CNN
September
20, 2018
The
personal Gmail accounts of an unspecified number of US senators and Senate
staff have been targeted by foreign government hackers, a Google spokesperson
confirmed to CNN on Thursday. On Wednesday, Sen. Ron Wyden, an Oregon Democrat,
wrote in a letter to Senate leadership that his office had learned that
"at least one major technology company has informed a number of Senators
and Senate staff members that their personal email accounts were targeted by
foreign government hackers." Google confirmed it was the company Wyden was
referring to, but would not say which senators were targeted or when the
attempted intrusions were detected. The senators and their staff targeted were
both Republicans and Democrats, a Senate aide told CNN. Google would not say
whether the targeting had resulted in a successful hack but pointed to a blog
post on its website about its government-backed hacking warnings that says,
"We send these out of an abundance of caution -- the notice does not
necessarily mean that the account has been compromised or that there is a
widespread attack. Rather, the notice reflects our assessment that a
government-backed attacker has likely attempted to access the user's account or
computer through phishing or malware, for example."
Rolling
Stone
September
20, 2018
t was a
nightmare scenario for a scrappy congressional candidate. A few hours before
the biggest debate of the primary season, California Democrat Bryan Caforio’s
website crashed. When he took the stage to debate his Democratic rivals, each
of them vying to knock off vulnerable incumbent Republican Steve Knight in
California’s 25th District, Caforio’s site was still down. Hours later, well
after the debate, the page remained inaccessible. Voters who had watched the
event and wanted more information about Caforio or hoped to donate to his
campaign were out of luck. It wasn’t the first time Caforio’s campaign site had
suddenly crashed. On two previous occasions, the company that hosted
bryancaforio[dot]com had alerted campaign staffers to a strange and unexpected
spike in traffic — so much traffic, in fact, that it forced the company to shut
down the site until the surge receded. And it happened for a fourth time, for
several hours, at yet another inopportune moment — a week before the primary
election. Caforio wound up finishing third in the race, failing to advance by a
few thousand votes. According to emails and forensic data obtained by Rolling
Stone and reviewed by cybersecurity experts, the four times Caforio’s website
crashed were not the result of organic blasts of traffic from a news story or a
Facebook link. Nor were they random flukes. Caforio, experts say, appears to be
the victim of repeated distributed denial of service, or DDoS, attacks.
ADMINISTRATION
The New
York Times
September
20, 2018
President
Trump has authorized new, classified orders for the Pentagon’s cyberwarriors to
conduct offensive attacks against adversaries more freely and frequently, the
White House said on Thursday, wiping away Obama-era restrictions that his
advisers viewed as too slow and cumbersome. “Our hands are not as tied as they
were in the Obama administration,” John R. Bolton, the national security
adviser, told reporters in announcing a new cyberstrategy. Mr. Bolton rewrote a
draft of the strategy after joining the administration in April. Many of his
remarks on Thursday focused on a secret order — which Mr. Trump signed in
August but which has never been publicly described — that appears to give far
more latitude for the newly elevated United States Cyber Command to act with
minimal consultation from a number of other government agencies.
Politico
The
National Security Agency shut down expensive and vital operations as a result
of top secret information being spirited out of its headquarters by a fired NSA
computer engineer who claims he took the sensitive records home to work on
bolstering his performance review, according to a report submitted to a federal
court. Admiral Mike Rogers disclosed the far-reaching fallout in connection
with the upcoming sentencing of Nghia Pho, 70, who pleaded guilty last December
to taking highly classified information from the NSA from 2010 to 2015, when
the FBI raided his Ellicott City, Maryland, home and hauled away a large volume
of material. "The fact that such a tremendous volume of highly classified,
sophisticated collection tools was removed from secure space and left
unprotected, especially in digital form on devices connected to the Internet,
left the NSA with no choice but to abandon certain important initiatives, at
great economic and operational cost," Rogers wrote to U.S. District Court
Judge George Russell, who is scheduled to sentence Pho in Baltimore on Monday.
The Hill
September
20, 2018
States have
successfully increased cybersecurity surrounding their voter registration
databases but still struggle with adopting some security measures, according to
a new report released Thursday. The Center for Election Innovation and Research
(CEIR) found in a survey of 26 states between June and July of this year that
the states had largely stepped up their cybersecurity efforts since the 2016
elections, including adopting tools to try to block some attacks. The report
found that most of the states were regularly auditing their systems and had
trained staffers accessing the voter registration database about spear-phishing
attacks. The attacks, which were utilized during the 2016 elections, attempt to
trick users into giving their login credentials to hackers. Still, the report
highlighted several areas of improvement still needed. Multi-factor
authentication, which requires users to verify that they are attempting to
access their accounts, is only being used by 13 of the 26 responding states.
Fifth
Domain
September
20, 2018
The hackers
leaned back in their chairs and scanned through options to disrupt election day
as if they were reading from a menu of chaos. Fake bomb threats. Orchestrated
traffic jams. A botnet of faux Twitter accounts to spread discord. In a
simulated exercise put on by the Boston-based cybersecurity firm Cybereason
Sept. 20, a team of seven hackers tried to outwit a group of current and former
law enforcement officials from the Massachusetts area. In the end, the hackers
did not need to be selective about their options. They decided to combine all
of their ideas into a concoction of havoc to pick apart the simulated voting
day. “We wanted to sow chaos with the intention of disrupting the election,”
said Danielle Wood, director of advisory services at Cybereason, who was a
member of the hacker team. “The stakes are low for us. If we fail, we can
always try again tomorrow.” In the simulation, the attackers were able to
spread misinformation, hack the election registration lists and alter the
voting locations displayed on public websites. Law enforcement officials who
participated in the exercise said they likely would have postponed the vote.
CyberScoop
September
20, 2018
The U.S.
government’s standards clearinghouse for science and technology says that an
encryption standard it established in 2001 has had an economic impact of a
quarter of a trillion dollars over the years, according to a report released
Wednesday. The National Institute of Standards and Technology set out in 1997
to find a new encryption algorithm for use in the federal agencies to replace
the Data Encryption Standard (DES), the government’s prevailing yet aging
standard at the time. The result was the Advanced Encryption Standard (AES), an
algorithm born of collaboration from the greater cryptography community.
According to the report, commissioned by NIST and prepared by RM Advisory
Services, AES has added more than $250 billion in value to the economy since it
became available. AES is part of the Federal Information Processing Standards,
which agencies across the government use to guide their information security
and interoperability. The encryption standard is unclassified and is available
royalty-free, so it’s utilized by private sector organizations in addition to
the government.
The
Washington Post
September
20, 2018
A Romanian
woman pleaded guilty Thursday in a cyber attack that took control of two-thirds
of D.C. police surveillance cameras days before President Trump’s presidential
inauguration in January 2017. Eveline Cismaru, 28, admitted conspiring to
access 126 outdoor police cameras in a far -reaching extortion scheme.
Prosecutors said Cismaru was part of a group of hackers who aimed to take over
the D.C. government computers and use them to email ransomware to 179,600
accounts, defrauding the owners while hiding their own digital tracks. U.S.
prosecutors in the District said the case “was of the highest priority” because
of its potential to disrupt security plans for the 2017 presidential
inauguration. They found the timing appeared to be a coincidence, however,
because the hackers probably did not know the computers were used by police.
Cismaru pleaded guilty to two of 11 counts and agreed to cooperate against a
co-defendant. Prosecutors said if she provides substantial help, they will seek
less than the 24 to 30 months in prison she faces under federal guidelines for
conspiracy to commit wire fraud and computer fraud.
FCW
September 20,
2018
The
Securities and Exchange Commission is losing two top tech officials. Agency CIO
Pamela C. Dyson is leaving the SEC to join the Federal Reserve Bank of New York
as CIO and executive vice president and head of the technology group. The
agency also announced the impending departure of Christopher R. Hetner, the
senior adviser for cybersecurity policy. Hetner helped set up the cyber adviser
post in 2016-- the same year that the SEC's signature public-facing system
EGDAR was reportedly breached. News of the breach was not made public until
September 2017. Charles Riddle, who serves as the agency's CTO, will take on
the role of acting CIO upon Dyson's departure. Henter, according to an agency
release, will stick around to assist with the transition to a yet-to-be-named
successor.
Nextgov
September 19,
2018
U.S. armed
forces must “amplify military lethality and effectiveness” of offensive cyber
operations, according to the summary of an updated Defense Department cyber
strategy released Tuesday. The strategy, which calls for a surge in cyber
efforts both during military conflict and peacetime, also notes some current
shortfalls, including a need to improve military cyber recruiting, training and
retention. “The United States cannot afford inaction: our values, economic
competitiveness and military edge are exposed to threats that grow more
dangerous every day,” defense officials wrote in an unclassified summary. “We
must assertively defend our interests in cyberspace below the level of armed
conflict and ensure the readiness of our cyberspace operators to support the
Joint Force in crisis and conflict.”
Fifth
Domain
September
18, 2018
The
Pentagon is preparing to press the defense industry to increase its cyber
security, with Deputy Secretary of Defense Patrick Shanahan saying it will
become a key measurement for how industry is judged by the department. “This is
a public service announcement for those of you from industry, especially for
those of you that are in the, I'll call it, higher tiers,” Shanahan told an
audience at the annual Air Force Association conference Wednesday.
“Cybersecurity is, you know, probably going to be what we call the ‘fourth
critical measurement.’ We’ve got quality, cost, schedule, but security is one
of those measures that we need to hold people accountable for,” he said.
Nextgov
September 18,
2018
Government
agencies are usually behind the curve when it comes to understanding the latest
cybersecurity threats and solutions, and they need the tech industry to help
keep them in the loop, according to a White House cyber official. As the White
House looks to standardize cyber capabilities across government, both agencies
and the private sector must to do a better job sharing data on potential
threats amongst themselves, said Joshua Moses, director of cybersecurity
performance and risk management at the Office of Management and Budget. He also
said the government will be slow to adopt new protections if companies don’t
frequently update feds on the new capabilities they develop. “The open source
[community] recognizes that you’re all in it together, that there’s benefit to
be gained by sharing that information. That’s frankly what we’re asking all
agencies to do as well,” Moses said Tuesday at Red Hat’s OPEN FIRST conference.
Wired
September 18,
2018
The three
college-age defendants behind the the Mirai botnet—an online tool that wreaked
destruction across the internet in the fall of 2016 with powerful distributed
denial of service attacks—will stand in an Alaska courtroom Tuesday and ask for
a novel ruling from a federal judge: They hope to be sentenced to work for the
FBI. Josiah White, Paras Jha, and Dalton Norman, who were all between 18 and 20
years old when they built and launched Mirai, pleaded guilty last December to
creating the malware. According to court documents filed in advance of
Tuesday’s appearance, the US government is recommending that each of the trio
be sentenced to five years probation and 2,500 hours of community service. The
twist, though, is precisely how the government hopes the three will serve their
time: “Furthermore, the United States asks the Court, upon concurrence from
Probation, to define community service to include continued work with the FBI
on cyber crime and cybersecurity matters,” the sentencing memorandum says.
Ars
Technica
September 18,
2018
Georgia’s
upcoming November 6, 2018 election will remain purely electronic and will not
switch to paper to ward off potential hackers, a federal judge in Atlanta ruled
on Monday evening. But as US District Judge Amy Totenberg wrote, she is not at
all happy with the inadequate efforts by state officials to shore up their
digital security measures. "The Court advises the Defendants that further
delay is not tolerable in their confronting and tackling the challenges before
the State’s election balloting system," she wrote in her order. "The
State’s posture in this litigation—and some of the testimony and evidence
presented—indicated that the Defendants and State election officials had buried
their heads in the sand." The case, Curling v. Kemp, pits a group
of activists and Georgia voters—who say that their home state’s woefully
inadequate digital security violates their rights to cast meaningful
ballots—against Georgia officials. They, in turn, say that revamping the
entirely election process, particularly when the November election is just
weeks away, is practically and logistically impossible.
The CT
Mirror
September 18,
2018
The leader
of Connecticut’s cybersecurity efforts said Tuesday that Washington, with a
deeply polarized Congress and faction-riven White House, has abrogated its role
in defending the nation’s electrical grid, natural gas system and public water
supplies against hackers who are growing bolder, more numerous and more
sophisticated. “I’m often asked in my job, ‘Are we safe from a cyber attack?’
And the answer, of course, is no,” said Arthur H. House, the state’s chief
cybersecurity risk officer. “We’re not safe. No one’s safe. No federal agency,
no state agency, no city, no business, no individual can take safety as an
assumption. We’re all threatened. We’re threatened all the time. What’s
important is that Connecticut and Connecticut’s utilities take cyber security
very, very seriously.” House joined Gov. Dannel P. Malloy and representatives
of state agencies and utilities to release the second annual cybersecurity review
of Connecticut’s systems for the delivery of electricity, natural gas and
water. The report found no penetrations of any Connecticut utility, despite
hundreds of millions of attempts annually from every corner of the world.
Politico
September
17, 2018
The State
Department recently suffered a breach of its unclassified email system, and the
compromise exposed the personal information of a small number of employees,
according to a notice sent to the agency’s workforce. State described the
incident as “activity of concern … affecting less than 1% of employee inboxes”
in a Sept. 7 alert that was shared with POLITICO and confirmed by two U.S.
officials. “We have determined that certain employees’ personally identifiable
information (PII) may have been exposed,” the alert said. “We have notified
those employees.” The classified email system was not affected, according to
the alert, which was marked “Sensitive But Unclassified.” Watchdog reports have
consistently dinged State for its insufficient cybersecurity protections, and
last week a bipartisan group of senators asked Secretary of State Mike Pompeo
how the department was responding. The secretary has yet to respond to the
senators' letter.
FCW
September 17,
2018
The Air
Force is considering launching a cyber rapid capabilities office, Air Force
Cyber Commander Gen. Robert Skinner said during the Air Force Association's
Air, Space, Cyber conference on Sept. 17. The Air Force is "really
pushing" for rapid cyber acquisition capabilities in line with the
branch's existing rapid capabilities office and the one being stood up under
its Space Command, Skinner said during a panel on cyber operations in a
multi-domain environment. "We have an Air Force RCO, we also have a space
RCO that's just being stood up at Kirtland Air Force Base," Skinner said.
"We're also looking at a cyber RCO and how do we leverage the DNA that is
in the AF RCO, and Space RCO to tackle the cyber challenges from a rapid
capabilities standpoint." Updating the Air Force's acquisition strategy to
be quicker and more agile -- especially through utilizing small businesses --
was a consistent theme throughout day one of the conference.
INDUSTRY
Wired
September
21, 2018
Cryptography
schemes are complicated to understand and implement. A lot of things can go
wrong. But when it comes to web encryption, a surprising number errors actually
stem from a straightforward and seemingly basic mechanism: timekeeping. Synced
clocks in operating systems may make digital timekeeping look easy, but it
takes a lot of work behind the scenes, and doesn't always solve problems
online. The internet's decentralized nature means that the clocks behind every
web browser and web application can actually have major discrepancies, which in
turn can undermine security protections. In a step toward addressing these
inconsistencies, the internet infrastructure firm Cloudflare will now support a
free timekeeping protocol known as Roughtime, which helps synchronize the
internet's clocks and validate timestamps. "A big reason encryption fails
is because someone's clock is off—the skew is actually disturbing," says
Cloudflare CEO Matthew Prince. "A clock might be off by a minute, an hour,
a day, a month, a year, or more. So we want to be the clock tower in every town
square that people can rely on."
AP
September
20, 2018
Hackers
have stolen 6.7 billion yen ($60 million) worth of cryptocurrencies from a
Japanese digital currency exchange, the operators said Thursday. Tech Bureau
Corp. said a server for its Zaif exchange was hacked for two hours last week,
and some digital currencies got unlawfully relayed from what's called a
"hot wallet," or where virtual coins are stored at such exchanges.
The exchange was taken offline until details of the damage could be confirmed,
and efforts were underway to get it back working, Tech Bureau said. Japan has
been bullish on virtual money and has set up a system requiring exchanges to be
licensed to help protect consumers. The system is also meant to make Japan a
global leader in the technology. Bitcoin has been a legal form of payment in
Japan since April 2017, and a handful of major retailers here already accept
bitcoin payments. But the recurrence of cryptocurrency heists shows problems
persist.
CNBC
September
20, 2018
Banks may
be in sound condition post-Lehman Brothers, but the financial system could
crack again if hit with a devastating cyber attack, J.P. Morgan Chief Executive
Jamie Dimon warned on Thursday. "I think the biggest vulnerability is
cyber, just for about everybody" he told CNBC's Indian affiliate CNBC
TV-18 on Thursday. "I think we have to focus on it, the United States
government has to focus on it… We have to make sure because cyber — terrorist
and cyber countries — they could cause real damage. We're already spending a
lot of money and J.P. Morgan is secure but we should really worry about
that." Dimon put inflation running too hot as his second biggest concern,
warning the reactionary raising of interest rates from the U.S. Federal Reserve
could be the cause of a "traditional" recession. Industry experts
have placed increasing importance on the threat of cyber warfare as attacks
become more sophisticated.
Nextgov
September
20, 2018
The company
that helped chase Russian hackers out of the Democratic National Committee’s
networks before the 2016 election will now be protecting government information
held in computer clouds, the company said Thursday. The cybersecurity firm
CrowdStrike, which has assisted with many of the most high profile computer
breaches of the past five years, received an authorization to operate on
cloud-based government systems that are deemed “moderate impact level” under
the government’s Federal Risk and Authorization Management Program, or FedRAMP,
according to a news release. The moderate impact level accounts for about 80
percent of government’s cloud-based systems and includes systems where “the
loss of confidentiality, integrity, and availability would result in serious
adverse effects on an agency’s operations, assets, or individuals,” according
to a FedRAMP fact sheet. It does not include law enforcement, emergency
management, financial or healthcare systems.
Ars
Technica
September
19, 2018
The popular
computer and electronics Web retailer NewEgg has apparently been hit by the
same payment-data-stealing attackers who targeted TicketMaster UK and British
Airways. The attackers, referred to by researchers as Magecart, managed to
inject 15 lines of JavaScript into NewEgg's webstore checkout that forwarded
credit card and other data to a server with a domain name that made it look
like part of NewEgg's Web infrastructure. It appears that all Web transactions
over the past month were affected by the breach. Details of the breach were
reported by the security research firms RiskIQ (which exposed the code behind
the British Airways attack) and Volexity Threat Research today. The attack was
shut down by NewEgg on September 18, but it appears to have been actively
siphoning off payment data since August 16, according to reports from the
security researchers. Yonathan Klijnsma, head researcher at RiskIQ, said that
the methods and code used are virtually identical to the attack on British
Airways—while the Ticketmaster breach was caused by code injected from a
third-party service provider, both the BA breach and the NewEgg attack were the
result of a compromise of JavaScript libraries hosted by the companies
themselves.
TechCrunch
September
19, 2018
A security
researcher has published details of a vulnerability in a popular cloud storage
drive after the company failed to issue security patches for over a year. Remco
Vermeulen found a privilege escalation bug in Western Digital’s My Cloud
devices, which he said allows an attacker to bypass the admin password on the
drive, gaining “complete control” over the user’s data. The exploit works
because drive’s web-based dashboard doesn’t properly check a user’s credentials
before giving a possible attacker access to tools that should require higher
levels of access. The bug was “easy” to exploit, Vermeulen told TechCrunch in
an email, and was remotely exploitable if a My Cloud device allows remote
access over the internet — which thousands of devices do. He posted a
proof-of-concept video on Twitter. Details of the bug were also independently
found by another security team, which released its own exploit code. Vermeulen
reported the bug over a year ago, in April 2017, but said the company stopped
responding.
CyberScoop
September
19, 2018
Security-testing
company NSS Labs has filed an antitrust lawsuit against multiple prominent
cybersecurity vendors, alleging that they conspired to restrict testing of
their products. The suit, filed Tuesday in a U.S. district court in Northern
California, claims NSS Labs has already “suffered substantial damages” from the
alleged antitrust actions of CrowdStrike, Symantec and ESET, along with the
Anti-Malware Testing Standards Organization (AMTSO). Unless an injunction is
issued against the alleged conspiracy, the complaint says, “NSS Labs will
suffer further injury, including irreparable injury such as permanent loss of
market share.” The complaint alleges that the vendors used the AMTSO, a
California-based forum for considering anti-malware testing methods, to violate
U.S. and California antitrust laws. Specifically, the complaint holds, the
defendants threatened not to do business with product testers that voted
against the AMTSO standard, which NSS Labs opposed. CrowdStrike, ESET, NSS
Labs, and Symantec are all AMTSO members.
CNET
September
17, 2018
If you use
Facebook to log into your favorite services, it should come as no surprise that
you're sharing some of your Facebook data with a third-party app or website.
That's the point. So the company wants members to feel safe using
Facebook to connect to services that include everything from AirBNB and Yelp to
FarmVille and Candy Crush. On Monday, Facebook announced an update to its bug
bounty program designed to help prevent user information from leaking through
security flaws in third-party apps. The program will now pay for reports of
third-party services that might expose the bits of information that Facebook
uses to identify you as you. That information is known as user tokens. Facebook
declined to say how many third-party apps run on its platform. Only apps that
allow give you the option to "log in with Facebook" are affected by
the changes announced Monday.
CyberScoop
September
17, 2018
Sharp-eyed
researchers have spotted a critical vulnerability in numerous surveillance
devices from the video management company NUUO. We’ve seen this before: In
2016, multiple critical vulnerabilities in NUUO devices were publicized in an
excruciatingly public way. The latest — a buffer overflow issue — was spotted
by researchers at the U.S. cybersecurity firm Tenable, which has named the bug
Peekaboo. The bug allows remote code execution on video surveillance systems. That
means a hacker could watch or tamper with surveillance feeds. Tenable publicly
detailed the bug on its blog after having privately notified NUUO more than 90
days ago. The Maryland-based cybersecurity company’s vulnerability disclosure
policy states that after 90 days, researchers will go public. NUUO, which is
based in Taiwan and has offices worldwide, says a patch is in development.
INTERNATIONAL
The
Guardian
September 21,
2018
British
spies are likely to have hacked into Belgium’s biggest telecommunications
operator for at least a two-year period on the instruction of UK ministers, a
confidential report submitted by Belgian prosecutors is said to have concluded.
The finding would support an allegation made by the whistleblower Edward
Snowden five years ago when he leaked 20 slides exposing the targets of hacking
by the British intelligence service GCHQ. According to unconfirmed reports in
the Belgian media, the federal prosecutors’ report suggests the hackers closed
their operation within a matter of minutes of being exposed in August 2013. It
is believed the interception of Belgacom, now Proximus, had been ongoing since
at least 2011. The justice minister, Koen Geens, has confirmed he has received
the report and that it will be discussed within the national security council,
led by the prime minister, Charles Michel.
ZDNet
September
21, 2018
The
Singapore government has announced plans to launch a bug bounty programme by
year-end as well as a cybersecurity hub to coordinate training and
collaborative efforts amongst Asean country members. The bug bounty initiative
aimed to identify "cyber blindspots" and benchmark the government's
defences against cyberattacks, said Deputy Prime Minister Teo Chee Hean, at the
annual Singapore International Cyber Week conference this week. The programme
was scheduled to launch at the end of the year, during which both local and
international white-hat hackers would be invited to test selected government
systems and uncover vulnerabilities. Teo said: "Through this process, we
can bring together a community of cyber defenders who share the common goal of
making cyberspace safer, and more resilient by securing our systems against
malicious attacks. This builds a shared sense of collective ownership over the
cybersecurity of our systems, which is vital to achieve our smart nation
goals."
Gov Info Security
September
20, 2018
Credit bureau Equifax has been hit with the maximum possible fine under
U.K. law for "multiple failures" that contributed to its massive 2017
data breach, including its failure to act on a critical vulnerability alert
issued by the U.S. Department of Homeland Security. The Information
Commissioner's Office, which is the U.K.'s data protection authority and
enforces the country's privacy laws, announced the £500,000 ($660,000) fine on
Thursday. Following an investigation into the breach - carried out in parallel
with the U.K.'s Financial Conduct Authority - the ICO cited Equifax "for failing
to protect the personal information of up to 15 million U.K. citizens during a
cyberattack in 2017." An investigation carried out by the ICO found that
Equifax violated more than half of the country's applicable data protection
principles. In one particularly egregious example, the credit bureau was
storing personal information, including plaintext passwords, in a testing
environment "for the purposes of fraud prevention and password
analysis," the ICO says. The company also failed to obtain users' consent
for doing so, telling the ICO this would have created a security risk.
The New
York Times
September 20,
2018
On an
October afternoon before the 2016 election, a huge banner was unfurled from the
Manhattan Bridge in New York City: Vladimir V. Putin against a Russian-flag
background, and the unlikely word “Peacemaker” below. It was a daredevil happy
birthday to the Russian president, who was turning 64. In November, shortly
after Donald J. Trump eked out a victory that Moscow had worked to assist, an
even bigger banner appeared, this time on the Arlington Memorial Bridge in
Washington: the face of President Barack Obama and “Goodbye Murderer” in big
red letters. Police never identified who had hung the banners, but there were
clues. The earliest promoters of the images on Twitter were American-sounding
accounts, including @LeroyLovesUSA, later exposed as Russian fakes operated
from St. Petersburg to influence American voters. The Kremlin, it appeared, had
reached onto United States soil in New York and Washington. The banners may
well have been intended as visual victory laps for the most effective foreign
interference in an American election in history.
The New York Times
September
20, 2018
Of all the
scandals swirling around the Trump White House, the Republican fund-raiser
Elliott Broidy is in a category of his own. Documents from the office of the
president’s personal lawyer, Michael D. Cohen, revealed that Mr. Broidy had
agreed to pay $1.6 million to a former Playboy model to keep her quiet about
their affair, which led her to get an abortion. And emails stolen from his
account showed he had used his White House access on behalf of the rulers of
the United Arab Emirates while landing hundreds of millions of dollars in
contracts with them for his private defense company. Mr. Broidy, though, is not
going quietly. His lawyers said this week that, after more than 80 subpoenas
and months of forensic analysis, they had managed to identify as many as 1,200
other individuals targeted by the same cybercriminals. The list of names the
lawyers compiled, they argue, will bolster Mr. Broidy’s case that the rulers of
Qatar — the tiny Persian Gulf emirate that is a nemesis of the U.A.E.— had
targeted him for his advocacy against them.
Vice
Motherboard
September
20, 2018
When an
Israeli entrepreneur went into a meeting with the infamous spyware vendor NSO,
company representatives asked him if it would be OK for them to demo their
powerful and expensive spying software, known as Pegasus, on his own phone. The
entrepreneur, who spoke to Motherboard on condition of anonymity because he was
not authorized to talk about the meeting, agreed, but said that NSO would have
to target his other iPhone, which he brought with him and had a foreign phone
number. He gave NSO that phone number and put the phone on the desk. After
“five or seven minutes,” the contents of his phone’s screen appeared on a large
display that was set up in the meeting room, all without him even clicking on a
malicious link, he said. “I see clicking on all kinds of icons: email icon, SMS
icon, and other icons,” he told Motherboard. “And suddenly I saw all my
messages in there and I saw all the email in there and they were capable to
open any information that was on my [iPhone].” The entrepreneur added that the
NSO representatives accessed the microphone and the camera on his iPhone.
Network World
September
19, 2018
In a few
months, the internet will be a more secure place. That’s because the Internet
Corporation for Assigned Names and Numbers (ICANN) has voted to go ahead with
the first-ever changing of the cryptographic key that helps protect the
internet’s address book – the Domain Name System (DNS). The ICANN Board at its
meeting in Belgium this week, decided to proceed with its plans to change or
"roll" the key for the DNS root on Oct. 11, 2018. It will mark the
first time the key has been changed since it was first put in place in 2010.
During its meeting ICANN spelled out the driving forces behind the need for
improved DNS security that the rollover will bring. For example, the continued
evolution of Internet technologies and facilities, and deployment of IoT
devices and increased capacity of networks all over the world, coupled with the
unfortunate lack of sufficient security in those devices and networks,
attackers have increasing power to cripple Internet infrastructure, ICANN stated.
“Specifically, the growth in attack capacity risks outstripping the ability of
the root server operator community to expand defensive capacity. While it
remains necessary to continue to expand defensive capacity in the near-term,
the long-term outlook for the traditional approach appears bleak,” ICANN
stated.
AP
September
18, 2018
An Iranian
government-aligned group of hackers launched a major campaign targeting Mideast
energy firms and others ahead of U.S. sanctions on Iran, a cybersecurity firm
said Tuesday, warning further attacks remain possible as America re-imposes
others on Tehran. While the firm FireEye says the so-called
"spear-phishing" email campaign only involves hackers stealing
information from infected computers, it involves a similar type of malware
previously used to inject a program that destroyed tens of thousands of
terminals in Saudi Arabia. The firm warns that raises the danger level ahead of
America re-imposing crushing sanctions on Iran's oil industry in early
November. "Whenever we see Iranian threat groups active in this region,
particularly in line with geopolitical events, we have to be concerned they
might either be engaged in or pre-positioning for a disruptive attack,"
Alister Shepherd, a director for a FireEye subsidiary, told The Associated
Press. Iran's mission to the United Nations rejected FireEye's report, calling
it "categorically false."
TECHNOLOGY
The Next Web
September
20, 2018
The entire
Bitcoin infrastructure has been issued with a stern warning: update Bitcoin
Core software or risk having the whole thing collapse. Until now, Bitcoin
miners could have brought down the entire blockchain by flooding full node
operators with traffic, via a Distributed Denial-of-Service (DDoS) attack. “A
denial-of-service vulnerability (CVE-2018-17144) exploitable by miners has been
discovered in Bitcoin Core versions 0.14.0 up to 0.16.2.” the patch notes
state. “It is recommended to upgrade any of the vulnerable versions to 0.16.3
as soon as possible.” Developers have issued a patch for anyone running nodes,
along with an appeal to update the software immediately.
