters. While this once was considered best practice, it is now known to decrease security because it leads to password reuse (and credential-stuffing attacks) or unsafe storage practices.
  4. Consider eliminating passwords entirely! It is possible to have multi-factor authentication without one of the factors being a password. It’s more convenient for your users, and a password isn’t adding much security if your users are reusing it across multiple sites and it ends up in a password breach.
  5. Encrypt all HTTP, DNS, and email traffic, even on internal networks. It’s not uncommon to see these unencrypted on many networks, but these all carry sensitive information, and leaving them in plaintext leads to an increased attack surface.
  6. Isolate environments and assign access with granular attribute-based access control, rather than giving role-based access to users or enhanced visibility by default.
  7. Have a process in place to take security vulnerability reports from the general public, and respond to them promptly.

___________________________________________________________________________________

Grey Market Labs is a Certified B-Corp founded with the mission to protect digital life. We build revolutionary software including Replica and hardware products, and partner with like-minded industry leaders, to create a future with “secure-environments-as-a-service”.

Contact us to see how we can work together.