Search Results

Share Article:

Facebook Twitter Linkedin Mail

Tag: cyber-security

The True Story of a killer identity thief

Cyber Security Consumer advice

Posted on November 28, 2018

5 min read

Mexico fell for Michael Finkel. The charismatic New York Times journalist, now raconteur, was on assignment covering Mayan mysticism in 2001. He held easy court with tourists and locals; Finkel’s pursuit of the dangerous and different had thrust him on the trail of black-market organ traders, reporting the tragedies of the Gaza Strip’s dying child soldiers, and travelling in the leaky hull of a Haitian boat that almost killed him and 40 refugees.

Janina Franke, an amateur photographer, fell hardest for Finkel. After a chance meeting they travelled south where she would score a massive career break snapping photos of Mayan ruins for Finkel’s piece in the Times.


Michael Finkel at the IAPP conference. Image: Darren Pauli, Telstra Exchange

Franke made it to the Mayan port city of Tulum, 130 kilometres south of Cancun, but she never got her break. She watched as Finkel, real name Christian Longo, was pulled out of a cabana by a swarm of armed police bearing a US federal arrest warrant.

Longo had co-opted the identity of the real Michael Finkel having fled Portland, Oregan, where he was wanted for the gruesome murder of his wife and three children.

“He (Longo) chatted with tourists in Mexico about stories he said he had written, quoted from them,” the real Finkel told us while in Melbourne for the IAPP privacy conference. “They all unquestionably believed he was Michael Finkel from the New York Times.”

According to those he charmed Longo was polite and intelligent, “totally cool”, with a good sense of humour. He scrawled notes, memorised articles, and gave budding writers a fake Times email address to make his possession of Finkel’s character total.

Finkel heard of Longo’s exploits from a local journalist and soon arranged to meet the murderer then, and now, incarcerated on death row in Oregon State Penitentiary (there is a moratorium on executions in that state).

He did not, as some identity theft victims do, feel assaulted by Longo’s co-opting of his identity. Longo did not steal Finkel’s passport, drain his bank account, or hack his social media. He just studied the journalist to a level of intimacy that he could become him. The co-opting of identity made the journalist curious.

Longo first wanted to prove Finkel was the real Finkel. In a twist of irony the journalist struggled to answer Longo’s 13-question identity quiz that drew on minutia contained in Finkel’s stories filed over years. “It was this existential conundrum,” Finkel says.

Identity crisis

Longo, now 43, always wanted to be a globe-trotting journalist writing stories on the weird and wonderful. In short, he always wanted to be Finkel. Instead he married at 19 years-old, had three children, and over years turned a failing business into a web of deceit that would ultimately drown his family in debt.

His hijacking of Finkel’s identity at a time when Finkel was out of a job quickly drew the writer to Oregon State Penitentiary’s visitor’s centre.

Finkel says he would not ordinarily be drawn to speak to a murderer. He pursues curiosity and complexity, not distasteful and often unidimensional killers.

But it was the duplicitous character of Longo – a Proteus who in one instance was a witty and highly intelligent (his IQ was measured at 130) man and at another a mendacious murderer – that appears to have kept Finkel glued to what became an intensely personal story spanning years.

“If Christian Longo was sitting right here, he’d be funny, he’d be witty,” Finkel says. “You would have no idea he did something so unimaginable.”

Finkel tells the story in the nonfiction book True Story, also a major film adaption by the same name. He tells how he scrutinised Longo’s initial claims of innocence, witnessed how the murderer disassociated with his fellow death row prisoners, of whom many were also murderers, telling Finkel in a letter that he was “surrounded by so much degeneracy and perversion”, and watched and even assisted Longo’s attempts at redemption.

His latter act of redemption was a push to allow prisoners to donate their organs during their incarceration and at their point of execution. Reforms did eventuate that allowed prisoners to donate.

Finkel, himself now a father, has cut ties with Longo, and is pursuing his next story: a master art thief who stole a billion euros worth of art.

“I’m genuinely interested in these people,” he says. “More than, say, CEOs and popstars.”

3 cyber security trends to look out for in 2019

Telstra Careers Cyber Security

Posted on November 5, 2018

4 min read

Did you know that at Telstra we have one of the largest teams of cyber security professionals in Australia?

We have more than 500 people working to fiercely protect the data of our customers and organisation. These people protect our extensive network by preventing issues and solving problems when they arise.

That’s why it’s important for us to keep up to date with information security trends to make sure we’re ahead of the curve. One way we do this is by attending industry events, which some of our team recently did when they went along to the OWASP AppSec Day 2018 – Australia’s only conference dedicated to application security.

So what insights did our people get? Here are the top three things:

Security + DevOps = DevSecOps

Yaso Addanki, Senior Security Architect

Increasingly, people are learning that cyber security is something they need to consider in their work. Take DevOps for example, Yaso describes how this area of work is increasingly asking how it can be more secure.

“A significant trend at the conference was the focus on cyber security in the DevOps world and the importance of the need to embed security in the CI / CD (Continuous Integration/Continuous Delivery) pipelines,” she said.

“The security challenges with Docker containers and agile methodology, and how iterative threat models can be used to combat some of the challenges that come with them, was also a major topic.

“Telstra is working proactively here – we’re incorporating DevSecOps practices into development communities across the organisation”

Our team at the OWASP AppSec Day 2018

Code needs to be secured as quickly as it’s written

Stefan Gigliotti, Enhanced Services Trainee, Secure Code

As more and more solutions are being made digitally, cyber security principles need to be applied throughout a project’s life-cycle. Stefan learned other teams are beginning to ask questions about security and data protection which is a very promising sign.

“As a whole, I saw a big emphasis on DevSecOps – enabling organisations to deploy code quickly, and securely in an iterative manner,” he said.

“Telstra’s Cyber Security team is already following this trend, with the recent introduction of a team in Cyber Security called “DevOps Security”, which is focused on how we can deliver security services and capability to DevOps teams.

“One initiative we’ve introduced is the concept of training a ‘security champion’ embedded in each feature team, allowing security to be a shared responsibility.”

“What I learnt was very helpful to my career because I am new to the Secure Code team, and fairly new to the AppSec space. The conference provided me a great platform to start my journey, and thrive in the Secure Code team here at Telstra.”

Cyber Security is everyone’s responsibility

Ben Ellett, Security Technologist-Specialist

Cyber security isn’t just the responsibility of the specialists who work to protect it, it is something we all need to consider. Ben was amazed to learn that this year’s AppSecDay wasn’t just for security specialists.

“One of the biggest surprises at the conference was when the keynote speaker asked the crowd how many people DID NOT work in information security. Approximately 50 per cent of the audience raised their hand,” he said.

“This showed me that cyber security extends past the people who specifically work in this function.

“That’s the case here at Telstra, where the Secure Code team within Cyber Security, works with other developers in the business to establish good secure coding practices.

“In terms of the next step in my career and to keep up with industry trends, I’ll endeavour to learn more about the development stacks that full time software developers use in order to learn the security pros and cons inherent to that software.”

Want to learn what a career at Telstra could look like? Check out our careers website.

How I’m keeping our code secure

Telstra Careers People

Posted on October 29, 2018

3 min read

I started my career in the Australian Defence Force and what I really enjoyed about this time in my life was being able to make a difference to so many people on such a large scale.

I feel like I get to do the same thing here at Telstra.

To be able to work for such a large organisation – the largest telecommunications and technology company in Australia that has an impact on almost every household in this country – is really powerful.

If we get security right for Telstra, we’re actually helping protect Australia’s critical infrastructure and national security interests.

My role at Telstra

I lead a team of specialists within the Cyber Security team and our job is to make sure we secure every line of source code as early as possible, while still enabling the business to move fast.

Another part of our role is to educate our developers, uplift our development teams and put security automation tooling into their hands.

Why? Because at the end of the day, we cannot do security by ourselves. We need the organisation to practice security in collaboration with us and ensure that software is being developed ‘secure by default’.

Our team has a very strong alignment to Telstra’s vision of becoming a world class technology company that empowers people to connect.

This makes our work even more relevant and exciting, as the business really depends on us to make sure we can deliver quality, robust, secure applications to our customers as fast as possible.

It’s challenging work but….

I feel like since I started here, I’ve been able to take my career to a new level as every day is different and full of variety.

The cutting edge work I get to do also means I need to use different parts of my brain – technical, strategic and business.

As the Security Code Manager, I need to use my technical brain for the innovative work we are doing in “shifting security left” and for keeping up with industry trends. I use my strategic brain to deliver capability that that will enable us to scale and to influence security culture within the business, and I use my business brain to make sure the operational demands of the team are managed.

Why my future is at Telstra

Telstra’s leaders have given me so much autonomy to define and create a new team. I can honestly say they’ve been extremely trusting in my decision making and it’s something that has helped me to excel in my role.

The other reason why I see my future at Telstra is that I’ve been able to work from my hometown of Perth, and from my home office whenever I need to. This type of flexibility is amazing and has helped me to balance my life needs.

Having said this, my leaders and colleagues who work on the east coast of Australia make sure I’m always connected to them, so I never feel isolated and always part of the team.

See where a career at Telstra could take you.

Out of the classroom and into the mire: a hacking competition for cyber security students

Cyber Security

Posted on October 9, 2018

3 min read

From left: Khatina Haidari, Mahima Shrestha, Sheryl Mantik – RMIT University

Talk about being thrown in the deep end – it may be years before they toss their academic hats in the air, and yet 427 university and TAFE students have been snatched out of cyber security classrooms and thrown behind computers to find and fight real hackers.

In offices all over the country the students sit in 109 tight-knit teams for 24 continuous hours – each hunched in front of laptops, eyes dancing over reams of computer code in search of hidden security flaws.

They have joined Australia’s latest cyber security outfit, Break Out Box, to help secure local businesses against digital intrusion. Their art is methodical and precise; something as small as a single apostrophe, if missed, could let hackers make off with piles of sensitive data.

Thankfully the gruelling work is a simulation, and part of the annual Cyber Security Challenge Australia hacking competition (CySCA2018) which, starting today, throws students into the very real tests they can expect to face when they leave campus to join the booming cyber security industry.

As a Challenge sponsor, we have built a new technology platform for the 2018 competition to cater for the growing number of players, which has increased by 117 on last year.

“The Challenge is a real representation of what these students can expect to face when defending real businesses,” says Telstra’s APAC Chief Information Security Officer, Berin Lautenbach.

“Students are playing multiple professional security roles, finding security vulnerabilities before bad guys do, and chasing a hacker’s footsteps through code and logs.

“These are some of the skills they will need for a technical career in the cyber security industry”.

From left: Jin Han, Adam Kues, Takuhiro Kikuchi, Ethan Cheng – Melbourne University

The Challenge lives up to its name. Some of the brightest cyber security professionals spent eight months planning the digital mazes students are right now attempting to navigate and conquer.

Each element is a realistic representation of what it will be like to protect a security-focused business where the stakes are high. They must protect the systems of Break Out Box and that of its customers.

However, students that expect the competition to run as an average nine-to-five day-in-the-life of a security professional will be shocked. Plot twists abound that set the Challenge apart from a run-of-the-mill hacker romp.

The Challenge is the brainchild of Telstra, the Federal Government’s Australian Cyber Security Centre and AustCyber, PwC, Cisco, Microsoft, Commonwealth Bank, Splunk, BAE Systems, and HackLabs.

While prizes are on offer, all students win the recognition of the cyber security industry which eyes players for potential recruitment into a wide number of attractive career positions.

The winning team will score flights, accommodation, and entry to the popular DEFCON conference in Las Vegas in August next year.

Those in second place will win flights, accommodation, and entry to the hugely-popular and sold-out Kiwicon hacker confab in Wellington, New Zealand next month.

The third-placed team will head off to the equally popular BSides hacker conference in Canberra next year.

Placeholders will also score a tablet or mobile device for each team member. Other individual prizes are on offer for the competition’s various challenges.

You can stay up to date by following #CySCA2018 or at the Cyber Security Challenge Australia 2018 website.

Finding sophisticated threat actors on a shoestring

Cyber Security

Posted on August 28, 2018

4 min read

Finding well-resourced and sophisticated threat actors doesn’t have to cost the earth thanks to a suite of free and highly-capable tools, a former Pentagon threat expert says.

Defensive security professionals and law enforcement agencies around the world use the tools to passively monitor bad actors operating on the internet.

The free-of-charge toolsets mean cash-strapped security analysts can protect their corporate networks by tracking in detail active sophisticated threat actors, their campaigns, and infrastructure.

These are entirely passive so-called ‘threat hunting’ toolsets, and do not utilise any active defence (hack-back) functionality.

Use of the tools can help security defenders to learn if their organisation’s sector or region is being targeted by bad actor groups. That information can then be used to harden the organisation against the known methods bad actors are using as part of their attacks.

Sophisticated bad actors target a wide range of victims depending on their operational mission and resources, including critical infrastructure, enterprises, to very small businesses.

Targeting depends on the mission and motivation of the group. Bad actors of all stripes will target businesses in a bid to steal intellectual property and customer and financial data, or to hijack infrastructure. Critical infrastructure by contrast is a target of typically politically-motivated actors.

“What would I do if I was a state actor and wanted to target the FBI? You’d say [in a phishing email] ‘here’s the truth of Comey’,” he says.

This victim-targeting can shift rapidly. Martin Hart (not his real name) demonstrated during Telstra’s Defend threat intelligence industry confab in Melbourne how some sophisticated actors pivoted within a matter of days from targeting governments in regional flashpoints to private sector firms for monetary gain.

“Not everyone has a lot of money to spend,” Hart told delegates at Defend.

“These tools will allow you to track bad guys all over the world, even if they are switching infrastructure all the time.

“No one tool will do all that for you.”

Hart, a US-based cyber security consultant, listed free tools including DomainTools; dnstwist; name server monitoring; CertStream; censys.io, and scans.io.

Taken together the tool suite allows security researchers to be alerted rapidly to the creation of homoglyph and masquerading domains (such as g00gle.com imitating google.com) and to understand quickly the shifting priorities of well-resourced adversaries.

Hart ran threat hunting experts through a series of examples of how he and his team had applied the tool suite.

He had set up DomainTools brand monitoring for ‘Comey’ following the dismissal of then FBI director James Comey in May last year.

This free check found dozens of domains including comeyismyhomey, comeyyourfired, and comey2024 established within hours of news of the dismissal.

“What would I do if I was a state actor and wanted to target the FBI? You’d say [in a phishing email] ‘here’s the truth of Comey’ and send it to the FBI – you know how many people would click on that? Lots,” Hart says.

In another example, Hart found the Fancy Bear (APT28) bad actor group had established watering holes and masqueraded domains (evronaval.fr) targeting the Euronaval annual defence conference in France. Threat researchers allege Fancy Bear is a CNE (computer network exploitation) arm of Russian intelligence with previous operations targeting the 2016 Democratic National Committee, the World Anti-Doping Agency, and German Parliament.

Threat hunting using these tools can be noisy, however, as it captures legitimate and malicious actors that establish domains and Facebook sites to attract visitors.

Some 1000 domains are generated each day for the 50 keywords, or brands, Hart monitors.

“We equate this to digging for gold,” Hart says.

He recommends threat hunters enrich their data by using free tools to check netblocks, SSL certificates, registrant information, and IP address data among other data types.

Threat actor hunters intending to crawl through registrant information after May 2018 may face trouble thanks to Europe’s General Data Protection Regulation. The new laws could depending on how it is implemented could see registrars follow GoDaddy’s footsteps and remove bulk searching of WHOIS site registrant data. As yet organisations along with the Internet Corporation for Assigned Names and Numbers have not announced final changes.

“The good news is that registrant alerts are just one technique that we use,” Hart says.