Why Non-Cheaters Should Be Just As Worried As Ashley Madison Members


Millions of accounts stolen from the adultery facilitation service Ashley Madison hit the dark web this week, causing angst for spouses, anxiety for the site’s users and social reflection from a variety of media sources. The information includes names, passwords, email addresses, credit card information for paid accounts, physical descriptions and profile information about users’ kinks and sexual fantasies.

Tools to search the massive database have already appeared, though it’s not clear how accurate those tools are and whether they are harvesting information themselves. Let’s look at some of the security implications of the leak.

Public Security Concerns

Many of the site’s users signed up with their work emails, probably in an attempt to keep their spouse or significant other from reading their messages. Approximately 15,000 of the leaked accounts are linked to email addresses with .edu, .mil or .gov accounts. This means the names and personal information of thousands of government employees are now online, making them a target for blackmail and identity theft.

Almost 2/3rds of the emails are from military addresses. The United States military has regulations against cheating on spouses, and the leak could lead to dishonorable discharges should the military decide to follow up. Several state and local government agencies have stated they will be looking into accounts that used email addresses linked to their employees.

Is the Data Legitimate?

Ashley Madison did not require email verification, and it’s not exactly difficult to sign up for a free account with someone else’s information. Confirming the information is difficult, since neither Ashley Madison nor their cheating users are likely to comment. On the other hand, people who were wrongfully signed up by others have no way to prove their innocence either.

Some of the leaked accounts contain data specific enough to trace back to individuals such as credit card information and is undoubtedly legitimate, but others are obviously faked. For example, someone signed up for an account using the name and email address of one of the fictional FBI detectives from the TV show The X-Files.

What Can We Learn?

Consider anything you enter online permanent. Some of the users in the leaked database paid a fee to Ashley Madison for a service that was supposed to delete their account and information entirely. Obviously it didn’t work.

Don’t advertise your computer system or service as totally private and unhackable. One of the reasons Ashley Madison was targeted was their advertisements touting the safety of users’ information. In any connected system there are ways for determined hackers to get in.

Don’t use your work email address for personal communication. Even if you’re not cheating on your spouse, it’s not a good idea. Most employers back up their email messages and accounts for security purposes.

About the author:

Scott N. Schober is a CEO, author and cyber security and wireless tech expert who regularly appears on popular TV news networks, radio programs and tech industry speaking engagements. He appears regularly on Bloomberg TV, CCTV-America, CTV News, ABC and more as a cyber security expert. His new book entitled Hacked Again will be available in the fall. Scott is also the host of a weekly cyber security video podcast called 2 Minute CyberSecurity Briefing on iTunes and Youtube.

Black Hat Conference Highlights


Last week cyber security experts gathered at the Mandalay Bay hotel in Las Vegas for the 9th annual Black Hat conference. While the major media focus was on the connected car vulnerabilities I discussed in a previous post,  there were many other important subjects covered. Let’s look at some of the highlights.

Android Fingerprint Sensor Hack

Some smartphones include fingerprint sensors that allow users to swipe their finger instead of entering passwords. FireEye researchers Tao Wei and Yulong Zhang presented evidence that fingerprint readers on many Android devices are vulnerable to attack. The sensors are not locked down, and the files controlling them are easy to hack even on unrooted devices. A clever hacker could install malware on a device and use it to steal the fingerprint of anyone who uses the sensor. Unlike passwords, fingerprints cannot be changed. Once a fingerprint is compromised, it’s compromised for life. Fingerprints are tied to someone’s identity on documents such as passports and police records. Manufacturers of the affected devices have issued patches to resolve the security flaws, but as more devices with fingerprint readers become available we’re sure to see more users affected in the future. More Info Here

Google Talks Android Security

In the wake of the Stagefright security flaw that exposes approximately 950 million Android devices, Android security chief Adrian Ludwig spoke about Google’s plans for fixing the bug. The company will update all its Nexus devices (including those that are WiFi only) and provide security support for all Nexus devices for a minimum of three years. With public confidence shaken, Ludwig also spoke about Android’s existing security features and security analysis for apps offered through the Google Play Store. More Info Here

Defending Against Watering-Hole Attacks

Senior development engineer Aaron Hackworth at Dell SecureWorks detailed the methods and activities of a cyber espionage group based in China. Dubbed TG-3390, this group’s major strategy is to target organizations through web sites and services employees are known to use. The hackers attack the service and redirect traffic to a malicious web site. When someone visits from an IP of interest, the site installs malware on their machine. Once the hackers have access, they attack the domain controller and install keyloggers and back doors on any Microsoft Exchange servers. This allows the group to steal credentials so they can re-enter the network if discovered. Hackworth recommended removing all local administrator rights and switching to two-factor authentication (2FA) on all remote-access services thwarts the hackers’ ability to steal login information and regain access. More Info Here

Stealing Data with IoT Devices

According to Columbia University researcher Ang Cui, printers, Internet of Things (IoT) devices and other inexpensive network-capable devices can be hacked into radio transmitters. This hack uses I/O pins and a connected cable to generate radio waves that a receiver can pick up. Cui demonstrated the hack on an inexpensive printer, using the printer cable as an antenna and picking up the signal on a handheld radio. The most troubling part of this hack is because it works on devices that do not even have WiFi, hackers can target devices on the network that IT personnel may not even consider a vulnerability point. More Info Here

OPM Pwnie Award for Most Epic Fail

In a year of massive data breaches, the government’s Office of Personnel Management managed to take home the least-coveted award at the conference. In June the OPM announced that background check records on 25.7 million current, former and prospective government employees and contractors had been stolen by hackers with close ties to the Chinese government. The hackers managed to stay in the system for over a year, and unnamed sources told ABC news the records of top administration officials and current and former cabinet members were compromised. Not surprisingly, the award went unclaimed. More Info Here

About the author:

Scott N. Schober is a CEO, author and cyber security and wireless tech expert who regularly appears on popular TV news networks, radio programs and tech industry speaking engagements. He appears regularly on Bloomberg TV, CCTV-America, CTV News, ABC and more as a cyber security expert. His new book entitled Hacked Again will be available in the fall. Scott is also the host of a weekly cyber security video podcast called 2 Minute CyberSecurity Briefing on iTunes and Youtube.

Stagefright Bug Takes Center Stage On 950 Million Android Devices

Android Stage Fright

A series of bugs and security loopholes in the Android operating system could allow hackers to take control of up to 95% of Android smartphones simply by sending an MMS message with malware attached.

What is the Stagefright bug?

Stagefright is the name of the Android operating system’s media library, which the bug is named after. It affects all Android devices running version 2.2 and up and there is currently no patch. The recipient doesn’t even have to open the message. By default the Android operating system downloads unread messages, triggering the malware. An attacker could send the MMS with malware attached, take control of the phone and delete it before the user is any wiser.

When will the bug be resolved?

The mobile security company Zimperium Labs discovered the flaw and alerted Google in April. Google is working on a patch for its Nexus devices, but it won’t be available until next week. For other device manufacturers, it could take a lot longer.

Very few manufacturers run vanilla Android on their devices. Most devices have customized software that will require testing. Google will provide the software fix to the manufacturer, which then must test the update on their devices. The manufacturer will apply the update to the base version of their OS, then test each individual product line. After the manufacturer is finished, they send the update to the wireless carrier. Sometimes carriers do their own testing before pushing the update out to users. It could be weeks or months before non-Nexus devices see an update. The cost of testing means some older devices may never get it.

What can you do to protect your device now?

The key to protecting your smartphone is preventing the device from automatically downloading MMS messages from the server. Open your default messaging app and press the Menu button. Select Settings and look for an “Auto-retrieve” checkbox. Some devices may have the option under “Advanced settings.” Unchecking this box will stop the device from downloading the messages, allowing you to delete messages from any numbers you don’t recognize before you open them. If you can’t find the setting, contact your wireless carrier or device manufacturer for assistance.

Is Stagefright the only vulnerable part of the Android OS?

There are no confirmed cases of hackers using it, but the sheer number of vulnerable devices makes this a major security flaw. Zimperium Labs indicated in a blog post that others had previously uncovered bugs in Stagefright, and that it is possible the bug could be in use.


About the author:

Scott N. Schober is a CEO, author and cyber security and wireless tech expert who regularly appears on popular TV news networks, radio programs and tech industry speaking engagements. He appears regularly on Bloomberg TV, CCTV-America, CTV News, ABC and more as a cyber security expert. His new book entitled Hacked Again will be available in the fall. Scott is also the host of a weekly cyber security video podcast called 2 Minute CyberSecurity Briefing on iTunes and Youtube.

Chrysler Recalls 1.4 Million Hackable Cars But Is It Enough?


Car companies have a history of large scale recalls for their products. After all, the safety of their customers fall directly on the shoulders of automakers so why take a chance? But what about computer glitches or even hacks? When is proactive too proactive and when is it not even enough?

Some of today’s cars come equipped with the option to connect to the Internet, but are they safe from hackers? Connected cars can access wireless broadband networks via built-in cellular modems. They allow passengers to stream audio and video, access traffic information and navigate using a touchscreen on the dash. Cyber security experts worry that these connected cars lack adequate digital security and are vulnerable to malicious hackers.

Last week two white hat hackers demonstrated the ability to take control of critical functions on a 2014 Jeep Cherokee to a Wired Magazine reporter. Hackers Charlie Miller and Chris Valasek were able to disable the transmission, spray the windshield with wiper fluid and even engage and disable the brakes. The pair will be presenting details on how they accomplished the hack at next month’s Black Hat cyber security conference in Las Vegas.

The pair said the hack seems to work on any Chrysler vehicle equipped with the Uconnect entertainment system. The Unconnect uses Sprint’s network, and an attacker can scan the carrier’s network for vulnerable targets using a Sprint phone as a WiFi hotspot. Once an attacker has the vehicle’s network information, they can wirelessly overwrite the firmware in the device and take control of the vehicle’s functions from virtually anywhere. Even more alarming, a skilled hacker could program the compromised Unconnect to scan, locate and attack other vehicles through Sprint’s network like a computer worm.

Several years ago Miller and Valasek demonstrated hacking different vehicles through the diagnostic port used by mechanics. Some in the automotive industry scoffed at the potential threat because the hacker would need physical access to the vehicle and the port. Now the prospect of remote hacking has the industry spooked.

Miller and Valasek have been working with Chrysler since they discovered the vulnerability, and the automaker has issued a patch that closes the security loophole. However, the pair plan to release parts of their code at the Black Hat conference for peer review. The released code will allow potential digital carjackers to access some of the less dangerous attacks.

Chrysler has issued a recall notice for over 1.4 million vehicles urging owners to install the software update. The patch requires the vehicle’s owner to take it to the dealer or download it onto a USB thumb drive, so many vehicles will probably remain vulnerable at the time of the conference. If you own one of these vehicles and aren’t sure if it needs the patch, you can check by entering your vehicle’s VIN number into this website here.

There is no doubt that connected cars are traveling on a highway where old tech thinking and new tech thinking must eventually merge. On the one hand, obscure security holes detected in your PC’s OS usually results in an immediate and unconsented updates to your computer. This is for your own good. Malware and viruses are hardly life threatening on any PC but the same cannot be said about a connected car. The dangers have been clearly demonstrated by many car hackers past and present even if they are not an immediate threat to your ’98 Corolla.

So why hasn’t the auto industry defined and implemented procedures to auto update or at the very least, allow consumers to easily update their connected vehicles easily and securely?

On the other hand, Chrysler recalls 1.4 million vehicles based on the possible threat of a hack to those cars. No one has been injured and the hacking threat is still largely unproven but Chrysler is being very proactive here. Let’s just hope that connected car industry doesn’t shut down the entire auto industry before we can experience all the safety and conveniences that connected vehicles offer.

About The Author

Scott N. Schober is a cyber security and wireless technology expert, CEO of Berkeley Varitronics Systems, Inc. and author of Hacked Again. He has appeared on hundreds of television, radio and published news pieces as a cyber security expert and a presenter and panelist at many tech conferences.

Is Drone Skyjacking The New Hijacking?

Screen Shot 2015-06-23 at 6.23.41 PM

Right now most civilian drones are owned by hobbyists for recreational use, but many companies are exploring commercial uses. Drones have already been used for shooting nature documentaries and commercials, aerial surveys on remote properties, checking on crops for farmers and even delivering pizza. They have the potential to revolutionize many aspects of our daily lives. But drones haven’t escaped the notice of cyber criminals.

Why Are Hackers Targeting Drones?

Drones can carry small payloads, which often includes a camera for transmitting wireless video back to the operator. Cyber criminals might tap into the video signal and gain access to valuable surveillance information, or simply hijack the drone to steal it and its cargo or perform other illegal activities.

It seems certain that at some point drones will be required to carry identification information. When that happens, a cyber criminal might hijack a drone to avoid identification much like a street criminal would steal a car to perform a robbery.

Even with legal drones one of the biggest security concerns is their current lack of traceability. Here in the United States, a civilian drone entered the restricted area around the White House during the early morning hours of January 27th and crashed on the lawn. Officials had no way of identifying who it belonged to or what their intentions were. The crash turned out to be an accident and the operator turned himself in the next morning, but it was a wake-up call for security experts. Other operators aren’t so benign. In the United Kingdom police have already confirmed high-tech burglars are using drones to identify houses vulnerable to break-ins.

Why Are Drones Vulnerable to Hacking Attempts?

Unlike simple remote-controlled helicopters, drones have their own computing power. Think of them as flying smartphones without the screen. They have GPS capabilities and can fly along pre-programmed paths, or the operator can manually control them from afar using WiFi signals. If a drone loses control signals from the operator it can return to a designated location on its own.

On the same day the drone crashed on the White House lawn, a cyber security expert uncovered a flaw in Parrot® drones that allowed malware to kill their engines and make them fall from the sky. If the drone is high enough, the malware can restart the engines and take control of the drone.

This isn’t the first time Parrot drones have been used in a drone hack. Two years ago, a legal hacker released instructions on how to build a Parrot drone capable of tracking down other drones and hijacking them using wireless signals. Dubbed SkyJack, the hijacker drone monitors wireless signals and targets MAC addresses registered to Parrot drones. It can force the targeted drone to disconnect from the device controlling it and connect to the hijacker’s signal.

The problem is lack of stringent security measures built into drone operating systems. Many drone models have no security or rely entirely on weak WiFi security measures. As drones become more popular and widely used, drone manufacturers must take the threat of potential drone skyjackers more seriously.

About Us

Berkeley Varitronics Systems (BVS) designs and manufactures innovative, RF analysis and wireless threat detection tools for businesses, and government organizations to manage secure facilities and maintain wireless networks.

How Do You Set Up A “No Phone Zone”?

image description

Cell phones are a modern marvel, but they can also be a tremendous problem for any organization trying to enforce security or safeguard confidential information. The effects of contraband cell phones can be tremendous. Cell phones have been used to intimidate witnesses in criminal courtrooms, break prisoners out of jail and steal classified information.

The private sector isn’t immune to the risks of smuggled cell phones. Attendees use them to record concerts. Students use them to cheat on tests. They’re also unwelcome guests in call centers, secure facilities and confidential meetings. The infamous “47 percent” quote that may have cost Republican candidate Mitt Romney the 2012 Presidential election was secretly recorded on a cell phone at a private fundraiser where phones were prohibited.

Ineffective Detection Tools

The major challenge in keeping cell phones out is they are easily concealed inside clothing and handbags. The recent mobile trend is toward larger smartphones, but feature phones are still readily available and some models are smaller than a credit card. These old-school devices are primitive compared to modern smartphones, but they are capable of sending and receiving texts, recording audio and taking pictures and video.

Conventional metal detectors can find many phones, but walkthrough units are bulky and not portable. Handheld wands are portable, but their range is limited to a few inches so an operator must sweep the detector over the subject’s entire body. Both types will alert to other metal objects.

Most cell phone detectors rely on radio frequency signals to locate devices, but they are ineffective if the phone is powered off or has the wireless antenna disabled. Fortunately, there are tools available to specifically uncover hidden cellular devices, even if they’re not transmitting

Effective Detection Tools

The BVS SentryHound is a portable cell phone detection system that scans subjects as they walk between two posts. It’s very similar to the anti-theft scanners retailers use to prevent shoplifting, but instead of security tags it detects ferromagnetic compounds inside the phone. The posts have a single row of LED lights running their entire length. When the SentryHound finds a device, it sounds an audible alert and illuminates the section of lights closest to the phone. It can also trigger an external device such as a security camera or remote alarm.

The Manta Ray is a handheld cell phone detector that also detects ferromagnetic compounds. Operators can use it to scan handbags, luggage and small parcels without opening them. Buckles and studs will not trigger false alarms.

The SentryHound and Manta Ray are ideal for temporary and permanent “no phone zones.” They allow operators to scan subjects and their possessions quickly and effectively, without labor-intensive searches or compromising the subject’s privacy and dignity.


About Us

Berkeley Varitronics Systems (BVS) designs and manufactures innovative, RF analysis and wireless threat detection tools for businesses, and government organizations to manage secure facilities and maintain wireless networks.

How Can We Prevent The Next White House Drone Crash?


Current Federal Aviation Administration regulations require civilian drones to stay under 400 feet in altitude and at least five miles from airports and other restricted areas. Unfortunately, not all drone operators follow the regulations.

Drones at the White House

On Monday, January 26th at 3:02 AM a Secret Service officer on duty at the White House spotted a drone flying overhead without setting off alarms. The drone crashed on the edge of the property, triggering a security lockdown and search. The operator turned out to be an undisclosed inebriated off-duty government employee flying a personal drone. He turned himself in several hours later,claiming he lost control of the drone and did not mean to fly it into a restricted area. His actions led DJI (the manufacturer of that particular drone model) to initiate a 15 mile radius no-fly zone around the White House to be included as a mandatory firmware update for all DJI drones.

He is not the first drone operator caught near the White House. On August 19th a drone operator was arrested after he crashed it into a tree just outside the White House grounds. Another was detained on July 3rd after Secret Service agents caught him flying a drone a block away.

Identification Difficulties

One of the major issues with drones is lack of traceability. There are no registration requirements, so finding the operator of a crashed drone is nearly impossible. Even when the drone is in the air, Finding the operator is difficult. If the operator is concealed inside a building or vehicle, locating them without using the right tools is like looking for a needle in a haystack. Fortunately, wireless threat detection tools such as Berkeley’s Yellowjacket-Tablet Wi-Fi Analyzer can catch a drone pilot red-handed by using realtime RSSI measurements and MAC address identification.

Drones Pose Air Safety Hazard

Even more alarming are reports of close encounters between civilian drones and low-flying aircraft. In November 2014, the FAA released list of 25 incidents that occurred starting June 1st. The incidents were reported by pilots and several involved passenger aircraft where the drone was spotted less than 200 feet away during takeoff or landing. The pilots reported seeing drones as high as 4,000 feet.

Drones are small and most weigh under 10 pounds, but the aircraft’s speed and the delicate construction of propellers and jet engines make a drone strike very dangerous. Impacts with birds of similar size have caused airplane crashes, including the U.S. Airways flight that landed in the Hudson River in 2009. According to wildlife organization Bird Strike Committee USA, a 12 pound bird striking an aircraft traveling at 150 MPH generates the same force as a 1,000 pound weight dropped from 10 feet. A drone of similar size would have the same effect and could easily set off a chain of events resulting in a crash.

Drone Payload Concerns

Some civilian drones have payload capacities up to 30 pounds, easily enough to carry contraband and even explosives or chemical weapons. In 2013 German police recovered a drone and bomb-making materials from right-wing terrorist groups. Just last week Mexican police in Tijuana recovered a crashed drone attempting to fly a load of drugs into the U.S. Here in the United States, criminals have used drones to fly drugs and prohibited cell phones into prisons.

Drones have the potential to improve our lives, but they also pose risks to security and public safety that should be addressed. Shutting down drone operators who disobey the law and put others at risk should be a top priority.

Source Links:




Deep Dark Web Of The Internet Iceberg


The World Wide Web is a vast and always changing network of web pages. In the early days of the web there were no search engines, and people relied on finding information using pages with long lists of HTML links. It was cumbersome and links were often outdated.

The development of automated search engines made it much easier for users to find information. Modern search engines like Google, Yahoo and Bing use programs called spiders that crawl the web and find links between the main page on a site and its linked subpages. These publically viewable pages are part of the Surface Web, but they’re just the tip of an iceberg.

What’s Below the Surface Web?

While the web is growing constantly, cybersecurity experts know the vast majority of web pages are inaccessible to search engines. Hidden pages include unpublished blog posts, forums that force users to log in before they can view the contents and news sites that archive their stories for paid subscribers only after a specific amount of time. Subpages on public web servers that are not linked to other pages do not show up in search results, but if someone knows the page URL they can access the page directly by typing it into their browser’s address bar. Collectively these resources hidden from search engines are called the Deep Web.

The information locked away in the Deep Web is valuable. Doctors could access information currently hidden in archived databases about new research and medical procedures. Aerospace engineers could find data on how to build safer airplanes. Unfortunately, cyber criminals also use the Deep Web for communication and to hide their illicit activities. The Deep Web contains pages where criminals use a type of digital currency called Bitcoin to trade and sell everything from stolen credit card numbers to illegal drugs.

Navigating the Deep Web

So if the Deep Web isn’t indexed by normal search engines, how do users navigate it? The answer lies in browser software called The Onion Router, or Tor for short. Tor allows users to access .onion sites. It also anonymizes users by bouncing their web traffic through a randomized series of encrypted servers located around the world. This makes Tor users much more difficult to track online.

Like the Deep Web itself, Tor does have legitimate uses. The software was developed by the United States government to protect whistleblowers, dissidents who live under repressive political regimes and others who would be in danger if their identities were compromised.

Some governments censor the Surface Web, blocking certain web sites and monitoring their citizens’ online activities. Facebook recently established a direct connection to Tor, allowing users in these areas anonymous access to their site. It also protects those who simply value their privacy and aren’t doing anything illegal but don’t want their browsing habits tracked.

To learn more about the Deep, Dark Web, subscribe to our weekly video 2 Minute Cyber Security Briefing Podcast on iTunes or Youtube. Visit www.CyberSecurityDictionary.com for more terms and definitions.

My Phone Is Held Hostage By Ransomware, Now What?


Ransomware is a type of malware that holds your data hostage. It has been a problem with computers for many years, but it’s only recently started showing up on mobile devices. When you activate the program or app, it blocks you from accessing the data on the device and displays a message demanding payment by untraceable methods like Bitcoin or MoneyPak.

How does it spread?

On mobile devices, ransomware usually spreads via email, from visiting malicious web sites that host pornography or installing pirated apps. Recently malware developers have gotten smarter. Some ransomware apps can now spread via text message. When a device is infected, the malicious app will send an SMS to everyone in the device’s contact list with a message tricking the recipients into clicking on a link. When the reader opens the link, they are directed to install the malware on their devices, thus repeating the process with a new round of victims.

What should you do if you do if your device is infected?

First of all, don’t pay the ransom. If you do send money all you’re doing is rewarding criminals, and there are no guarantees you’ll get your information back anyway.

Reboot the device into safe mode. Just like a computer, safe mode boots the Android device with just the bare minimum operating system. This prevents the malicious software from running at startup and allows you to remove it. The instructions on activating safe mode vary from device to device, so check the manual and the manufacturer’s web page for specific instructions.

Once you have access to the operating system, you can uninstall the malware or run an antivirus app that will remove it for you.

How do you prevent malware from attacking your Android device?

Do not click on any links you were not expecting in emails or text messages. If the message comes from someone you know, contact them before opening the link.

Make sure the “Unknown sources” check box is left blank. The option is usually disabled by default, but sometimes users enable it to install legitimate apps that are not available from Google. The location can vary, but it is usually found under Settings > Security. Disabling this option will prevent the device from installing apps from sources other than Google’s Play Store.

Keep backups of your local data. With many apps, the data is stored on a remote server instead of your device. When you open the app, it downloads the information it needs through your data connection. If you do have applications that store data on the device or memory card, make sure to keep a backup of the information on your computer.

For rooted Androids, there are applications that will create an image of everything on the device and save it in a file you can transfer to your computer or upload to cloud storage.

To learn more about ransomware, subscribe to our weekly video 2 Minute Cyber Security Briefing Podcast on iTunes or Youtube. Visit www.CyberSecurityDictionary.com for more terms and definitions.

Can The FBI Attract Ethical Hackers?


In today’s online world, cyber attacks can be nearly as devastating as traditional warfare. In addition to cyber terrorism, hackers have stolen identification and credit card information from millions of Americans in cyber attacks on large businesses. Local law enforcement often doesn’t have the skills or manpower to handle these cyber crimes, and jurisdiction becomes a problem when the victimized organization has locations in several areas. When the scale of the problem is too big or too complex for the target organization or local law enforcement to handle, they often turn to the Federal Bureau of Investigation for help.

The FBI has recognized the increased demand for agents trained in cybersecurity and has posted a job listing on usajobs.gov. The listing is open until January 20th, and while it doesn’t specify the number of positions open, a statement released alongside the listing stated there were “many.”

Why is the FBI seeking cyber special agents?

Tracking down sophisticated cyber criminals and terrorists with foreign government backing requires totally different skills than solving the offline crimes the FBI has always handled in the past. For example, if a gang of criminals robs a bank the agents might interview witnesses, review surveillance footage and look for physical evidence. But what if the gang of criminals stole the money electronically using a computer in another country? No one stuck a gun in a teller’s face, but the bank still lost money and the criminals need catching.

What kind of people is the FBI looking for?

The job listing gives a long list of experience requirements related to cybersecurity, including network administration, ethical hacking or white hat, computer programming, database administration and digital forensics. The applicant must have a minimum four-year degree from an accredited college or university or foreign equivalent. It lists degrees relating to computers, mechanical engineering or information security but does not bar applicants with non-technical degrees as long as they can demonstrate technical work experience.

In addition to the computer-related skills and background, applicants must be eligible for Top Secret security clearance and be between the age of 23 and 37, though some military veterans are exempt from the age restriction. The applicant must meet the same physical requirements and pass the fitness tests required of all FBI Special Agents.

What does this mean for us?

It’s a positive move for the businesses, organizations and local law enforcement agencies that rely on the FBI’s assistance for solving cyber crimes. More agents with better training and a wider pool of specialized skills to draw on means faster resolutions and a greater chance of cyber criminals and terrorists being brought to justice.

To learn more about FBI’s relationship with hackers, subscribe to our weekly video 2 Minute Cyber Security Briefing Podcast on iTunes or Youtube.