SANS Institute's Rob Lee Discusses The OPM.GOV Hack on CNN
Key Takeaways
Analyzes the OPM.GOV hack with SANS Institute's Rob Lee on CNN
Full Transcript
joining me to talk about cybersecurity is digital forensics investigator for the SANS Institute broadly he consults with companies and the United States government so Rob since you do consulting with the US government are you as shocked as say I am sharing this remarkable hack of the OPM the Office of Personnel Management the HR department for the government I actually no I'm not shocked at all in fact these kind of attacks are quite frequent and happen all the time in fact the biggest issue is detecting the attacks and most of the government including the Fortune 500 in this country have an incredibly hard time detecting them and that makes them easy targets for nation-state attackers such as China to take advantage specifically of that lack of capability in cyber security is there is there a scenario here where the toothpaste is out of the tube and thus there is gonna be even a bigger problem down the road and I only ask that because I get these really annoying phishing emails all the time and I recognize them like that or so I think I do but effectively there's something called spear phishing where a hacker gets ahold of you and then your identity and then uses you to have people who you know who would trust you that's exactly right one of the core difficult problems in cybersecurity is the fact that attackers such as China and other nation states are taking advantage of ordinary individuals inside the workplace they send them common emails with attachments or web links in them trying to get them to open them now these are not the emails that you we've all been customed to that are originating from Nigeria or from Africa these actually look like legitimate emails that your own organization might have sent out it might be a new policy one of the ones that we've seen over the years that almost has a 100 percent a success rate is sending emails related to w-2 tax forms right next to tax time in early April oh man you know I've been so tempted but I get them the old snail mail way but that is really scary it's a to think that somebody would have to think twice about a w-2 just quickly can I ask you about that there is this very strange list that puts the United States at the very top of victimization by global hacking Thailand is number two but way way below the US why is it that we are so valuable to hackers around the world and who's doing more of it is it the outsiders or is it within our own borders that's doing the most hacking to us well definitely the lead culprit in fear last question first is China there are other nation states such as Russia and Iran and more that are also doing it but China is pretty much the lead aggressor in leading the charge on these hacks now why us well specifically we have more intellectual property as a country that other countries such as China are trying to obtain in order to provide an economic advantage as a part of their normal day-to-day business China views any information including that which is stored by our government or even our top commercial industry such as Microsoft Google or Apple as ripe pickings and because it's so easy to accomplish and there's zero threat of arrest and zero threat of any actual deterrent that's going on nothing is telling China or other countries hey this is wrong you should not do it and as a result there's no pushback that will eliminate this in the near future expect this to become a common news cycle from this point forward well then expect us to be calling you a lot more and open up the calendar to be on the show more because you're extraordinary with your information base I really appreciate it Rob thanks for doing this thank you very much Rob Lee joining us Wow digital forensics you had to know that was going to be a good vocation three
Original Description
SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.
Watch on YouTube ↗
(saves to browser)
Sign in to unlock AI tutor explanation · ⚡30
Playlist
Uploads from SANS Institute · SANS Institute · 6 of 60
1
2
3
4
5
▶
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
SANS FOR610: Reverse Engineering Malware: Malware Analysis Tools & Techniques
SANS Institute
SANS Institute Cybersecurity Training Customer Stories
SANS Institute
SANS Institute UK Cyber Academy
SANS Institute
SANS Institute UK Cyber Academy
SANS Institute
CISSP® Prep Exam, MGT414, by SANS Institute
SANS Institute
SANS Institute's Rob Lee Discusses The OPM.GOV Hack on CNN
SANS Institute
Information Security Training from SANS Institute - Student Testimonials
SANS Institute
SANS NetWars
SANS Institute
SANS DFIR NetWars
SANS Institute
Hack The Drone - SANS Cyber Academy UK
SANS Institute
SANS VetSuccess Immersion Academy
SANS Institute
SANS Cybersecurity Training, Certifications & Placement for Veterans
SANS Institute
The 2015 SANS Holiday Hack Challenge
SANS Institute
SANS VetSuccess Academy: Hands-on Skills
SANS Institute
SANS VetSuccess Academy Overview
SANS Institute
SANS ICS Security Summit & Training 2017
SANS Institute
Exploring the Unknown Industrial Control System Threat Landscape – SANS ICS Security Summit 2017
SANS Institute
WannaCry recap, patches, and analysis
SANS Institute
If We’re Doing So Well at Cyber Security, Why Are We Still Doing So Poorly?
SANS Institute
Graduation Day - SANS HM Gov Cyber Retraining Academy
SANS Institute
Incentivizing ICS Security: The Case for Cyber Insurance – SANS ICS Security Summit 2017
SANS Institute
SANS Data Breach Summit & Training 2017
SANS Institute
SANS Secure DevOps Summit & Training 2017
SANS Institute
How Threats Are Slipping In the Back Door - SANS ICS Security Summit 2017
SANS Institute
SANS Webcast – Continuous Opportunity: DevOps & Security
SANS Institute
SANS Cybersecurity Programs for the Department of Defense
SANS Institute
SANS Pen Test HackFest Summit & Training 2017
SANS Institute
SANS SIEM & Tactical Analytics Summit & Training
SANS Institute
If We’re Doing So Well, Why Are We Still Doing So Poorly? – SANS ICS Security Summit 2017
SANS Institute
SANS Institute
SANS Institute
ICS515: ICS Active Defense and Incident Response
SANS Institute
SANS Institute
SANS Institute
Introducing the NEW SANS Pen Test Poster
SANS Institute
SANS Institute - An Inside Look at the Newly Updated ICS515 Course
SANS Institute
SANS ICS Security Training, Munich, Germany
SANS Institute
SANS Automotive Summit Webcast
SANS Institute
Privesc Playground - SANS Pen Test HackFest Summit 2017
SANS Institute
Introduction to Reverse Engineering for Penetration Testers – SANS Pen Test HackFest Summit 2017
SANS Institute
Honey, Please Don’t Burn Down Your Office: Fun with Smart Home Automation
SANS Institute
SANS Security Operations Summit & Training 2018
SANS Institute
Sh*t Happens! (But You Still Need to Drink the Water) – SANS ICS Summit 2018
SANS Institute
ICS Threat Intelligence: Moving from the Unknowns to a Defended Landscape – SANS ICS Summit 2018
SANS Institute
You’re Probably Not Red Teaming (And Usually I’m Not, Either) – SANS ICS Summit 2018
SANS Institute
A Sneak Peak at the New ICS410
SANS Institute
Jumping Air Gaps – SANS ICS Summit 2018
SANS Institute
Introduction to Linux
SANS Institute
Introduction to Malware Analysis
SANS Institute
You’re Probably Not Red Teaming (And Usually I’m Not, Either) Webcast by Deviant Ollam
SANS Institute
Hacking your SOEL: SOC Automation and Orchestration – SANS Security Operations Summit 2018
SANS Institute
Hunting for Post-Exploitation Stage Attacks with Elastic Stack and the MITRE ATT&CK Framework
SANS Institute
Apples and Oranges?: A CompariSIEM – SANS Security Operations Summit 2018
SANS Institute
SANS Webcast - Perimeter Security and Why it is Obsolete
SANS Institute
SANS Webcast - Trust No One: Introducing SEC530: Defensible Security Architecture
SANS Institute
The Science of Security: The Psychological Impacts of Security Awareness Programs
SANS Institute
How I Pulled Off an Edgy Security Campaign – SANS Security Awareness Summit 2018
SANS Institute
Practical Advice for Submitting to Speak at a Cybersecurity Conference
SANS Institute
SANS Webcast - Consuming OSINT: Watching You Eat, Drink, and Sleep
SANS Institute
SANS Webcast - Zero Trust Architecture
SANS Institute
SANS STX Cyber Range
SANS Institute
Part 1 – SANS Institute and Tenable talk about cloud security
SANS Institute
More on: Reading ML Papers
View skill →Related Reads
📰
📰
📰
📰
A lightweight workflow for keeping up with AI conference papers
Dev.to · Daniel
Why CitedEvidence Believes Great Researchers Read Less Than You Think
Medium · AI
How to Write a Literature Review That Actually Argues Something
Medium · Machine Learning
I Built a Personal Paper Engine to Stop Losing Research Papers
Dev.to · Ethan
🎓
Tutor Explanation
DeepCamp AI