Malvertising Poses Threat to the U.S. Intelligence Community
In a recent letter to Federal Chief Information Officer Clare Martorana, Senator Ron Wyden voiced his concern over the current state of privacy amongst federal offices, saying:
“I write to urge the Office of Management and Budget (OMB) to protect federal networks from foreign spies and criminals who misuse online advertising for hacking and surveillance, by setting clear new rules for agencies in its forthcoming “zero trust” cybersecurity policy.”
The letter goes on to highlight the widespread adoption of digital security guidelines by most U.S. intelligence agencies, and the failure of others to adhere to OMB recommendations.
(Click here to read the entire letter.)
Wyden’s statement exposes gaps in cybersecurity in the form of the inconsistent application of suggested ad blocking cybersecurity measures across all government networks. And without stricter regulations in place, the OMB leaves room for malware attacks in the form of “malvertising.”
First, let’s define “Malvertising.”
Simply put, malvertising involves the use of innocuous looking ads to gain access to a network. So, Joe Schmo is surfing the web and sees an ad for a cheaper version of that dollar shave club that he/she/they is totally excited about.
One click and an email later, and Joe Schmo has now unknowingly downloaded some form of malware.
Doing this allows hackers to use ad distribution networks to target and deliver malware while hiding in plain sight.
Now apply this to matters of national security and imagine that Schmo is doing some online shopping on a government network…not cool.
In that case, everything from addresses to banking information becomes (un)fair game to cyber-criminals, and chaos ensues.
And it’s not just criminals that concern national security. Data brokers (companies that profit from the collection and sale of data) are also gathering insights about location, interests, and demographics through the use of ads and ad placement all the time. This is legal, and the government actually participates in a portion of the data harvest.
However, it could pose some serious problems if used by foreign or criminal entities to gather info on the intelligence community
Hence the importance of blocking all ads within government networks, regardless of their origin.
Not every portion of the federal government is as secure as it seems.
While the NSA, CIA, DEA, and other direct members of the U.S. intelligence community have relatively concrete standards when it comes to ad blocking and online activity, there are still some gaps in data protection.
The National Security Agency (NSA) in conjunction with the Cybersecurity and Infrastructure Security Agency (CISA) have published recommended guidelines to optimize sensitive data security — including ad blocking software.
However, guidelines and recommendations must be universally implemented to be completely effective. And while the Office of Budget Management (which is largely responsible for dictating the cybersecurity measures required of government entities) has adopted a Federal Zero Trust Strategy, these measures have yet to require the complete use of ad blockers across all branches.
What steps are being taken to improve security?
As of right now, it looks like the government has taken a step in the right direction when protecting consumer data. However, without the universal and consistent adoption of security recommendations, we’ll continue to see data breaches and leaks.
Want to stay proactive and in the know?
Just follow us on Medium, send us some love on Facebook, and find us on Twitter under the username: @keepitcloaked
If you’d like to sign up to participate in a future beta testing cohort, we’d love to have you! Just click here to join our wait and mailing list and let the fun begin — no joke, we really are fun!