Welcome to the National Cryptologic Museum Foundation. The NCMF directly supports the National Cryptologic Museum (NCM), the first public museum in the U.S. Intelligence Community.

Did you know?

Polish mathematicians & code breakers made the first breakthroughs against Nazi Germany's Enigma code.......

UPCOMING EVENTS

Friday, March 8, 2019
Worldwide

Monday, March 25, 2019

Wednesday, March 27, 2019
10:00 am1:00 pm
CACI Inc., Maryland Conference Center | 2720 Technology Drive | Annapolis Junction, MD 20755

Sunday, April 28, 2019Wednesday, May 1, 2019
IP Casino Resort Spa, Biloxi, MS

Cybersecurity News: REAPER botnet, Russian Phishing at CyCon, & More.

This Week in Cybersecurity (week ending 10/28/2017)

REAPER Botnet Grows, but its Purpose is Unknown

REAPER is a growing botnet of over one million devices, causing concern in the global cybersecurity community. REAPER infects video cameras and other Internet of Things (IOT) devices, taking advantage of known vulnerabilities in D-Link, Netgear, and AVTech products. REAPER is similar to the Mirai malware that infected IoT devices in late 2016. The infected devices in turn launched a Distributed Denial of Service attack on Dyn DNS in late 2016, knocking out a number of Internet services in the U.S. While the botnet continues to grow, there have been no known attacks so far and it’s unclear how the botnet may be used. (Source: ZDNet.com, 24 October 2017)

Russian APT Attempts to Phish CyCon Participants

CyberWire reports on potential Russian interference in this year’s CyCon conference. Fancy Bear (APT28, or, to name it directly, Russia's GRU) is snuffling around people thinking about attending next month's CyCon conference in Washington, DC. Sponsored jointly by the US Army Cyber Institute and NATO's Cooperative Cyber Defence Centre of Excellence, this year the well-known conference takes "the future of cyber conflict" as its theme. Fancy Bear is phishing for prospective attendees with a baited Word document that carries Seduploader as its payload. Seduploader is a reconnaissance tool useful in determining which targets deserve closer attention. The phishbait document, a cut-and-paste job designed to look like an event flier, is "Conference_on_Cyber_Conflict.doc." Stay away from it and the malicious Visual Basic for Applications (VBA) macro it contains. (The CyberWire, 10/25/2017)

Bad Rabbit Ransomware

Bad Rabbit is a new type of ransomware that is causing concern. Confined so far to Russia and Eastern Europe, it is the third major ransomware this year following WannaCry and NotPetya. Bad Rabbit is delivered via a drive-by attack on unsecure websites. A malware dropper disguised as an Adobe Flash update is downloaded to unsuspecting visitors to infected websites. When they click on the update link, their computer locks up and files are encrypted using DiskCryptor software. A ransom note appears demanding just under $300 in Bitcoin within 40 hours in return for the keys to decrypt the victim’s files. Experts are increasingly convinced that Bad Rabbit is the work of the same threat actors responsible for NotPetya, although Bad Rabbit does not appear to be as sophisticated. Several internet security firms have noticed that the servers and sites BadRabbit's controllers used seem to have shut down after just a few hours of activity. Others have noted that Bad Rabbit, unlike NotPetya, does not appear to use tools stolen from NSA by the still-unidentified Shadow Brokers group. (Source: The CyberWire 10/26/2017 and Wired UK article.

Kaspersky Lab Update

Kaspersky Lab's transparency and charm counteroffensive may have hit a bump. The company acknowledged that its security software did indeed scoop up some NSA tools (from a machine that should never have had them in the first place). They say they promptly deleted the sensitive files. (Source: TheCyberWire, 10/26/2017)

US-CERT Alert on North Korean Botnet Infrastructure

DHS/US-CERT updated an alert from June about North Korea’s HIDDEN COBRA botnet structure. The new alert is TA17-164A. It provides the following overview as well as technical indicators and suggested response guidance.

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides technical details on the tools and infrastructure used by cyber actors of the North Korean government to target the media, aerospace, financial, and critical infrastructure sectors in the United States and globally. Working with U.S. Government partners, DHS and FBI identified Internet Protocol (IP) addresses associated with a malware variant, known as DeltaCharlie, used to manage North Korea’s distributed denial-of-service (DDoS) botnet infrastructure. This alert contains indicators of compromise (IOCs), malware descriptions, network signatures, and host-based rules to help network defenders detect activity conducted by the North Korean government. The U.S. Government refers to the malicious cyber activity by the North Korean government as HIDDEN COBRA. Click for more information related to HIDDEN COBRA activity.

Twitter Exec Victimized by Russian Trolls during 2016 Election

According to CyberWire, a Twitter executive was successfully trolled by Russian influence operators in 2016. The exec was induced to retweet positive stories from a bogus Black Lives Matter activist, who in reality was a Russian troll. Observers take the incident as a cautionary tale of how grooming influencers works. (CyberWire, 10/25/2017)

THIS MONTH on the

On This Day In History

Calendar

  • Government seizure of cryptologist Herbert Yardley's never-published book, "Japanese Diplomatic Secrets."

About Us

The NCMF directly supports the National Cryptologic Museum (NCM), the first public museum in the U.S. Intelligence Community. We think you will agree it is truly a "museum like no other."

Located adjacent to the National Security Agency (NSA) in Maryland, the NCM houses a priceless collection of artifacts that represent our Nation's history in code making and code breaking, as well as a world class library of cryptologic media. The NCMF acquires the best artifacts for the NCM and supports new educational and interactive exhibits.

The NCMF provides exceptional cryptologic programs throughout the year, encourages young minds to explore cryptology and innovation through valued awards, and hosts educational, cryptology-related exhibits at various community events.

As part of the Foundation's partnership with NSA to build the Cyber Center for Education and Innovation - Home of the National Cryptologic Museum (CCEI-NCM), the NCMF also serves as a leader in the field of cybersecurity - striving to provide the best in educational resources and programs.

The NCMF and NCM share a joint three-fold mission to Educate, Stimulate, and Commemorate. Learn more about our MISSION.