Welcome to the National Cryptologic Museum Foundation. The NCMF directly supports the National Cryptologic Museum (NCM), the first public museum in the U.S. Intelligence Community.

  • ...The nation’s brightest young minds to consider careers in STEM and cyber related fields

  • ...Robust dialog with the American public on cyber policy, technology, and privacy

  • ...Those who “served in silence” with valor and distinction, especially those who gave their lives in service

Did you know?

Polish mathematicians & code breakers made the first breakthroughs against Nazi Germany's Enigma code.......

Cybersecurity New Bytes - Early April 2018

Data Breach Hits Major Retailers

A data breach resulting from a common chatbot platform hit Sears, Kmart, Best Buy, and Delta Airlines this week. The compromise of chatbot company [24]7.ai occurred several months earlier but affected companies were not alerted until the first week of April. Retail customers of the affected organizations didn’t need to communicate with the chatbot to have their data compromised. Delta believes that any customer who entered credit card or billing information between 26 September and 12 October, 2017, may have had their information compromised. All four companies cannot verify that information was stolen, only that there is a chance that occurred. Cnet and Naked Security

Energy Grid Cyber Intrusions Probably Enabled by Outdated Cisco Protocol

DHS issued an alert in March citing concerns that Russian actors had infiltrated the U.S. electric grid and other critical infrastructures. The alert stated that, DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks. After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS). (See https://www.us-cert.gov/ncas/alerts/TA18-074A).) Information has now emerged that the attacks were directed against the Cisco “Smart Install” (SMI) client, an outdated utility that allowed remote installation of Cisco switches. SMI has been replaced by Cisco’s Network Plug and Play protocol, but many switches still retain the older protocol which remains in background waiting for commands. Attackers have used SMI to modify the TFTP server setting to exfiltrate configuration files, modify the switch general configuration file, replace the IOS operating system image, and establish local accounts used by the attackers to log in and execute IOS commands. Bleeping Computer, 5 April 2018

IoT Botnet Targets Financial Sector

Recent attacks against the global financial sector have been conducted by a botnet based on compromised Internet of Things (IoT) devices such as home routers, TVs, DVRs, and IP cameras. The botnet, possibly related to the IoTroop or Reaper botnet, was first observed in October 2017. It is a variant of the Mirai botnet that took down the Dyn domain name service provider in 2016 causing outages in dozens of U.S. companies. The new botnet may have been launched by a Dutch teenager arrested by police for conducting DDoS attacks against several Dutch organizations. The botnet appears to mostly target MicroTek routers that are widely used in Russia, Brazil, and Ukraine, although the attack affected entities in more than 130 countries. Recorded Future, 5 April 2018

U.S. Pipeline Companies Suffer Cyber Attack

At least four gas pipeline companies across the U.S. experienced outages from 29 March to 4 April due to an apparent cyber attack. While not disrupting the flow of gas through the pipeline system, the outages did affect the network used by customers to communicate their orders to the pipeline operators. No attribution was provided for the attacks, which are under review by the Department of Homeland Security. Bloomberg, 4 April 2018

Google Bug Fixes for April

Google’s security update for April includes 28 fixes. Nine of these are rated “critical” and the remaining 19 are rated “high.” Seven of the critical vulnerabilities are related to the Android Operating System, two tied to Android’s media framework and a Qualcomm Wi-Fi component flaw that allowed an attacker to gain access and execute arbitrary code. Four remote code execution bugs in the Android OS were fixed with the April patches as were additional Qualcom bugs. ThreatPost.com, 3 April 2018

New, Lethal Cyber Weapons on the Horizon

Speakers at a military conference on 9 April painted a dire picture of the future cyber threat horizon, including Internet of Things (IoT) weapons designed to kill people. Author Peter Singer talked about the lack of attention being given to data breaches and power outages in other countries. This presents potential opportunities for adversaries who want to attack the U.S. Dragos CEO Robert Lee discussed a new type of malware called “Trisis” that can attack industrial control systems to cause leaks and explosions rather than simply outages. Singer pointed out additional problems that can be caused by altering video or audio files to confuse military operations at very low cost. Military Times, 9 April 2018

Return to our HOME PAGE

THIS MONTH on the

On This Day In History

Calendar

  • President Ronald Reagan declared this day Navajo Code Talkers Day.

About Us

The NCMF directly supports the National Cryptologic Museum (NCM), the first public museum in the U.S. Intelligence Community. We think you will agree it is truly a "museum like no other."

Located adjacent to the National Security Agency (NSA) in Maryland, the NCM houses a priceless collection of artifacts that represent our Nation's history in code making and code breaking, as well as a world class library of cryptologic media. The NCMF acquires the best artifacts for the NCM and supports new educational and interactive exhibits.

The NCMF provides exceptional cryptologic programs throughout the year, encourages young minds to explore cryptology and innovation through valued awards, and hosts educational, cryptology-related exhibits at various community events.

As part of the Foundation's partnership with NSA to build the Cyber Center for Education and Innovation - Home of the National Cryptologic Museum (CCEI-NCM), the NCMF also serves as a leader in the field of cybersecurity - striving to provide the best in educational resources and programs.

The NCMF and NCM share a joint three-fold mission to Educate, Stimulate, and Commemorate. Learn more about our MISSION.