• Get involved.
    We want your input!
    Apply for Membership and join the conversations about everything related to broadcasting.

    After we receive your registration, a moderator will review it. After your registration is approved, you will be permitted to post.
    If you use a disposable or false email address, your registration will be rejected.

    After your membership is approved, please take a minute to tell us a little bit about yourself.
    https://www.radiodiscussions.com/forums/introduce-yourself.1088/

    Thanks in advance and have fun!
    RadioDiscussions Administrators

Entercom email hacked

A very large number of these hacks are social engineering. Meaning someone sends an employee an email with a link to a web site or an attachment. Employee clicks it and malware/virus comes on down. There are some products that can scan emails to find these and put them in a quarantine somewhere but that is not 100%. Employee training to not click on anything unless you are expecting it and know the source is valid is key. Also keeping people’s access rights restricted - aka not have everyone be an administrator - then many of these are blocked. Keep the systems more segregated. The music scheduling computer should just be for that. The music director should have a separate computer for reading email, doing office tasks like word processing or spreadsheets.

The govt can’t do much. Only if the perpetrator is caught to vigorously prosecute them.
 
spt87 said:
The govt can’t do much. Only if the perpetrator is caught to vigorously prosecute them.
Click to expand...

They can't do much about the situation you described. But they can monitor foreign traffic entering the system. One day I clicked on my Norton security history just to see what's been going on, and it noted several outside attacks not related to email at all. So I'd suggest we're all being hit every day whether we know about it or not.
 
TheBigA said:
They can't do much about the situation you described. But they can monitor foreign traffic entering the system. One day I clicked on my Norton security history just to see what's been going on, and it noted several outside attacks not related to email at all. So I'd suggest we're all being hit every day whether we know about it or not.
Click to expand...

OK, make up your mind. I said:

So what you guys are asking is that the federal government should monitor all the communications that enter the US by whatever means and filter it through a firewall that restricts access to an ever-growing list of sites that they determine are malware.

You said:

No that's not what I'm saying.

But now you're saying:

But they can monitor foreign traffic entering the system.

So you want the government to "monitor" it, but do nothing about it?

Social media is actually a small part of internet traffic. Most attacks don't originate through social media, and if they do it's because somebody clicked on a link or opened a file that came in through a messaging service.

It is wise to isolate critical business systems - like backoffice and music systems - by putting them on a separate network. Access control is critical, but there are also IT people who lock systems down so hard that you can't effectively operate.

None of this seems to be a responsibility of the federal government. Be careful what you wish for. If you want that kind of traffic monitoring and control somebody will have to pay for it. That somebody will be YOU - likely in additional fees or taxes for internet access. Expecting ISPs to provide this as part of the service that you already pay for seems like a much more likely place to demand access control protection and services for those who want them.
 
SirRoxalot said:
So you want the government to "monitor" it, but do nothing about it?
Click to expand...

Let me try to explain this to you. The TSA doesn't have to do a complete cavity search to know if you're bringing metal or liquid on a plane. What they see in their x-ray gives them enough information. Same with this. They don't have to listen or read everything that passes over the internet. In fact, there aren't enough government workers to read every single word. So that's obviously not going to happen.

SirRoxalot said:
None of this seems to be a responsibility of the federal government. Be careful what you wish for. If you want that kind of traffic monitoring and control somebody will have to pay for it. That somebody will be YOU
Click to expand...

Using that logic, they should also shut down the FCC and the TSA. The FCC fines broadcasters for even accidental language that they object to. Isn't that the same thing? The TSA has stopped me from bringing toothpaste and sun tan lotion on planes. Isn't that the same thing? How many people do you think it takes to monitor every single person getting on a plane? It sounds like you believe in selective enforcement. When Russians or Chinese hack American business, it's an attack. It's a problem bigger than buying anti-virus software.

SirRoxalot said:
Expecting ISPs to provide this as part of the service that you already pay for seems like a much more likely place to demand access control protection and services for those who want them.
Click to expand...

As I said, that's a fine idea, but someone has to make that their responsibility. Right now the current government is all worked up because they perceive liberal bias in tech companies. But no one is paying attention to the growing threat of cyber-warfare.
 
Last edited:
spt87 said:
A very large number of these hacks are social engineering. Meaning someone sends an employee an email with a link to a web site or an attachment. Employee clicks it and malware/virus comes on down. There are some products that can scan emails to find these and put them in a quarantine somewhere but that is not 100%. Employee training to not click on anything unless you are expecting it and know the source is valid is key. Also keeping people’s access rights restricted - aka not have everyone be an administrator - then many of these are blocked. Keep the systems more segregated. The music scheduling computer should just be for that. The music director should have a separate computer for reading email, doing office tasks like word processing or spreadsheets. .
Click to expand...

Just to clarify... the report that the Entercom attack came through music scheduling software has been corrected and is false.

Many of us schedule on apps on tablets or smartphones; the have to be connected. And the music software has to talk to the digital station system to load logs and to reconcile and to do real time adjustments.
 
TheBigA said:
As I said, that's a fine idea, but someone has to make that their responsibility. Right now the current government is all worked up because they perceive liberal bias in tech companies. But no one is paying attention to the growing threat of cyber-warfare.
Click to expand...

There is plenty of attention being paid to cyber-warfare attacks, particularly on governmental and utility systems at all levels - federal, state, and local. The FBI has warned private industries of external activity.

The feds are certainly monitoring the activities of state actors like Russia, China, and Iran. They're not making a lot of noise about it, but they're responding to those attacks and are allied with Western democracies and states like Israel, Japan, Korea, and India who directly face those attacks. Detecting and protecting from individual actors is a very different problem.

Companies can protect themselves if they are willing to spend on the resources required. One of the primary resources is training of their people. Many ISPs offer enhanced protections for those willing to pay for them. VPN services offer much more secure access to systems for those willing to pay a few extra dollars. None of these thing require government intervention or increased regulation.

The FCC has largely been involved in access to limited public resources. The only content regulation generally has been to prevent unencumbered access to material that society at large has deemed objectionable. What you're asking is for a government entity to get involved in evaluating content. Like the FCC, if there's a complaint, access to a particular site could be limited, but you're engaged in a game of whack-a-mole where there are billions of mole holes out there for miscreants to use. Most often, they are beyond the reach of the US government anyway.

The role for government in my opinion is to treat internet access like a utility and assure that reasonably-priced high-speed access is available to all through regulation of those major companies who use public rights-of-way for their infrastructure. They should be required to build out less profitable access systems from the profits they enjoy on vastly more profitable access systems the same way that power and telephone systems reached pretty much everybody. Whether that service is wired, fiber, or wireless - or a hybrid of all three - is of less interest than the quality of that service. If the US really wants to a role, establish a reasonable minimum level of service that should be able to reach everyone and enforce that just as they did with phone and electric service. Beyond that people should be able to pay for enhanced service if they want it or need it for their own enterprise.
 
SirRoxalot said:
What you're asking is for a government entity to get involved in evaluating content.
Click to expand...

No I'm not. Nowhere have I said that. I have specifically said they should not be involved in evaluating content. I've said it several times.

However, as I said, there is a draft executive order that is intending to do that. That will make a government entity a moderator of social media. If you're really opposed to the government being involved in evaluating content, you should be opposed to it. The current government also repealed net neutrality. So the government is heading in the wrong direction in terms of internet policy.
 
spt87 said:
A very large number of these hacks are social engineering. Meaning someone sends an employee an email with a link to a web site or an attachment. Employee clicks it and malware/virus comes on down. There are some products that can scan emails to find these and put them in a quarantine somewhere but that is not 100%. Employee training to not click on anything unless you are expecting it and know the source is valid is key. Also keeping people’s access rights restricted - aka not have everyone be an administrator - then many of these are blocked. Keep the systems more segregated. The music scheduling computer should just be for that. The music director should have a separate computer for reading email, doing office tasks like word processing or spreadsheets.

The govt can’t do much. Only if the perpetrator is caught to vigorously prosecute them.
Click to expand...

Actually the majority of ransomware attacks emanate from someone plugging an infected device into a workstation USB port. There have been instances of downloaded links via E-mail, but the more sophisticated malware is too large to fit in a single link. Also, inserting the malware via USB bypasses most anti-virus applications until it's too late to detect.
 
Status
This thread has been closed due to inactivity. You can create a new thread to discuss this topic.


Back
Top Bottom