News in Brief

USDS additions, Google dorking and more

Shutterstock image: executive connecting individuals to one another.

Naming names at USDS

U.S. Deputy CIO Mikey Dickerson is moving quickly to build the U.S. Digital Service team -- and tapping some familiar federal IT talent in the process.

In an Aug. 29 blog post on WhiteHouse.gov, Dickerson announced that the Office of Science and Technology Policy's Erie Meyer and Vivian Graubard had joined USDS, along with White House Senior Technology Adviser Haley Van Dyck.

Dickerson also announced two recruits from the private sector: Fuse Corps CEO Jennifer Anastasoff and Google software engineer Brian Lefler. And he praised the Office of Management and Budget's existing e-government team, saying those individuals' "expertise and knowledge about IT delivery within government has really helped us hit the ground running."

Former FCC chairman named to Intelligence Advisory Board

President Barack Obama tapped his old law school classmate and former chairman of the Federal Communications Commission to serve on the President's Intelligence Advisory Board. Julius Genachowski currently works as a managing director of the Carlyle Group, a private equity firm.

The board advises the president on intelligence activities and the organization and management of intelligence agencies. Its members all work outside the federal government. Other new appointees include James Crown, president of a private investment company; Scott Davis, chairman and CEO of United Parcel Service; Jamie Dos Santos, chairman and CEO of Cybraics and formerly CEO of Terremark Federal Group; Shirley Ann Jackson, president of Rensselaer Polytechnic Institute; and Neal Wolin, former deputy secretary of the Treasury and a onetime special assistant to three different CIA directors.

DHS warns against dangers of 'Google dorking'

Beware the Google dork, said the Department of Homeland Security in an unclassified but restricted memo sent to law enforcement and private-sector security groups in July.

The DHS memo, posted on the Public Intelligence open-source website on Aug. 28, warns that advanced search techniques can allow malicious actors to locate information on organizations' websites that is not intended to be public and find website vulnerabilities that can be used for later cyberattacks.

By searching for specific file types and keywords, malicious cybercreeps can locate usernames and passwords, email lists, sensitive documents, bank account details, and website vulnerabilities, DHS said.

"'Google dorking' has become the acknowledged term for this malicious activity, but it applies to any search engine with advanced search capabilities," the memo states. The practice is also known as Google hacking.

According to the memo, last October, unidentified attackers used Google dorking to find websites running vulnerable versions of a proprietary Internet message board software product and wound up compromising 35,000 websites and creating new administrator accounts. The memo added that the Diggity Project, a free online tool suite, enables users to automate Google dork queries.

Along with recommending that website owners minimize the sensitive information they host, DHS pointed to an online tool that can help sniff out Google dorks.

A very real threat to virtual systems

Malware innovators are evading automated analysis on virtual machines, forcing agencies to secure virtual machines and networks as intensely as other classic IT, GCN reports.

"One of the more recent exploits involves attacks that are designed to wait out the automatic malware detection and analysis defenses that are increasingly being built into virtual systems," GCN reports, citing a recent Symantec study. "Some trojans will simply wait for multiple mouse clicks to occur before they decrypt themselves and start up their payload, and that can make it all but impossible for automated systems to come to any timely conclusion about the threat."

FTC doles out prizes to robocall fighters

The Federal Trade Commission is on a mission to squelch recorded marketing calls and is asking hackers for help.

The agency announced three winners from a contest dubbed Zapping Rachel, held earlier this month at the DEF CON 22 conference in Las Vegas. Participants were challenged to design a honeypot to attract robocalls in order to analyze the identity spoofing and other techniques used in the marketing scams, to develop methods robocallers might use to avoid detection and to use data from existing honeypots to predict which calls are robocalls.

Jon Olawski won the honeypot-building competition. Jan Volzke took the prize for developing attack methods, while Yang Yang and Jens Fischer built the winning robocall detection algorithm. The total prize pool, including two honorable mentions, totaled just over $12,000.

About the Author

Connect with the FCW staff on Twitter @FCWnow.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group