Chinese envoy tells Vanuatu it expects support in return for aid
ABC News: “Both the United Kingdom and Australia said Thursday that they have opened formal investigations into Facebook amid allegations that their citizens’ data was improperly shared with Cambridge Analytica. The Information Commissioner’s Office in the U.K. is “looking at how data was collected from a third party app on Facebook and shared with Cambridge Analytica. We are also conducting a broader investigation into how social media platforms were used in political campaigning,” according to Commissioner Elizabeth Denham…”
Reuters April 2, 2018
Russia's
Foreign Ministry said on Monday that the Czech Republic's extradition to the
United States of Yevgeny Nikulin, a Russian charged with hacking U.S. tech
companies, appeared to be aimed at damaging ties between Moscow and Prague.
Nikulin, 30, was arrested in Prague in 2016. He was extradited to the United
States last week, where he pleaded not guilty to charges that he hacked into
the systems of three U.S. technology firms, potentially compromising the
personal details of at least 100 million users, including on LinkedIn. "We
regard Prague's decision as a conscious, politically-motivated step by the
Czech side aimed at undermining the constructive basis of bilateral
cooperation," the ministry said in a statement. It said it would take all
necessary measures to ensure Nikulin's rights are respected.
Wired April 4,
2018
Breaking
into a bank doesn't require drilling through 20 inches of reinforced concrete.
In fact, you don't even need to enter a vault at all. Towards the end of 2013,
ATMs in Ukraine started spitting out free cash to passers-by. Among those
filling their pockets were mules waiting for the money to be dispensed. The
ATMs of affected banks – none of which have ever been named – had been targeted
by hackers installing malware within the financial institutions' computer
systems. Once compromised, the cash machines could be remotely controlled and
made to dish out money at will.
AP -March 27,
2018
The speaker
of U.S. House of Representatives said he hoped a Russian man who faces charges
of hacking computers at LinkedIn, Dropbox and other American companies will be
eventually extradited to the United States. But it is not yet clear when and
how the case over the alleged hacker that pits the U.S. against Russia will be
solved by Czech authorities. The Czechs arrested Yevgeniy Nikulin in Prague in
cooperation with the FBI in October 2016. He is accused by U.S. prosecutors of
penetrating computers at Silicon Valley firms in 2012 and they want him
extradited to face trial.
DHS acknowledges rogue cellphone tower activity in DC
In a break from the Cambridge Analytic saga, this news on expanded use of Stingray cellphone tracking from AP: “…In a March 26 letter to Oregon Sen. Ron Wyden, the Department of Homeland Security acknowledged that last year it identified suspected unauthorized cell-site simulators in the nation’s capital. The agency said it had not determined the type of devices in use or who might have been operating them. Nor did it say how many it detected or where. The agency’s response, obtained by The Associated Press from Wyden’s office, suggests little has been done about such equipment, known popularly as Stingrays after a brand common among U.S. police departments. The Federal Communications Commission, which regulates the nation’s airwaves, formed a task force on the subject four years ago, but it never produced a report and no longer meets regularly.”
“Wyden said in a statement Tuesday that “leaving security to the phone companies has proven to be disastrous.” He added that the FCC has refused to hold the industry accountable “despite repeated warnings and clear evidence that our phone networks are being exploited by foreign governments and hackers.”
Reuters March 30,
2018
A Russian
man on Friday pleaded not guilty to charges he hacked three U.S. technology
companies, potentially compromising personal details of more than 100 million
users, including on LinkedIn, after being extradited from the Czech Republic.
Yevgeniy Nikulin, 30, of Moscow, entered his plea in the U.S. District Court in
San Francisco, after having fought his extradition following his 2016 arrest in
Prague. His case had turned into a battle over whether he should be sent to the
United States or Russia, where a Moscow court had in November 2016 issued an
arrest warrant for his alleged theft seven years earlier of $3,450 via a site
called Webmoney. The U.S. Department of Justice accused Nikulin of illegally
accessing computers belonging to U.S.-based social media firms LinkedIn,
Dropbox and Formspring in 2012, including by using the credentials of LinkedIn
and Formspring employees.
The
Australian - March 27,
2018
Kaspersky
Lab boss and founder Eugene Kaspersky has defended his company’s controversial
“Slingshot” report, which uncovered an alleged US military malware program
targeting ISIS and potentially put lives at risk. News broke last week of a
malware campaign uncovered by Kaspersky researchers, which according to reports
from Cyberscoop targeted internet cafes housing Islamic State and al-Qa’ida
officials. One report suggested the news would have forced the US to abandon
its operation, and may have put soldiers’ lives in danger. Speaking to The
Australian at a Formula One event in Melbourne, Mr Kaspersky said his company’s
responsibility is to detect and stop all kinds of malware, whether they be from
police hunting for criminals, or criminals themselves. “Don’t blame our X-ray,”
he said. “It rings on any kind of gun. It doesn’t matter who’s wearing the gun,
a terrorist or a policeman. We provide the world’s best X-ray.”
The Hill March 29,
2018
Cybersecurity
experts have observed a surge in illicit cryptocurrency-mining attacks, as
interest in the profitable digital markets continues to soar. Cyber criminals
joining the gold rush are increasingly wriggling their way into
internet-connected devices or a company’s public cloud system in an effort to
mine cryptocurrency undetected and undeterred. By using hijacked computing
power to mine — a practice that uses an intensive level of processing resources
to power blockchain transactions — hackers can effectively make their own
digital money. Cyber criminals are especially interested in targeting cloud
computing, where they can use the high memory and central processing units
(CPU) made available by popular data storage services. “That is where we are
really seeing the rapid increase in these types of attacks in public clouds,”
Varun Badhwar, CEO and co-founder of cybersecurity firm RedLock, told The Hill.
Under a millimeter wide and powered by light, these tiny cameras could hide almost anywhere TechCrunch (David L)Homeland Security to Compile Database of Journalists, Bloggers Big Law (Paul R)Are your phone camera and microphone spying on you?Guardian (David L)What Happens When You Track Your Boyfriend on StravaWired (Dr. Kevin)Artificial intelligence could soon enhance real-time police surveillance Awesome Investors (David L)The Paris Lawyer Who Gives Google Nightmares NPR (David L)
Reuters March 27,
2018
Cyber-attacks
pose the biggest threat to the Swiss financial system with risks from hacking
incursions on the rise, watchdog FINMA warned on Tuesday, calling on
Switzerland to step up its national defenses against the menace. "The
risks connected with these attacks are growing in sync with the pace of global
digitalization. Cyber-attacks are now the most serious operational hazard
facing the financial system, and both the private sector and public authorities
should take them extremely seriously," Chief Executive Mark Branson told
the Financial Market Supervisory Authority's annual news conference. He said on
the whole Swiss banks seemed aware of the risks and were well equipped to deal
with them, citing banks' ability to repel around 100 attacks a day from
"Retefe" malware attacks on ebanking systems. But as a country
Switzerland was lagging behind others with major financial hubs that have set
up cybersecurity competence centers or imposed system-wide tests of hackers'
ability to penetrate banking systems, he said.
UK Parliamentary inquiry into Economic Crime “This inquiry will have two strands: one looking at the anti-money
laundering and sanctions regime, and one considering economic crime as it
affects consumers.”
FCW March 28,
2018
It started
off as $3 billion. Then it was $250 million. Ultimately, the passage of the
fiscal year 2018 appropriations omnibus confirmed funding for the Modernizing
Government Technology Act's central fund will debut at $100 million. "I
think it is a good start," said former Federal CIO Tony Scott, "and
while small compared to the size of the problem, it will allow for some
projects to be funded and prove out the underlying concepts."
Hard
Choice for Cities Under Cyberattack: Whether to Pay Ransom
Nextgov
March 29,
2018
The Health and Human
Services Department’s inspector general has indeed launched an investigation
into the department’s fledgling cyber operations center, a spokeswoman
confirmed to Nextgov Wednesday.
New
York Offers Free Cyber Security Tools to Public to Deter Hackers
Mobile
network infrastructure at growing risk from cyber attack
Wired March 27,
2018
Satellite dishes mark
the main gate of Fort Gordon, eggshell white and lasering up at the moon. It’s
a modest shrine, as these things go. Many military bases put machines of might
on the front porch—tanks or helos or jumbo artillery guns—but the dishes fit
Fort Gordon just fine. They’re subtle. They’re quiet. Inside the gates it’s
more of the same. Fort Gordon sits in a soft Georgian basin, the traditional
home of the US Army Signal Corps. Signal has been around since the Civil War
and has long been responsible for military communications—flags and torches
back in the day, radios and cables and mesh networks in the more recent past.
Recently, this staple of warfare started sharing its digs with a new branch:
cyber. Find the right Signal old-timer, maybe one feeling cranky or deep in
their cups in a bar along the dark Augusta riverfront, and they’ll talk
candidly about this new branch. They say it with envy, and sibling affection.
Still, though. They say it. “Damn showboats.” Maybe there’s some truth to that;
maybe it’s just bureaucrat territorialism.
FCW
March 27,
2018
ince 2014,
the FBI has been pushing technology companies and policymakers to come up with
a way to market secure smartphones and communications applications that also
allow for the lawful access via warrant to encrypted communications. In 2015,
the case of the San Bernardino massacre and the locked iPhone 5 of perpetrator
Syed Rizwan Farook presented the FBI with a fast-moving case of an inaccessible
device that might contain actionable threat information. The FBI pressed Apple
in court to obtain the ability to get access to the locked phone, while
pursuing its own hacks with vendors. Now a Justice Department oversight report
released March 27, 2018, found that just weeks after then-FBI Director James
Comey testified to Congress in 2016 that the bureau had no way to access the
iPhone of San Bernardino shooter, FBI technical analysts were in conversations
with vendors who communicated that an alternative method of accessing the device
was close at hand.
UK: ministers need strategy to protect public servants from media attacks.
"The departure of the director of public prosecutions is just one example where public servants have faced scrutiny from a hostile media. It is time ministers had the courage to challenge unwarranted media attacks." (Civil Service World)
US Treasury builds data lab to inspire 'better data, better decisions, better government'.
"It can be hard to wrap your head around $500 billion in contract spending across 2000 accounts, but that was the charge given to the bureau: find a way to make the US government’s spending data accessible and understandable." (Government Executive)