Pages

Thursday, September 27, 2018

Senators' Gmail accounts targeted by foreign hackers



CNN

September 20, 2018

The personal Gmail accounts of an unspecified number of US senators and Senate staff have been targeted by foreign government hackers, a Google spokesperson confirmed to CNN on Thursday. On Wednesday, Sen. Ron Wyden, an Oregon Democrat, wrote in a letter to Senate leadership that his office had learned that "at least one major technology company has informed a number of Senators and Senate staff members that their personal email accounts were targeted by foreign government hackers." Google confirmed it was the company Wyden was referring to, but would not say which senators were targeted or when the attempted intrusions were detected. The senators and their staff targeted were both Republicans and Democrats, a Senate aide told CNN. Google would not say whether the targeting had resulted in a successful hack but pointed to a blog post on its website about its government-backed hacking warnings that says, "We send these out of an abundance of caution -- the notice does not necessarily mean that the account has been compromised or that there is a widespread attack. Rather, the notice reflects our assessment that a government-backed attacker has likely attempted to access the user's account or computer through phishing or malware, for example."

 


Rolling Stone

September 20, 2018

t was a nightmare scenario for a scrappy congressional candidate. A few hours before the biggest debate of the primary season, California Democrat Bryan Caforio’s website crashed. When he took the stage to debate his Democratic rivals, each of them vying to knock off vulnerable incumbent Republican Steve Knight in California’s 25th District, Caforio’s site was still down. Hours later, well after the debate, the page remained inaccessible. Voters who had watched the event and wanted more information about Caforio or hoped to donate to his campaign were out of luck. It wasn’t the first time Caforio’s campaign site had suddenly crashed. On two previous occasions, the company that hosted bryancaforio[dot]com had alerted campaign staffers to a strange and unexpected spike in traffic — so much traffic, in fact, that it forced the company to shut down the site until the surge receded. And it happened for a fourth time, for several hours, at yet another inopportune moment — a week before the primary election. Caforio wound up finishing third in the race, failing to advance by a few thousand votes. According to emails and forensic data obtained by Rolling Stone and reviewed by cybersecurity experts, the four times Caforio’s website crashed were not the result of organic blasts of traffic from a news story or a Facebook link. Nor were they random flukes. Caforio, experts say, appears to be the victim of repeated distributed denial of service, or DDoS, attacks.

 

 

ADMINISTRATION

 


The New York Times

September 20, 2018

President Trump has authorized new, classified orders for the Pentagon’s cyberwarriors to conduct offensive attacks against adversaries more freely and frequently, the White House said on Thursday, wiping away Obama-era restrictions that his advisers viewed as too slow and cumbersome. “Our hands are not as tied as they were in the Obama administration,” John R. Bolton, the national security adviser, told reporters in announcing a new cyberstrategy. Mr. Bolton rewrote a draft of the strategy after joining the administration in April. Many of his remarks on Thursday focused on a secret order — which Mr. Trump signed in August but which has never been publicly described — that appears to give far more latitude for the newly elevated United States Cyber Command to act with minimal consultation from a number of other government agencies.

 


Politico


The National Security Agency shut down expensive and vital operations as a result of top secret information being spirited out of its headquarters by a fired NSA computer engineer who claims he took the sensitive records home to work on bolstering his performance review, according to a report submitted to a federal court. Admiral Mike Rogers disclosed the far-reaching fallout in connection with the upcoming sentencing of Nghia Pho, 70, who pleaded guilty last December to taking highly classified information from the NSA from 2010 to 2015, when the FBI raided his Ellicott City, Maryland, home and hauled away a large volume of material. "The fact that such a tremendous volume of highly classified, sophisticated collection tools was removed from secure space and left unprotected, especially in digital form on devices connected to the Internet, left the NSA with no choice but to abandon certain important initiatives, at great economic and operational cost," Rogers wrote to U.S. District Court Judge George Russell, who is scheduled to sentence Pho in Baltimore on Monday.

 


The Hill

September 20, 2018

States have successfully increased cybersecurity surrounding their voter registration databases but still struggle with adopting some security measures, according to a new report released Thursday. The Center for Election Innovation and Research (CEIR) found in a survey of 26 states between June and July of this year that the states had largely stepped up their cybersecurity efforts since the 2016 elections, including adopting tools to try to block some attacks. The report found that most of the states were regularly auditing their systems and had trained staffers accessing the voter registration database about spear-phishing attacks. The attacks, which were utilized during the 2016 elections, attempt to trick users into giving their login credentials to hackers. Still, the report highlighted several areas of improvement still needed. Multi-factor authentication, which requires users to verify that they are attempting to access their accounts, is only being used by 13 of the 26 responding states.

 


Fifth Domain

September 20, 2018

The hackers leaned back in their chairs and scanned through options to disrupt election day as if they were reading from a menu of chaos. Fake bomb threats. Orchestrated traffic jams. A botnet of faux Twitter accounts to spread discord. In a simulated exercise put on by the Boston-based cybersecurity firm Cybereason Sept. 20, a team of seven hackers tried to outwit a group of current and former law enforcement officials from the Massachusetts area. In the end, the hackers did not need to be selective about their options. They decided to combine all of their ideas into a concoction of havoc to pick apart the simulated voting day. “We wanted to sow chaos with the intention of disrupting the election,” said Danielle Wood, director of advisory services at Cybereason, who was a member of the hacker team. “The stakes are low for us. If we fail, we can always try again tomorrow.” In the simulation, the attackers were able to spread misinformation, hack the election registration lists and alter the voting locations displayed on public websites. Law enforcement officials who participated in the exercise said they likely would have postponed the vote.

 


CyberScoop

September 20, 2018

The U.S. government’s standards clearinghouse for science and technology says that an encryption standard it established in 2001 has had an economic impact of a quarter of a trillion dollars over the years, according to a report released Wednesday. The National Institute of Standards and Technology set out in 1997 to find a new encryption algorithm for use in the federal agencies to replace the Data Encryption Standard (DES), the government’s prevailing yet aging standard at the time. The result was the Advanced Encryption Standard (AES), an algorithm born of collaboration from the greater cryptography community. According to the report, commissioned by NIST and prepared by RM Advisory Services, AES has added more than $250 billion in value to the economy since it became available. AES is part of the Federal Information Processing Standards, which agencies across the government use to guide their information security and interoperability. The encryption standard is unclassified and is available royalty-free, so it’s utilized by private sector organizations in addition to the government.

 


The Washington Post

September 20, 2018

A Romanian woman pleaded guilty Thursday in a cyber attack that took control of two-thirds of D.C. police surveillance cameras days before President Trump’s presidential inauguration in January 2017. Eveline Cismaru, 28, admitted conspiring to access 126 outdoor police cameras in a far -reaching extortion scheme. Prosecutors said Cismaru was part of a group of hackers who aimed to take over the D.C. government computers and use them to email ransomware to 179,600 accounts, defrauding the owners while hiding their own digital tracks. U.S. prosecutors in the District said the case “was of the highest priority” because of its potential to disrupt security plans for the 2017 presidential inauguration. They found the timing appeared to be a coincidence, however, because the hackers probably did not know the computers were used by police. Cismaru pleaded guilty to two of 11 counts and agreed to cooperate against a co-defendant. Prosecutors said if she provides substantial help, they will seek less than the 24 to 30 months in prison she faces under federal guidelines for conspiracy to commit wire fraud and computer fraud.

 


FCW

September 20, 2018

The Securities and Exchange Commission is losing two top tech officials. Agency CIO Pamela C. Dyson is leaving the SEC to join the Federal Reserve Bank of New York as CIO and executive vice president and head of the technology group. The agency also announced the impending departure of Christopher R. Hetner, the senior adviser for cybersecurity policy. Hetner helped set up the cyber adviser post in 2016-- the same year that the SEC's signature public-facing system EGDAR was reportedly breached. News of the breach was not made public until September 2017. Charles Riddle, who serves as the agency's CTO, will take on the role of acting CIO upon Dyson's departure. Henter, according to an agency release, will stick around to assist with the transition to a yet-to-be-named successor.

 


Nextgov

September 19, 2018

U.S. armed forces must “amplify military lethality and effectiveness” of offensive cyber operations, according to the summary of an updated Defense Department cyber strategy released Tuesday. The strategy, which calls for a surge in cyber efforts both during military conflict and peacetime, also notes some current shortfalls, including a need to improve military cyber recruiting, training and retention. “The United States cannot afford inaction: our values, economic competitiveness and military edge are exposed to threats that grow more dangerous every day,” defense officials wrote in an unclassified summary. “We must assertively defend our interests in cyberspace below the level of armed conflict and ensure the readiness of our cyberspace operators to support the Joint Force in crisis and conflict.”

 


Fifth Domain

September 18, 2018

The Pentagon is preparing to press the defense industry to increase its cyber security, with Deputy Secretary of Defense Patrick Shanahan saying it will become a key measurement for how industry is judged by the department. “This is a public service announcement for those of you from industry, especially for those of you that are in the, I'll call it, higher tiers,” Shanahan told an audience at the annual Air Force Association conference Wednesday. “Cybersecurity is, you know, probably going to be what we call the ‘fourth critical measurement.’ We’ve got quality, cost, schedule, but security is one of those measures that we need to hold people accountable for,” he said.

 


Nextgov

September 18, 2018

Government agencies are usually behind the curve when it comes to understanding the latest cybersecurity threats and solutions, and they need the tech industry to help keep them in the loop, according to a White House cyber official. As the White House looks to standardize cyber capabilities across government, both agencies and the private sector must to do a better job sharing data on potential threats amongst themselves, said Joshua Moses, director of cybersecurity performance and risk management at the Office of Management and Budget. He also said the government will be slow to adopt new protections if companies don’t frequently update feds on the new capabilities they develop. “The open source [community] recognizes that you’re all in it together, that there’s benefit to be gained by sharing that information. That’s frankly what we’re asking all agencies to do as well,” Moses said Tuesday at Red Hat’s OPEN FIRST conference.

 


Wired

September 18, 2018

The three college-age defendants behind the the Mirai botnet—an online tool that wreaked destruction across the internet in the fall of 2016 with powerful distributed denial of service attacks—will stand in an Alaska courtroom Tuesday and ask for a novel ruling from a federal judge: They hope to be sentenced to work for the FBI. Josiah White, Paras Jha, and Dalton Norman, who were all between 18 and 20 years old when they built and launched Mirai, pleaded guilty last December to creating the malware. According to court documents filed in advance of Tuesday’s appearance, the US government is recommending that each of the trio be sentenced to five years probation and 2,500 hours of community service. The twist, though, is precisely how the government hopes the three will serve their time: “Furthermore, the United States asks the Court, upon concurrence from Probation, to define community service to include continued work with the FBI on cyber crime and cybersecurity matters,” the sentencing memorandum says.

 


Ars Technica

September 18, 2018

Georgia’s upcoming November 6, 2018 election will remain purely electronic and will not switch to paper to ward off potential hackers, a federal judge in Atlanta ruled on Monday evening. But as US District Judge Amy Totenberg wrote, she is not at all happy with the inadequate efforts by state officials to shore up their digital security measures. "The Court advises the Defendants that further delay is not tolerable in their confronting and tackling the challenges before the State’s election balloting system," she wrote in her order. "The State’s posture in this litigation—and some of the testimony and evidence presented—indicated that the Defendants and State election officials had buried their heads in the sand." The case, Curling v. Kemp, pits a group of activists and Georgia voters—who say that their home state’s woefully inadequate digital security violates their rights to cast meaningful ballots—against Georgia officials. They, in turn, say that revamping the entirely election process, particularly when the November election is just weeks away, is practically and logistically impossible.

 


The CT Mirror

September 18, 2018

The leader of Connecticut’s cybersecurity efforts said Tuesday that Washington, with a deeply polarized Congress and faction-riven White House, has abrogated its role in defending the nation’s electrical grid, natural gas system and public water supplies against hackers who are growing bolder, more numerous and more sophisticated. “I’m often asked in my job, ‘Are we safe from a cyber attack?’ And the answer, of course, is no,” said Arthur H. House, the state’s chief cybersecurity risk officer. “We’re not safe. No one’s safe. No federal agency, no state agency, no city, no business, no individual can take safety as an assumption. We’re all threatened. We’re threatened all the time. What’s important is that Connecticut and Connecticut’s utilities take cyber security very, very seriously.” House joined Gov. Dannel P. Malloy and representatives of state agencies and utilities to release the second annual cybersecurity review of Connecticut’s systems for the delivery of electricity, natural gas and water. The report found no penetrations of any Connecticut utility, despite hundreds of millions of attempts annually from every corner of the world.

 


Politico

September 17, 2018

The State Department recently suffered a breach of its unclassified email system, and the compromise exposed the personal information of a small number of employees, according to a notice sent to the agency’s workforce. State described the incident as “activity of concern … affecting less than 1% of employee inboxes” in a Sept. 7 alert that was shared with POLITICO and confirmed by two U.S. officials. “We have determined that certain employees’ personally identifiable information (PII) may have been exposed,” the alert said. “We have notified those employees.” The classified email system was not affected, according to the alert, which was marked “Sensitive But Unclassified.” Watchdog reports have consistently dinged State for its insufficient cybersecurity protections, and last week a bipartisan group of senators asked Secretary of State Mike Pompeo how the department was responding. The secretary has yet to respond to the senators' letter.

 


FCW

September 17, 2018

The Air Force is considering launching a cyber rapid capabilities office, Air Force Cyber Commander Gen. Robert Skinner said during the Air Force Association's Air, Space, Cyber conference on Sept. 17. The Air Force is "really pushing" for rapid cyber acquisition capabilities in line with the branch's existing rapid capabilities office and the one being stood up under its Space Command, Skinner said during a panel on cyber operations in a multi-domain environment. "We have an Air Force RCO, we also have a space RCO that's just being stood up at Kirtland Air Force Base," Skinner said. "We're also looking at a cyber RCO and how do we leverage the DNA that is in the AF RCO, and Space RCO to tackle the cyber challenges from a rapid capabilities standpoint." Updating the Air Force's acquisition strategy to be quicker and more agile -- especially through utilizing small businesses -- was a consistent theme throughout day one of the conference.

 

 

INDUSTRY

 


Wired

September 21, 2018

Cryptography schemes are complicated to understand and implement. A lot of things can go wrong. But when it comes to web encryption, a surprising number errors actually stem from a straightforward and seemingly basic mechanism: timekeeping. Synced clocks in operating systems may make digital timekeeping look easy, but it takes a lot of work behind the scenes, and doesn't always solve problems online. The internet's decentralized nature means that the clocks behind every web browser and web application can actually have major discrepancies, which in turn can undermine security protections. In a step toward addressing these inconsistencies, the internet infrastructure firm Cloudflare will now support a free timekeeping protocol known as Roughtime, which helps synchronize the internet's clocks and validate timestamps. "A big reason encryption fails is because someone's clock is off—the skew is actually disturbing," says Cloudflare CEO Matthew Prince. "A clock might be off by a minute, an hour, a day, a month, a year, or more. So we want to be the clock tower in every town square that people can rely on."

 


AP

September 20, 2018

Hackers have stolen 6.7 billion yen ($60 million) worth of cryptocurrencies from a Japanese digital currency exchange, the operators said Thursday. Tech Bureau Corp. said a server for its Zaif exchange was hacked for two hours last week, and some digital currencies got unlawfully relayed from what's called a "hot wallet," or where virtual coins are stored at such exchanges. The exchange was taken offline until details of the damage could be confirmed, and efforts were underway to get it back working, Tech Bureau said. Japan has been bullish on virtual money and has set up a system requiring exchanges to be licensed to help protect consumers. The system is also meant to make Japan a global leader in the technology. Bitcoin has been a legal form of payment in Japan since April 2017, and a handful of major retailers here already accept bitcoin payments. But the recurrence of cryptocurrency heists shows problems persist.

 


CNBC

September 20, 2018

Banks may be in sound condition post-Lehman Brothers, but the financial system could crack again if hit with a devastating cyber attack, J.P. Morgan Chief Executive Jamie Dimon warned on Thursday. "I think the biggest vulnerability is cyber, just for about everybody" he told CNBC's Indian affiliate CNBC TV-18 on Thursday. "I think we have to focus on it, the United States government has to focus on it… We have to make sure because cyber — terrorist and cyber countries — they could cause real damage. We're already spending a lot of money and J.P. Morgan is secure but we should really worry about that." Dimon put inflation running too hot as his second biggest concern, warning the reactionary raising of interest rates from the U.S. Federal Reserve could be the cause of a "traditional" recession. Industry experts have placed increasing importance on the threat of cyber warfare as attacks become more sophisticated.

 


Nextgov

September 20, 2018

The company that helped chase Russian hackers out of the Democratic National Committee’s networks before the 2016 election will now be protecting government information held in computer clouds, the company said Thursday. The cybersecurity firm CrowdStrike, which has assisted with many of the most high profile computer breaches of the past five years, received an authorization to operate on cloud-based government systems that are deemed “moderate impact level” under the government’s Federal Risk and Authorization Management Program, or FedRAMP, according to a news release. The moderate impact level accounts for about 80 percent of government’s cloud-based systems and includes systems where “the loss of confidentiality, integrity, and availability would result in serious adverse effects on an agency’s operations, assets, or individuals,” according to a FedRAMP fact sheet. It does not include law enforcement, emergency management, financial or healthcare systems.

 


Ars Technica

September 19, 2018

The popular computer and electronics Web retailer NewEgg has apparently been hit by the same payment-data-stealing attackers who targeted TicketMaster UK and British Airways. The attackers, referred to by researchers as Magecart, managed to inject 15 lines of JavaScript into NewEgg's webstore checkout that forwarded credit card and other data to a server with a domain name that made it look like part of NewEgg's Web infrastructure. It appears that all Web transactions over the past month were affected by the breach. Details of the breach were reported by the security research firms RiskIQ (which exposed the code behind the British Airways attack) and Volexity Threat Research today. The attack was shut down by NewEgg on September 18, but it appears to have been actively siphoning off payment data since August 16, according to reports from the security researchers. Yonathan Klijnsma, head researcher at RiskIQ, said that the methods and code used are virtually identical to the attack on British Airways—while the Ticketmaster breach was caused by code injected from a third-party service provider, both the BA breach and the NewEgg attack were the result of a compromise of JavaScript libraries hosted by the companies themselves.

 


TechCrunch

September 19, 2018

A security researcher has published details of a vulnerability in a popular cloud storage drive after the company failed to issue security patches for over a year. Remco Vermeulen found a privilege escalation bug in Western Digital’s My Cloud devices, which he said allows an attacker to bypass the admin password on the drive, gaining “complete control” over the user’s data. The exploit works because drive’s web-based dashboard doesn’t properly check a user’s credentials before giving a possible attacker access to tools that should require higher levels of access. The bug was “easy” to exploit, Vermeulen told TechCrunch in an email, and was remotely exploitable if a My Cloud device allows remote access over the internet — which thousands of devices do. He posted a proof-of-concept video on Twitter. Details of the bug were also independently found by another security team, which released its own exploit code. Vermeulen reported the bug over a year ago, in April 2017, but said the company stopped responding.

 


CyberScoop

September 19, 2018

Security-testing company NSS Labs has filed an antitrust lawsuit against multiple prominent cybersecurity vendors, alleging that they conspired to restrict testing of their products. The suit, filed Tuesday in a U.S. district court in Northern California, claims NSS Labs has already “suffered substantial damages” from the alleged antitrust actions of CrowdStrike, Symantec and ESET, along with the Anti-Malware Testing Standards Organization (AMTSO). Unless an injunction is issued against the alleged conspiracy, the complaint says, “NSS Labs will suffer further injury, including irreparable injury such as permanent loss of market share.” The complaint alleges that the vendors used the AMTSO, a California-based forum for considering anti-malware testing methods, to violate U.S. and California antitrust laws. Specifically, the complaint holds, the defendants threatened not to do business with product testers that voted against the AMTSO standard, which NSS Labs opposed. CrowdStrike, ESET, NSS Labs, and Symantec are all AMTSO members.

 


CNET

September 17, 2018

If you use Facebook to log into your favorite services, it should come as no surprise that you're sharing some of your Facebook data with a third-party app or website. That's the point.  So the company wants members to feel safe using Facebook to connect to services that include everything from AirBNB and Yelp to FarmVille and Candy Crush. On Monday, Facebook announced an update to its bug bounty program designed to help prevent user information from leaking through security flaws in third-party apps. The program will now pay for reports of third-party services that might expose the bits of information that Facebook uses to identify you as you. That information is known as user tokens. Facebook declined to say how many third-party apps run on its platform. Only apps that allow give you the option to "log in with Facebook" are affected by the changes announced Monday.

 


CyberScoop

September 17, 2018

Sharp-eyed researchers have spotted a critical vulnerability in numerous surveillance devices from the video management company NUUO. We’ve seen this before: In 2016, multiple critical vulnerabilities in NUUO devices were publicized in an excruciatingly public way. The latest — a buffer overflow issue — was spotted by researchers at the U.S. cybersecurity firm Tenable, which has named the bug Peekaboo. The bug allows remote code execution on video surveillance systems. That means a hacker could watch or tamper with surveillance feeds. Tenable publicly detailed the bug on its blog after having privately notified NUUO more than 90 days ago. The Maryland-based cybersecurity company’s vulnerability disclosure policy states that after 90 days, researchers will go public. NUUO, which is based in Taiwan and has offices worldwide, says a patch is in development.

 

 

INTERNATIONAL

 


The Guardian

September 21, 2018

British spies are likely to have hacked into Belgium’s biggest telecommunications operator for at least a two-year period on the instruction of UK ministers, a confidential report submitted by Belgian prosecutors is said to have concluded. The finding would support an allegation made by the whistleblower Edward Snowden five years ago when he leaked 20 slides exposing the targets of hacking by the British intelligence service GCHQ. According to unconfirmed reports in the Belgian media, the federal prosecutors’ report suggests the hackers closed their operation within a matter of minutes of being exposed in August 2013. It is believed the interception of Belgacom, now Proximus, had been ongoing since at least 2011. The justice minister, Koen Geens, has confirmed he has received the report and that it will be discussed within the national security council, led by the prime minister, Charles Michel.

 


ZDNet

September 21, 2018

The Singapore government has announced plans to launch a bug bounty programme by year-end as well as a cybersecurity hub to coordinate training and collaborative efforts amongst Asean country members. The bug bounty initiative aimed to identify "cyber blindspots" and benchmark the government's defences against cyberattacks, said Deputy Prime Minister Teo Chee Hean, at the annual Singapore International Cyber Week conference this week. The programme was scheduled to launch at the end of the year, during which both local and international white-hat hackers would be invited to test selected government systems and uncover vulnerabilities. Teo said: "Through this process, we can bring together a community of cyber defenders who share the common goal of making cyberspace safer, and more resilient by securing our systems against malicious attacks. This builds a shared sense of collective ownership over the cybersecurity of our systems, which is vital to achieve our smart nation goals."

 


Gov Info Security

September 20, 2018

Credit bureau Equifax has been hit with the maximum possible fine under U.K. law for "multiple failures" that contributed to its massive 2017 data breach, including its failure to act on a critical vulnerability alert issued by the U.S. Department of Homeland Security. The Information Commissioner's Office, which is the U.K.'s data protection authority and enforces the country's privacy laws, announced the £500,000 ($660,000) fine on Thursday. Following an investigation into the breach - carried out in parallel with the U.K.'s Financial Conduct Authority - the ICO cited Equifax "for failing to protect the personal information of up to 15 million U.K. citizens during a cyberattack in 2017." An investigation carried out by the ICO found that Equifax violated more than half of the country's applicable data protection principles. In one particularly egregious example, the credit bureau was storing personal information, including plaintext passwords, in a testing environment "for the purposes of fraud prevention and password analysis," the ICO says. The company also failed to obtain users' consent for doing so, telling the ICO this would have created a security risk.

 


The New York Times

September 20, 2018

On an October afternoon before the 2016 election, a huge banner was unfurled from the Manhattan Bridge in New York City: Vladimir V. Putin against a Russian-flag background, and the unlikely word “Peacemaker” below. It was a daredevil happy birthday to the Russian president, who was turning 64. In November, shortly after Donald J. Trump eked out a victory that Moscow had worked to assist, an even bigger banner appeared, this time on the Arlington Memorial Bridge in Washington: the face of President Barack Obama and “Goodbye Murderer” in big red letters. Police never identified who had hung the banners, but there were clues. The earliest promoters of the images on Twitter were American-sounding accounts, including @LeroyLovesUSA, later exposed as Russian fakes operated from St. Petersburg to influence American voters. The Kremlin, it appeared, had reached onto United States soil in New York and Washington. The banners may well have been intended as visual victory laps for the most effective foreign interference in an American election in history.

 


The New York Times

September 20, 2018

Of all the scandals swirling around the Trump White House, the Republican fund-raiser Elliott Broidy is in a category of his own. Documents from the office of the president’s personal lawyer, Michael D. Cohen, revealed that Mr. Broidy had agreed to pay $1.6 million to a former Playboy model to keep her quiet about their affair, which led her to get an abortion. And emails stolen from his account showed he had used his White House access on behalf of the rulers of the United Arab Emirates while landing hundreds of millions of dollars in contracts with them for his private defense company. Mr. Broidy, though, is not going quietly. His lawyers said this week that, after more than 80 subpoenas and months of forensic analysis, they had managed to identify as many as 1,200 other individuals targeted by the same cybercriminals. The list of names the lawyers compiled, they argue, will bolster Mr. Broidy’s case that the rulers of Qatar — the tiny Persian Gulf emirate that is a nemesis of the U.A.E.— had targeted him for his advocacy against them.

 


Vice Motherboard

September 20, 2018

When an Israeli entrepreneur went into a meeting with the infamous spyware vendor NSO, company representatives asked him if it would be OK for them to demo their powerful and expensive spying software, known as Pegasus, on his own phone. The entrepreneur, who spoke to Motherboard on condition of anonymity because he was not authorized to talk about the meeting, agreed, but said that NSO would have to target his other iPhone, which he brought with him and had a foreign phone number. He gave NSO that phone number and put the phone on the desk. After “five or seven minutes,” the contents of his phone’s screen appeared on a large display that was set up in the meeting room, all without him even clicking on a malicious link, he said. “I see clicking on all kinds of icons: email icon, SMS icon, and other icons,” he told Motherboard. “And suddenly I saw all my messages in there and I saw all the email in there and they were capable to open any information that was on my [iPhone].” The entrepreneur added that the NSO representatives accessed the microphone and the camera on his iPhone.

 


Network World

September 19, 2018

In a few months, the internet will be a more secure place. That’s because the Internet Corporation for Assigned Names and Numbers (ICANN) has voted to go ahead with the first-ever changing of the cryptographic key that helps protect the internet’s address book – the Domain Name System (DNS). The ICANN Board at its meeting in Belgium this week, decided to proceed with its plans to change or "roll" the key for the DNS root on Oct. 11, 2018. It will mark the first time the key has been changed since it was first put in place in 2010. During its meeting ICANN spelled out the driving forces behind the need for improved DNS security that the rollover will bring. For example, the continued evolution of  Internet technologies and facilities, and deployment of IoT devices and increased capacity of networks all over the world, coupled with the unfortunate lack of sufficient security in those devices and networks, attackers have increasing power to cripple Internet infrastructure, ICANN stated. “Specifically, the growth in attack capacity risks outstripping the ability of the root server operator community to expand defensive capacity. While it remains necessary to continue to expand defensive capacity in the near-term, the long-term outlook for the traditional approach appears bleak,” ICANN stated.

 


AP

September 18, 2018

An Iranian government-aligned group of hackers launched a major campaign targeting Mideast energy firms and others ahead of U.S. sanctions on Iran, a cybersecurity firm said Tuesday, warning further attacks remain possible as America re-imposes others on Tehran. While the firm FireEye says the so-called "spear-phishing" email campaign only involves hackers stealing information from infected computers, it involves a similar type of malware previously used to inject a program that destroyed tens of thousands of terminals in Saudi Arabia. The firm warns that raises the danger level ahead of America re-imposing crushing sanctions on Iran's oil industry in early November. "Whenever we see Iranian threat groups active in this region, particularly in line with geopolitical events, we have to be concerned they might either be engaged in or pre-positioning for a disruptive attack," Alister Shepherd, a director for a FireEye subsidiary, told The Associated Press. Iran's mission to the United Nations rejected FireEye's report, calling it "categorically false."

 

 

TECHNOLOGY

 


The Next Web

September 20, 2018

The entire Bitcoin infrastructure has been issued with a stern warning: update Bitcoin Core software or risk having the whole thing collapse. Until now, Bitcoin miners could have brought down the entire blockchain by flooding full node operators with traffic, via a Distributed Denial-of-Service (DDoS) attack. “A denial-of-service vulnerability (CVE-2018-17144) exploitable by miners has been discovered in Bitcoin Core versions 0.14.0 up to 0.16.2.” the patch notes state. “It is recommended to upgrade any of the vulnerable versions to 0.16.3 as soon as possible.” Developers have issued a patch for anyone running nodes, along with an appeal to update the software immediately.