Tesla’s Latest Trade Secret Theft Lawsuit

Enigma Forensics experts investigate, preserve and recovery data to prove or disprove Trade Secret Theft. We have assisted many clients in financially recovering what was stolen from them or to help clear their name. Are you interested in learning more about trade secret theft? Check out Tesla’s latest law suit against a former software engineer.

A large portion of our business is forensically recovering and preserving data that is vital in proving or disproving trade secret theft. Enigma Forensics experts love to follow Tesla! We love the look of their beautifully engineered electric cars and we’re very interested in Elon Musk, the controversial character behind the engineering. Who is now labeled the most wealthiest man in the world. Our interest was piqued when we heard about Tesla’s latest lawsuit and that prompted us to write this blog.

On January 22, Tesla filed a lawsuit against Alex Khatilov, a former software engineer over Trade Secret Theft and Breach of Contract. Tesla contends that within days after Khatilov started his position on December 28, 2019, he began stealing thousands of highly confidential software files from Tesla’s secured internal network, transferring them to his personal cloud storage account on Dropbox to which Tesla has no access or visibility.

How did Tesla discover this trade secret theft or misappropriation of data?

On January 6, Tesla’s information security personnel detected Khatilov’s unauthorized download of a complete set of all the automation scripts produce by the Quality Assurance Engineering team for WARP Drive over the last twelve years! He was confronted the next day via Microsoft video chat due to Khatilov working remotely because of COVID-19 restrictions. Khatilov claims he installed a Dropbox desktop application to his Tesla issued laptop to allow him to upload administrative files to his personal Dropbox. He swore over and over that he only transferred administrative documents and then when he finally shared his screen with Tesla investigators he could be seen deleting the Dropbox files while on video chat confirming he had willfully destroyed evidence.

Why all the fuss?

How important are these scripts? These scrips are unique to Tesla and run on WARP Drive, the backend software for much of Tesla’s business. These files consisted of “scripts” of proprietary software code that Tesla has spent years of engineering time to build. When executed, these scripts automate a broad range of functions throughout Tesla’s business and only a few select employees have access to these files. It gets better! This is the good part…Khatilov contends he forgot about downloading thousands of confidential files!

The reality of this trade secret theft or misappropriation of confidential data is that Tesla has no way of knowing whether Khatilov copied the scripts onto a thumb drive, a mobile device, or a cloud based storage or most importantly sent them to another individual. To understand more thoroughly how important these “scripts” or trade secrets are…They map out Tesla’s innovations! Making them extremely valuable and beneficial to any competitor.

What measures ensure against trade secret theft or misappropriation?

  1. Tesla limited the “scripts” access to only members of the Quality Assurance Engineering team in which Khatilov was one of forty employees to have access. The engineers that have access are not permitted to download scripts to the cloud or personal devices. This makes us wonder how Khatilov was able to download data!
  2. Only eight people within the Tesla company are approved to grant access to these scripts.
  3. Each engineer signs an extensive employment agreement and agrees to policy conditions of their employment with includes a non-disclosure agreement (NDA), that holds each employee to the strictest confidence of proprietary information, technical data, trade secrets so on and so forth.
  4. The NDA also states that upon termination or departure each employee will immediately return to the company all original document electronic or hard copies.
  5. Each physical facility has restricted access to only authorized personnel that are monitored by security guards and cameras.
  6. All visitors must check in with security, sign a NDA, submit to a photograph and be escorted by an employee.
  7. Tesla also used password-protected and firewall-protected networks and servers that are only accessible to current Tesla employee with the proper credentials.

Moral of this story is…

Even high level technology companies has issues with trade secret theft. If your company suspects something like this, immediately hire a computer forensics expert to electronically preserve data of soon to be departing or a departed employee that has already left the company. Enigma Forensics can analyze data that was misappropriated or stolen to help clients recover financial loss.

Has your cell phone been lost or stolen?

Enigma Forensics offers step by step advice on what to do if you cell phone has been lost or stolen.

Enigma Forensics has recently received many calls regarding lost or stolen cell phones. So we put together 7 easy steps on what to do. You may have been involved in a crime where someone stole your phone or you could have lost or misplaced your phone. Either way, you know the feeling, it’s a sinking panic in the pit of your stomach. There’s no doubt it can be devastating! Here are some easy steps you can take to avoid this monumental headache. First a foremost DON’T PANIC. Take a deep breath and think logically through these steps.

Step 1 – You’ve discovered your cell phone has been lost or stolen – ask a friend or someone close to use their phone to call your number. If that doesn’t work try to locate your phone on another device that is connected to your Mobile App. Then text your phone. If it’s lost someone might be a good samaritan and want to return the phone. If you were involved in a crime contact the police department and file a report.

Step 2 – Check out your Mobile App or your phone’s native “find my phone” feature. If you have other devices in your home, log on, and try to use the locator.

Step 3 – Call your cell phone provider to inform them of a lost or stolen phone. They can assist you in what actions you need to take next. If you have insurance on your phone you will be able to replace it with minimal cost.

Step 4 – If you have any banking, or other important financial Apps on your phone contact them immediately to let them know your predicament. Most banks allow you to pause your financial cards while you locate your phone. Notify the credit reporting agencies to put a freeze on new accounts being opened in your name.

Step 5 – Always back up your cell phone. We know, this is easier said than done! You can make it easy on yourself if you schedule a calendar date and set a reminder.

Step 6 – If you lock your phone and rotate your passwords this could help avoid most of the headaches involved.

Step 7 – Have your cell phone carrier revoke your old SIM card to prevent any outside party from texting your contacts from your cell phone or another cell phone they may use with your SIM card.

Finally, keep calm and face each step with determination to resolve the matter.

Russian Hacker’s Latest Hack Or Did They?

Will 2021 become the year of heightened cyber security? What will it take for the U.S. Government get their act together? Here we are reported yet another cyber attack that gained entry through a supply chain. 2021 Year of Cyber Security!


As a Cyber Security company, Enigma Forensics is always interested in the 4W’s and 1H of a Cyber Attack. We would be remiss if we didn’t write a post about the most recent SolarWinds Hack allegedly by the Russians. Did the Russians time this cyber attack at precisely the moment in time when the United States is preoccupied? Amidst the Coronavirus shutdowns, the election results, the holidays, and the COVID-19 relief plan, it’s almost as if this particular Russian Hack completely flew under the radar.

What happened?

The attackers gained entry by using a software update sent out by Texas-based software company SolarWinds, which counts multiple U.S. government agencies as customers. In early December 2020, the news media reported at least 200 organizations, including U.S. government agencies and other companies around the world, have been hacked as part of this suspected Russian cyber attack.

Government’s response

The New York Times reported on December 13, 2020, “The Trump administration acknowledged on Sunday that hackers acting on behalf of a foreign government almost certainly a Russian intelligence agency, according to federal and private experts — broke into a range of key government networks, including in the Treasury and Commerce Departments, and had free access to their email systems.” We can’t find any reporting on what information was stolen.

Who raised the alarm?

It looks like FireEye, a computer security firm first raised the alarm about the Russian cyber attack after its own systems were compromised back in early Spring of 2020. What perfect timing to stage an attack considering the whole country is preoccupied with the rise of the pandemic! FireEye discovered a supply chain attack that was accessed through SolarWinds Orion business software updates in order to distribute malware that they called “SUNBURST.” Experts agree this is the work of highly-skilled actors and was performed with significant operational security. But, the real issue is why didn’t the government cyber protection agencies that are sworn to protect recognize the breach? It took an outside company to inform them of the cyber attack.

Where was the Cyber Attack aimed?

In this case, the U.S. government agencies seemed to be the target. As noted before, the hack was done through what is called a “supply chain attack,” in which malicious code is hidden in legitimate software updates and meant to target third parties. Could it have been the Chinese masquerading as the Russians? President Trump laid claim that there was potential it could have been the Chinese and not the Russians.

When was the Attack Noticed?

As reported by the New York Times, in a statement after a briefing for committee staff members, Senator Ron Wyden of Oregon, who has often been among the sharpest critics of the National Security Agency and other intelligence agencies, said that the Treasury Department had acknowledged that “the agency suffered a serious breach, beginning in July, the full depth of which isn’t known.” But no one will say just how serious the breach was!

Today, as reported in the Hill, the headline reads, “Intel vice chair says government agency cyber attack ‘may have started earlier’.” Sen. Mark Warner (D-Va.), the vice-chairman of the Senate Intelligence Committee, said on Wednesday, December 30, 2020, that the cyberattacks on U.S. government agencies reported at the beginning of the month may have begun earlier than previously believed.

How did the Hackers Hack?

The hackers used malicious code inserted into legitimate software updates for the SolarWinds Orion software. This allowed the hacker to remotely access the victim’s electronic environment. In order to avoid detection, they used a very small footprint and went to significant lengths to lay low and blend in. Very stealth-like in nature! The malware attacked slowly and moved with precision, covering its tracks and using tools that were hard to detect. Does this sound familiar?

Check out another Enigma Blog

https://www.forbes.com/sites/thomasbrewster/2021/01/26/google-warning-north-korean-hackers-breach-windows-and-chrome-defenses-to-attack-security-researchers/?utm_source=newsletter&utm_

EMR or EHR what is the difference?

EMR or EHR are synonymous. Both are medical records. The electronic medical records or EMR reveal an audit trail of what transpired during a medical or health visit. Each record is unique and tells a story about the patient. We are experts that can assist you to win your case!

Electronic data records are taking the place of the old school hard copy files and completely revolutionizing the way data is gathered and stored. Electronic Health Records (EHR) or Electronic Medical Records (EMR) are synonymous with each other. (EHR) is data that includes the patient’s vital information such as an address, medical history, allergies, immunizations, lab tests results, radiology images, and vital signs, also, personal statistics like age, weight, sexual orientation, and insurance information. (EMR) is an individual’s private health data that is stored in a protected database only accessible to medical personnel in compliance with The Health Insurance Portability and Accountability Act (HIPAA) regulations. EHR’s or EMR’s make patient charting easier and results in fewer errors and keeps this delicate personal information private and secure.

Medical data can be manipulated!

Medical data can be altered and inserted into EMR systems and made to look like it was there all the time or not there at all. Medical malpractice lawyers rely on EMR audit trails to tell the story of either side of a case; the plaintiff or the defendant. Medical records are marked by metadata or raw data. This data is developed separately from the EMR system making manipulation detection visible by reviewing the raw data and the database logs. Metadata can also be described as underlying data, like a digital footprint that creates an audit trail. In order to analyze raw data, you will need to hire Enigma Forensics; we are experts in the field of electronic medical records (EMR) or (EHR).

During a forensic review of EHR’s or EMR’s, we can authenticate or reveal backdating, back charting, data editing, or falsification of records. We have been on both sides of medical malpractice cases and almost always save our client a considerable sum of money. We work closely with the attorneys involved to help with eDiscovery verbiage and assist with what to look for.

Electronic Medical Records
Electronic Health Records and eDiscovery

Complete list of eDiscovery Questions For Electronic Medical Records

Enigma Forensics are experts in collecting and understanding electronic medical records or the EMR audit trail. Check out this blog to view our list of EMR Discovery Questions.

Electronic Medical Records (EMR) can be tricky! In most cases, during eDiscovery, you get what you ask for and only what you ask for! Every Discovery request involving a healthcare provider has unique aspects that need to be considered.

Enigma Forensics is an established Computer Forensic Expert Witness firm that has been involved in many medical malpractice cases and specializes in interpreting electronic medical records (EMR) audit trail or audit logs. Our staff has extensive experience with numerous EMR applications and can assist you with navigating through the challenges of EMR Audit Trails and/or Audit Logs. Electronic Medical Record a.k.a., EMR audit trail or log is the answer to who knew what when, in essence, it tells the story about what took place during the treatment of that patient.

The following is a list of important questions to file for the demand for eDiscovery for Electronic Medical Records, in a medical malpractice case.

  1. Provide the name of all medical software applications utilized to store [Patient Name]’s Electronic Medical Records (EMR).
  2. For each medical software application that contains [Patient Name]’s EMR, please provide the specific version of the software as well as the name of the company that produces the software during the relevant time period beginning on [beginning date] through the present date.
  3. For each medical software application that contains [Patient Name]’s EMR, please indicate if any of the specified software applications were migrated off to a new platform and what the current status is of [Patient Name]’s EMR on the original system.
  4. For each medical software application that contains [Patient Name]’s EMR, please provide the application administrators that have full access to the stored data and audit trails.
  5. For each medical software application that contains [Patient Name]’s EMR, please provide all user and administrator manuals for each of the medical software applications.
  6. For each application that contains [Health Care Provider Name]’s EMR, please provide the current retention settings for the audit trail for all patient’s EMR. Are the privacy log retention settings sent to a secondary audit log (e.g., Fair Warning)? Is the secondary audit log retention configurable within the systems and/or applications?
  7. For each application that contains [Health Care Provider Name]’s EMR, please provide the earliest date that [Patient Name]’s EMR appears in the application’s audit trail.
  8. Please provide the complete EMR audit trail for [Patient Name] detailing any health care provider’s access, review, modification, printing, faxing, or deletion activities in a comma-delimited format with any and all corresponding native files that may relate to the Electronic Medical Record for [Patient Name] as required by the Health Insurance Portability and Accountability Act § 164.312(a)(1).  Such an audit trail should include the original values and new values for any alteration of the EMR and shall indicate the user making the change and the date and time of the change.
  9. Please provide the data dictionary for each software application containing  [Patient Name]’s EMR.  Such dictionary shall include the username key that maps the real names of individuals to their unique user login account IDs for each medical software application containing any EMR for [Patient Name] as required by the Health Insurance Portability and Accountability Act § 164.312(a)(2)(i). Additionally, any lab test, codes, or other short-form identifiers included in  [Patient Name]’s EMR Chart or EMR audit trail should be provided as part of the data dictionary production.
  10. Please provide any and all original voice transcription recordings that were made by [Health Care Provider Name], or any other staff that related to [Patient Name].
  11. Please provide any other native electronic files or emails that relate to  [Patient Name] in the native format with an index containing the original unmodified metadata for each of the native files or emails produced.
  12. Please provide any DICOM files that were captured as part of [Patient Name]’s treatment by [Health Care Provider].
  13. Please provide electronic records of any outbound faxes and/or other methods of communication that were utilized by [Health Care Provider Name] to [EMR Recipient], in its native form with a corresponding comma file listing containing all available metadata in a delimited format with the corresponding file path to the native file produced for each record.
  14. Please provide the name and title of the person most knowledgeable for the [Health Care Provider Name]’s software/auditing and compliance system. 
  15. What customizations and settings were active at the time when the plaintiff was admitted into the hospital? What privacy-related logging is in place for each such system and/or application? Are privacy log retention settings in place for each such system and/or audit log?

COVID-19 Impact on Supply Chain

Was the COVID-19 Pandemic a wake up call for those businesses who are dependant on the world’s supply chain? Let’s face it everyone is dependent in one way or another on the world’s supply chain. But do we really understand what’s going on? Check out this video blog as experts take a look at the supply chain and the impact of COVID-19.

What’s going on with the world’s supply chain?

Enigma Forensics is wondering about the impact the Coronavirus/COVID-19 pandemic has had on the world’s supply chain. Lee Neubecker sits down (virtually) with Geary Sikich from Logical Management Systems. Both agree the spread of Coronavirus/COVID-19 has been a wake-up call for the world.

First of all, we think it’s safe to say everyone is feeling the impact of COVID-19! It has been devastating for every human being on the planet. What have we learned? Supply chains that carry life-saving products were pinched off and that presented a huge shortage sending the medical professionals and government agencies scrambling to provide much-needed protective medical supplies. Many businesses are dependent on global sourcing and have now found themselves facing hard choices amid the supply chain disruptions.

Both Lee and Geary, agree shipping is an under-reported issue that has been negatively impacted by COVID-19. We all know the story of stranded cruise ships that were quarantined at sea and as a result cruise ships became super-spreaders of the virus. But, what about the shipping industry? Specifically, cargo, oil tankers, and container ships. We know these types of goods transports have limited crews, to begin with, and now we have learned that some of these ships have been quarantined at sea. If they make it into port they are quarantined based on the fact the products they are transporting could possibly be infected. Check out this video to learn more about the COVID-19 impact on the supply chain.

Was COVID-19 pandemic a wake up call?

Lee Neubecker (LN): I am here today with who is that? Geary Sikich, you wore your mask.

Geary Sikich (GS): Yes I’ve been completely protected with this mask.

LN: Is that comfortable?

GS: No, it’s hot and it is made out of rubber. So it’s to kind of a, not the greatest mask in the world if you choose to wear one but it’s good for comedy and it’s almost Halloween so.

LN: So how much did that set you back?

GS: $10 on Amazon

LN: Now how’s the breathability of that thing?

GS: Actually the breathability is pretty good. It actually is pretty good. Then, the biggest issue you face with it is just that you’re going to have body heat kind of contained. If you don’t wear it for a long period of time or you don’t have headphones on you should be okay.

LN: So I had you on the show today. I wanted to ask you some questions about what impact the COVID-19 pandemic is having on our trade environment with imports and exports.

GS: So in general, as the pandemic started to evolve, we saw the impact in a number of different areas. There was a lot of impact on the cessation of imports by countries China, for example, ceased and used force measures to stop oil shipments from coming in. The US has had a big backlog on all their ports, because of concern over making sure that what’s coming into the country is not tainted. The bigger impact and this was one that really is kind of been under-reported if you will, has been that the shipping industry., now take cruise lines out of it ’cause they got a tremendous amount of media coverage with cases there. But what we have is a real issue with shipping, the ships that are container ships, bulk ships, cargo ships of all types, including your large oil carriers. There is a limitation of people who serve on those ships, crews. There’s been a lot of crews that because of Coronavirus/COVID-19 infection on a ship have been quarantined out at sea. And so we’re seeing ships being taken off usage because they’re sitting being quarantined. We’re seeing so a disruption in the supply chain because of a key component of the supply chain, not related to the end products or the originating product.

LN: So all the just in time delivery and assembly is really a parenting problem we say can’t rely on the GPS and calculated travel time.

GS: And actually there’s been another issue that’s come up with, with the systems on ships because of cybersecurity obviously, and in a general way, but they’ve had a tremendous impact in those areas because of that. So shipping has been hit majorly as has air transport because airlines have cut back so tremendously on flights.

LN: All right so in terms of some of the supply chain security programs they have out there, what are you seeing that companies are doing to protect their supply chain implementing these programs?

GS: A lot of what I see right now is that companies are trying to find alternative suppliers so that they can have a broader base of supply chain. So from where we were single-source supply, we’re now looking at moving towards multiple source supply so that they can continually keep a feed of supply coming in.

LN: Yeah because I’d imagine if certain regions experienced the COVID-19 outbreak more, that would disrupt the supply either going to or coming from that region.

GS: Yeah, and you think about things like border closures, you think about things like the inspection process, the concern over whether or not there is going to be contamination coming in in a cargo container you know, may have.

LN: Are they having, in some cases are they having the ships quarantined when they arrive?

GS: In a lot of cases

LN: Before they are unloaded?

GS: Yeah and that impacts tremendously because you got to take a look at the shipping industry and the cargo shipping. They have gone from smaller cargo ships to mega cargo ships. And these mega cargo ships can have, you know, a lot of containers, hundreds of containers if not more. And the problem is when you lock in a ship like that, your shipment may be one of many that gets stuck. And when you take that size ship out of service you can’t replace it very quickly because what happens in the industry is very simple. They’ve gone to larger ships to carry greater amounts. So economy of scale, and they’ve taken the smaller ships and as is now the case with the cruise industry they’re in yards in India and various other countries and shipbreaking yards. So they’re completely being taken apart and they’re no longer part of the service of shipping that’s out there. Now so replenishment of the container, the vessel, is going to have an impact. And if you take one out, you don’t have an easy replacement for it.

LN: Geary well, thanks a bunch for being on the show. I really appreciate it.

GS: Thank you Lee I appreciate your time.

To Learn More About Logistical Management Check out this website

http://logicalmanagement.com/

COVID-19 Precautions on Election Day

What do bacterial wipes, shields, social distancing, gloves, and safe drop boxes have in common? These are some of the COVID-19 precautionary steps Cook County Clerk Karen Yarbrough has implemented for election day on November 3rd.

Cook County Clerk Karen Yarbrough along with her team has worked hard to make many precautions to each polling place in the City of Chicago to guard against COVID-19. Clerk Yarbrough sits down with CEO Lee Neubecker of Enigma Forensics to discuss the COVID-19 precautionary measures that will be put in place to keep the voters safe on election day.

COVID-19 Precautions by Cook County Clerk Karen Yarbrough

Election Day Voting & COVID-19 Precautions

Lee Neubecker(LN): So I’m here today again with Karen Yarbrough Clerk of Cook County. Karen, thanks for being on the show.

Clerk Karen Yarbrough(CY):My pleasure Lee.

LN: And today, we’re going to be talking about election day voting, what you should know what steps the clerk’s taken to help ensure that you’re safe and protected from COVID-19. So Karen, tell us some of the steps you’ve taken to help protect the poll workers and voters for the upcoming election day.

CY: Well Lee, the primary election really gave us a really good bird’s eye view of what we needed to do. What we were unable to do. We had ordered over $30,000 worth of equipment for our poll Watchers and our judges and the public. And it didn’t show up and we get it. They had diverted it to the first responders. So using that as a guidepost, we are prepared for November election. In our warehouse currently, we have gloves we have masks, we have shields, we have the bacterial wipes. We have everything that we need for this election. Additionally, we plan to mark off in the polling places. There’s the six foot we’re going to social distance and the same thing with the machines. We’re going to social distance those. People can feel safe and secure and their vote is going to be the same way.

LN: So what if it rains on election day?

CY: Well, what if it rains? We’re going to do what we always do. We’re going to take an umbrella We’re going to go to the polling place and we’re going to put our umbrella up and we’re going to go and vote.

LN: Well, hopefully enough people early voted, and voted by mails.

CY: We’re hopeful. We’re encouraging people to early vote but what we’re seeing that there’s still some people who want to show up on election day and that’s their right. and we’re going to honor that.

LN: So should people bring their own Sharpie or pen when they come to the polling place?

CY: If they feel more comfortable bringing their own pen by all means, bring it. But I can tell you that we will have a sufficient number of pens. We plan to clean them between each use so that everybody can be safe. I want my workers to be safe as well as the voters.

LN: So what are you doing to help protect people against COVID 19 transmission that comes from being bunched in lines while waiting?

CY: Well, there won’t be any bunching in lines, okay? First of all, they’re going to be socially distance at least six feet apart. So there won’t be any of that bunching that’s…

LN: So you have lines on the floor?

CY: No we’re going to have, we’re going to have yes, absolutely lines on a floor inside the polling place and even outside the polling place even if it rains.

LN: Are they doing temperature checks?

CY: We are not.

LN: So do you think, should we be concerned about a potential spike in cases in Cook County, following election day?

CY: You know we were during the primary, we were concerned about that, but not one person, not one judge and that one person that we know of were affected. And we certainly didn’t have what we’re going to have in November. So I really don’t think so. We’re going to take every precaution to make sure that people are safe. I will be out there all day, election day as I usually am. I go to the polling places, I talk to the judges to see if there are any problems. We have a team of people who will be out there that day to problem solve and troubleshoot. So I fully expect things to go well on election day.

LN: So if people aren’t sure where they vote, how can they find out?

CY: They can go to the best website in the world. And that is cookcountyclerk.com all things election your trusted source.

LN: Great, well thanks so much. This is great, you’ve reassured me, however, I’ll be voting by mail this year, but I’m certainly hopeful that many other people did as well. So that the lines are short and fast for everyone.

CY: We’re suggesting that people come up with their own plan of what you’re going to do. If you’re going to vote early and drop it in the mailbox if you’re going to get your ballot and drop it in one of our safe drop boxes or if you’re going to vote on election day find a plan, make a plan and then exercise your right to vote.

LN: And what should people do before they come in to the election poll?

CY: What should they do? Well, they should wash their hands. They’re going to have to do that. We’re going to have that bacterial stuff that you use on your hands, but we’re going to have gloves too. People are going to be safe. They’re going to feel very very comfortable when they come to the polling place.

LN: And they should wear a mask when they come.

CY: They should absolutely.

LN: And if they forgot their mask?

CY: And if we’re going to give them another one.

LN: Great.

CY: Yes.

LN: So most importantly vote. Thanks for helping keep us safe Karen.

CY: Thank you.

To Learn More about the COVID-19 Precautions Check out Cook County Clerk’s website

https://cookcountyclerk.com/

GPS Vulnerability of Cyber Attacks in the Shipping Industry

How much would you freak out if your Amazon Prime order would take over a week to be delivered? Check out this discussion to find out more about GPS vulnerabilities and related concerns about the impact on international shipping trade.

Global Positioning System (GPS) Vulnerabilities

GPS Cyber Attacks in the shipping industry would cause billions of dollars in damage to the world’s economy. Just how vulnerable are the GPS systems in the shipping industry? Enigma Forensics CEO Lee Neubecker and Geary Sikich, Principal of Logical Management Systems, report on a GPS Cyber Attacks on maritime shipping lanes. Together, they analyze the vulnerability and offer solutions to thwart cyber attacks.

Check out this video to view a Realtime GPS Cyberattack

Transcripts of Video Follows

Lee Neubecker (LN): Hi. I’m Lee Neubecker and I’m back here with Geary Sikich on my show, thanks for coming back on Geary.

Geary Sikich (GS): Thanks Lee for having me. I appreciate it.

LN: So, what do you want to talk about today?

GS: Well, we can talk about transportation issues, we can talk about Coronavirus issues related to anything and everything.

LN: How about the cyber attacks that you were talking about earlier that took place in some of the cargo shipping.

GS: Yeah, I was just going to mention that we’ve had a number of incidents over, well, since March that I think would’ve occurred regardless of Coronavirus or not, but we’ve seen more and more shipping being attacked in cyber attacks with ransomware, with other types of interference. So, we’ve seen an uptick and there’s a lot of vulnerability and susceptibility within the shipping industry in that regard. They just had one this week.

LN: Yeah. You know, you brought that up and I remembered there’s a video I want to share with you.

GS: Mm-hm.

LN: Back when the USS McCain underwent a cyber attack, well, they had a collision, and I speculated that it was a cyber attack. I want to just show you the clip and see if you see what I saw. Hold on just a second, share screen. Okay. Got the screen on. This is an AIS video which is posted, it shows commercial traffic.

GS: Mm-hm.

LN: And I’m going to jump forward to what we see here at this point in time. This is the USS McCain which is not on the commercial public tracking system, and the blue line here is actually the Alnic which changes course at the last minute and collides. So I’m going to play it real quick. You can see the Alnic.

GS: Ooh.

LN: Okay, what did you notice happen at the precise time of the collision?

GS: Well he went almost directly at the ship. It was like a 90 degree turn.

LN: Yeah, watch it one more time here. And so it was minutes before the course changed. Many of these cargo ships are under, you know, autopilot GPS drive.

GS: Mm-hm.

LN: Now, I want you to look, I want you to look right here. See this ship here? Run Hang 98?

GS: Mm-hm.

LN: That’s a Chinese ship. It’s within, it’s within Bluetooth, Wifi, GPS spoofing range of the Alnic. And now watch at the exact time of collision. It disappears. You see that?

GS: Wow. And–Yeah, that’s kind of…

LN: Yeah, so, anyway, I reported this previously to the Department of the Navy at the time but there were a number of incidents happening that made it look like these vessels under autopilot were having, at the last minute they were suddenly changing course and colliding into ships. So this whole GPS hacking is still, you know, still a real risk, and that’s why now, you know, the military said that this was an issue with the men on deck not paying attention to what’s around them, but at the time, I don’t think that the Navy expected friendly cargo ships to suddenly collide towards them.

GS: Yeah, to veer off course like that.

LN: On short notice. So, I suspect now that the Navy has protocols to help anticipate this type of thing happening and to protect our servicemen.

GS: Mm-hm. That kind of goes along with the studies that they’ve done on the utility side of the house with the generation equipment. Your converters, your, you know, the big boxes that essentially transfer power from power plant to the grid system. And they’ve seen that you can take those over via the cyber for, you know, the cyber window if you will.

LN: We even had the issue with the Boeing Max 8’s when they were having all those problems. And the chip that was inside the plane is a combination hybrid chip that’s both electromechanical and digital, and if you, if you direct sound waves at that chip, at the natural frequency of the chip, you can cause the chip to malfunction or even be damaged. So it’s possible that a sonic attack was launched either while the plane was on the ground, to damage that chip, or it could even happen in air. So I suspect that, you know, the Max 8 is undergoing rigorous testing before they bring those back up.

GS: Yeah, I would think that that’s got to be, I mean, just the entire cyber perspective, it’s got to be an area where private sector and public sector need to coordinate and, you know, share information, but also figure out a way to begin to protect. Now, the interesting aspect with this is that I talked to a couple of colleagues recently, former military, and they’re all saying now that there is a developing new strategy where instead of being reactive that the US may become proactive, if you will, and preempt a lot of attacks. So they may become more aggressive in terms of cyber security in an offensive way versus a defensive way. Which is really interesting because at what point does that become so expansive that we find ourselves, you know, locked in a cyber conflict.

LN: Yeah, like let’s take the GPS, the potential for GPS hacking is there.

GS: Mm-hm.

LN: By having multi-antenna detection systems, you could have on the front of a vessel and the back of the vessel, you could have two antennas attached to a computer, and if it detected a sudden change over in the GPS coordinates that didn’t align with the distance between the two, you could know that that vessel’s in a region where someone’s screwing with GPS. And then, if you have enough vessels with this technology, you could triangulate and locate the source of the emission. And that would be something that could be proactive to identify are there vessels out there on the water that are emitting and trying to overpower the global satellite GPS signals with local signals? And that would be very useful to know because you could track down, you know, the source. And it doesn’t mean that the, the source ship might not even know that their equipment’s compromised. So, it’s a lot more complicated that simply assuming that the vessel generating the signal, that the operators of that vessel are behind the attack.

GS: So, it would be wise to not sync them right away .

LN: That would be good. Well thanks for being on the show. I appreciate it.

GS: Thanks Lee for having me. It’s a great topic. I’m sure that this is going to get much more press over time.

LN: Yep. Take care.

https://www.ics-shipping.org/shipping-facts/shipping-and-world-trade

How to Vote by Mail in Cook County?

How does voting by mail work? Are you worried about voting mail fraud? Check out this video blog and you will be so much smarter after.

How is voting by mail going to work? Is it safe to vote in-person or should I vote by mail? All of your questions are answered in this video blog with Computer Forensic Expert Lee Neubecker and Cook County Clerk Karen Yarbrough. They will help put your mind at ease!

Vote By Mail

Lee Neubecker (LN): Hi, I’m here again with Karen Yarbrough, the clerk of Cook County and she’s responsible for administering elections and making sure that your vote counts. Karen, thank you for being on the show again.

Clerk Yarbrough (CY): Again, Lee. Thank you.

LN: So, today we’re going to talk more specifically about voting by mail.

CY: Okay.

LN: What do you have to do to vote by mail?

CY: Well, the first thing you have to do is be a registered voter. What a concept, right? Be a registered voter and then have a place where you want your ballot to be mailed to.

LN: Okay. So if you want to get that ballot, how can you get a vote by mail ballot?

CY: You apply at the best website in the world cookcountyclerk.com and you apply there. You will be sent a ballot and hopefully you will review your choices, make your choices, you’ll sign the envelope, it’ll be a postage paid envelope for you and mail it in. Or you have the option of if you don’t want to mail it in, we’re going to have over 60 boxes in which… They will be inside of the early voting places. And you’ll be able to drop those in the box. Now, I want to tell you that they’re inside because some people have suggested that, “Oh, if they’re out in the middle of Michigan Avenue, somebody could just cart it off.” We’ll not be in the middle of Michigan Avenue. They will be inside the polling places and they will be attended to by one of our election judges.

LN: Great. So you can either drop it off at the polling place or you can drop it in the mail?

CY: Yes.

LN: And, what is the deadline on when you can last request a ballot to vote by mail?

CY: Whatever that deadline is, don’t use that deadline to do it today, okay? Today is the day that you should request your ballot. We’ve heard some stories about the post office, although we feel like they’ve been doing a pretty good job and regardless of the noise you’re hearing from Washington, turn it off, fill out your ballot, send it in or drop it off at our locations.

LN: And So as long as it gets postmark stamped by November 4th, it counts, correct?

CY: November 3rd. Yes.

LN: Okay, November 3rd.

CY: Yes, yes.

LN: So as long as it gets stamped by November 3rd, the ballot counts?

CY: That’s absolutely correct.

LN: So drop it off at the post office if you’re concerned, but people should try to drop it off early so there’s time-

CY: We want people to apply now for their ballot. Get their ballot, review their choices, pop it in the mail or else drop it off at one of the drop boxes at our early voting sites.

LN: So, you could also think of voting by mail as doing your part to help control the spread of COVID-19.

CY: I agree. And we’re suggesting, especially to seniors, seniors are very… They want to be social and that’s what many of them have told me. They like showing up on election day. So I’m suggesting to them to use my website, cookcountyclerk.com order your ballot, review your choices and either mail it in and if you want to be social, drop it off at one of our drop boxes. You’ll be able to wait to our judges that you’re used to seeing on election day, but you’ll be able to not stand in line and pop it in our dropbox.

LN: Good. So, let’s say that someone’s at a situation where they got the ballot, they have it at home, but it’s election day. Is it better for them to drop that vote by mail ballot at a poll box or is it better to go in and vote in person?

CY: They should go ahead and vote in person. Even though that ballot, we know that ballot, they have that ballot and the fact that they lost it or they don’t have it, that’s okay. Come in, vote, but there’ll be voting provisionally. And what we do is that spoiled ballot, as far as we’re concerned, that ballot is spoiled because they’ve already voted. Each and every voter in Cook County has a unique voter code that is you. And anytime it shows up, that’s where you get the one person, one vote. We’re not again, having Mickey Mouse to vote in these elections, okay?

LN: So, you think that there’s any truth to voting by mail leading to a fraudulent outcome of the election?

CY: There’ve been countless studies done on fraudulent voting and elections. And I don’t know why this year this is such a focal point. These studies have suggested that less than one point, whatever percent, it’s just not happening, it’s red herring, it’s not happening. So we’re not going to… Although we’re going to prepare for anything like that, it’s just not true.

LN: All right. And one last thing, can you tell everyone again what the website is they need to go to, to request the vote by mail-

CY: cookcountyclerk.com the best website in the world that you can use to get the real deal. No fake news there.

LN: So you said cookcountyclerk.com?

CY: That’s right, yeah.

LN: Not .gov, but .com?

CY: No, .com. We are your trusted source as it relates to elections in Cook County.

LN: Well, thanks again for being on the show and everyone do your duty and get your ballot, vote by mail, vote early, vote often, as they say in Chicago. So-

CY: We’re only going to be voting one time in Cook County.

LN: Great. Thanks again.

CY: Thanks Lee.

LN: Take care.

Secure the Voting System from Election Hacking

Cook County Deputy Clerk John Murkovic has worked hard to secure the electronic voting system. He’s made it hard for cyber hackers to throw a wrench in our election process. Learn what measures he has implemented against election hacking.

Cook County Deputy Clerk John Mirkovic focuses on securing the electronic voting systems from election hacking

Enigma Forensics, CEO Lee Neubecker and Cook County Deputy Clerk John Mirkovic discuss election hacking and measures that have been taken to help secure Cook County for the upcoming 2020 Election scheduled for November 3rd, 2020. The two discuss past hacking attempts during to 2016 election cycle on the Democratic National Committee, including phishing attacks that compromised numerous campaign workers.

Protecting the Vote From Cyber Attacks and Election Hacking

Lee Neubecker (LN): Hello, today I have John Mirkovic from the Cook County Clerk’s Office. He’s the deputy clerk and he oversees all the technology and communications working with Karen Yarbrough, and today I’m going to be talking to him about protecting the vote from cyber attacks. First, I wanted to start off by recapping what happened in 2016. Hillary Clinton’s Campaign Chairman, John Podesta, was phished with an email on March 19, 2016. And what had happened is he forwarded an email to a staffer that had replied with a typo. The staffer said this is a legitimate email versus what the staffer should have said is this is an illegitimate email. So he did the right thing by checking first, but he probably should have picked up the phone and not relied on email. So then he went and he clicked through and reset his password. And the type of attacks that are happening right now is such that when you click a link, sometimes it will pretend to be Office365 or Google, and it will want you to put your username and password in so that you can see the document. Well, in fact, those sites are getting your credentials for later cyber attacks, or they’re trying to put malware on your computing device. So what happened after that? In April 2016, hackers created a fake email account and spearfished 30 Clinton staffers. They sent a spreadsheet that had the name Hillary-Clinton-favorable-rating.xlsx and that attachment was designed to make the staffer want to click. So these are social engineering attacks on campaign staff. And then later DCLeaks was registered, and all these emails were published and put out there, which was very damaging and probably changed the outcome of the election in 2016. So I have John here, and John, I want to ask you, what steps has the Cook County Clerk taken to prevent similar attacks here in Cook County?

Securing Electronic Voting

John Mirkovic (JM): Well, I think one is that we don’t make it so easy that you can change credentials via one email that way. So, what happened to Mr. Podesta, it would have required a few more steps in our agency, which is usually good, I guess, but it was such a clever attack. There’s almost no way to stop something that clever, and that relies on someone’s sense of urgency and emotion. So we, in our office, we work with Cook County on our email servers, so we would reach out to a different office to work with that. So the ability to make it hard to change emails, for example, you know, it can be frustrating sometimes but you know, you realize when you build those layers up if they frustrate you that means they’re going to frustrate an attacker as well so that’s one way.

LN: So deployment of frustration, a government staple, right?

JM: Yeah, the old help desk.

LN: Well, having these processes in place though, by design they help protect people and make it more difficult for hackers to get in. So that’s great. There’s been a lot of talks about potential hacks coming on election day, should voters be concerned that their vote’s going to be hacked on election day?

JM: I think they should be more concerned about the disinformation campaign that is going on about hacking voting machines in Illinois, and that we have the misinformation from nebulous foreign state actors, but they’re actually people in this country who are being paid. You know, they think they’re working for a news agency, but it’s some shell and all they’re doing is spreading misinformation, especially in Illinois. You know, we’ve had to refute notions that our ballot marking devices are connected to the internet and that anybody can get in there. So to answer your question, we use a lot of layers of security and some of them, and the main one is we don’t even give ourselves the ability to update these machines on election day or in the field, which again that frustrates us, but we also know that if there’s no way to communicate with those machines by us even, then no one else can, so.

LN: Isn’t there also a simultaneous paper audit trail for the voting machines?

JM: Yeah, so voters in suburban Cook County should be really happy with the system we have in Illinois, which requires a paper backup of every vote. So voters in the suburbs may remember, I don’t know if they had them in the city, but they may remember the sort of receipt paper printers that were built into the machines and they would kind of scroll really quick and show you what you voted for, but it really wasn’t user-friendly, so.

LN: John, just finally, should voters be concerned about election equipment being hacked on election day?

JM: Well, you know, depends where they live. If they live in a state that isn’t as committed to security, I think that people should ask questions and these are the right types of questions to ask, and if you live in a state and you find out your ballot marking device or voting machine is connected to the internet, you should be worried about that. In Illinois, that is not the case and we don’t even use the open internet for any transmission of data, we use secure cellular networks that can work one-way communications and send encrypted data that cannot be tampered with in transit. So voters should ask questions and, but they should also be mindful of who’s causing them to ask questions, and if that person is playing on their emotions.

LN: Great. Do you think that early voting and vote by mail will help reduce the potential impact of election day hacking?

JM: Yeah, I believe so. If you think about centralized versus decentralized targets. You know, an election where you have ballots being cast in 400,000 different locations, as opposed to 1,000, that’s a bigger attack vector and harder to, you know, for a foreign adversary to manipulate really. So it’s really, a mail election sort of really makes it hard for a hacker to find a way to get in there, so I think that vote by mail does make election safer.

LN: Great. Well, thanks a bunch for being on the show, I really appreciate you taking the time to come on.

JM: Thank you, Lee.

Securing Electronic Voting

Check out Cook County’s website!

https://cookcountyclerk.com/