Malvertising Poses Threat to the U.S. Intelligence Community

In a recent letter to Federal Chief Information Officer Clare Martorana, Senator Ron Wyden voiced his concern over the current state of privacy amongst federal offices, saying:

“I write to urge the Office of Management and Budget (OMB) to protect federal networks from foreign spies and criminals who misuse online advertising for hacking and surveillance, by setting clear new rules for agencies in its forthcoming “zero trust” cybersecurity policy.”

The letter goes on to highlight the widespread adoption of digital security guidelines by most U.S. intelligence agencies, and the failure of others to adhere to OMB recommendations.

(Click here to read the entire letter.)

Wyden’s statement exposes gaps in cybersecurity in the form of the inconsistent application of suggested ad blocking cybersecurity measures across all government networks. And without stricter regulations in place, the OMB leaves room for malware attacks in the form of “malvertising.”

First, let’s define “Malvertising.”

Simply put, malvertising involves the use of innocuous looking ads to gain access to a network. So, Joe Schmo is surfing the web and sees an ad for a cheaper version of that dollar shave club that he/she/they is totally excited about.

One click and an email later, and Joe Schmo has now unknowingly downloaded some form of malware.

Doing this allows hackers to use ad distribution networks to target and deliver malware while hiding in plain sight.

Now apply this to matters of national security and imagine that Schmo is doing some online shopping on a government network…not cool.

In that case, everything from addresses to banking information becomes (un)fair game to cyber-criminals, and chaos ensues.

And it’s not just criminals that concern national security. Data brokers (companies that profit from the collection and sale of data) are also gathering insights about location, interests, and demographics through the use of ads and ad placement all the time. This is legal, and the government actually participates in a portion of the data harvest.

However, it could pose some serious problems if used by foreign or criminal entities to gather info on the intelligence community

Hence the importance of blocking all ads within government networks, regardless of their origin.

Not every portion of the federal government is as secure as it seems.

While the NSA, CIA, DEA, and other direct members of the U.S. intelligence community have relatively concrete standards when it comes to ad blocking and online activity, there are still some gaps in data protection.

The National Security Agency (NSA) in conjunction with the Cybersecurity and Infrastructure Security Agency (CISA) have published recommended guidelines to optimize sensitive data security — including ad blocking software.

However, guidelines and recommendations must be universally implemented to be completely effective. And while the Office of Budget Management (which is largely responsible for dictating the cybersecurity measures required of government entities) has adopted a Federal Zero Trust Strategy, these measures have yet to require the complete use of ad blockers across all branches.

What steps are being taken to improve security?

As of right now, it looks like the government has taken a step in the right direction when protecting consumer data. However, without the universal and consistent adoption of security recommendations, we’ll continue to see data breaches and leaks.

Want to stay proactive and in the know?

Just follow us on Medium, send us some love on Facebook, and find us on Twitter under the username: @keepitcloaked

If you’d like to sign up to participate in a future beta testing cohort, we’d love to have you! Just click here to join our wait and mailing list and let the fun begin — no joke, we really are fun!

--

--

--

Join our Discord: https://cloaked.community

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

We say it every time, Manga Man is crypto beginner friendly, because we mean it!

How Does Work Solar Powered Security Light With Motion Sensor

solar powered security light with motion sensor

Hidden ambush! Bee Network Free Mining — Over 10 million subscribers!

Common Scams That Trick Consumers

Cyber Security and Networking — [01/10]

DNA DEX Beta Test Launch Announcement

IBM and Fortanix: Taking on the Public Cloud Data Security Challenge | Fortanix Blog

Sign up directly in the Pockit app

Earn £5 when you refer a friend to Pockit

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cloaked Community

Cloaked Community

Join our Discord: https://cloaked.community

More from Medium

Cyberattack on ICRC compromises data of 515,000 vulnerable people

My experience of versioning with a hybrid logical clock in Rust

EXIP Monthly Report | January, 2022

Article of the Day: Russia and Ukraine Cyber Actors and Operations