Thursday, October 18, 2018

Five Eyes cyber agencies detail list of popular hacking tools


The Psychology of Fear – why do we love being scared? - Merlin Events London

Dirty Money, Fraud and Tax Evasion Rock Corruption-Free Denmark
Finding Extremists in Online Social Networks
New research has found a way to identify extremists, such as cyberbullies to terrorist groups by monitoring their social media accounts, and can identify them even before they post threatening content.
The Hill
October 12, 2018
The Chairman of the Senate Judiciary Committee is pressing Google to explain its data privacy practices in the wake of revelations that user data was hacked from its now defunct social media platform, Google Plus. Sen. Charles Grassley (R-Iowa) sent a letter to Google CEO Sundar Pichai on Friday asking him to explain how the breach may have affected users and why it took Google so long to discover and then disclose the breach. Grassley also tore into Google for being hypocritical about its security practices during Facebook’s Cambridge Analytica scandal. “Despite your contention that Google did not have the same data protection failures as Facebook, it appears from recent reports that Google+ had an almost identical feature to Facebook, which allowed third-party developers to access information from users as well as private information of those users’ connections,” Grassley wrote to Pichai.


How data can reinvigorate democracy
DEBATE: Agencies are constantly seeking public participation but they need to continue conversations with the insights they gather. Technology may be the key.

 

CyberScoop
October 11, 2018
Republican senators have written to Google CEO Sundar Pichai demanding to know why the company was reportedly slow to disclose a software flaw in its Google+ social network partly out of fear of drawing attention from regulators. “Google must be more forthcoming with the public and lawmakers if the company is to maintain or regain the trust of the users of its services,” states the Oct. 11 letter from Sens. John Thune, S.D.,  Jerry Moran, Kan., and Roger Wicker, Miss. Thune chairs the Commerce, Science, and Transportation Committee. The software flaw, which Google announced Monday, exposed profile data such as email addresses and age, through an API. The incident affected up to 500,000 accounts, according to Google, which shut down consumer use of Google+ in response. Although the tech giant said it discovered and patched the bug in March, according to an internal company memo cited by the Wall Street Journal, Google officials worried that disclosing the incident would bring “immediate regulatory interest.”

CyberScoop
October 11, 2018
Senators introduced a pair of bills Thursday that would crack down on foreign ownership of election systems in the U.S., as the government continues to try to mitigate supply chain risk. Sen. Chris Van Hollen, D-Md., announced the Protect Our Elections Act and the Election Systems Integrity Act, both of which would set restrictions and reporting requirements around foreign ownership and operation of election systems. The former has bipartisan backing, with co-sponsorships from Susan Collins, R-Maine, and Ben Cardin D-Md. The latter is also backed by Cardin and Sen. Amy Klobuchar, D-Minn. The two bills overlap significantly in scope. Asked why they’re separate, a spokesperson for Van Hollen said that one deals with disclosure while the other would issue a ban. The Protect Our Elections Act would outlaw foreign ownership of election systems, specifically ones that deal with voting, tabulation, voter registration and communication systems for election agency. The bill would also require other election service providers — vendors or contractors that maintain election systems — to disclose if any foreigners own or control the company. Failing to disclose carries a $10,000 fine. The Election Systems Integrity Act is a slimmed down version, only including the disclosure requirement, not the ban.

The New York Times
October 10, 2018
Authorized hackers were quickly able to seize control of weapons systems being acquired by the American military in a test of the Pentagon’s digital vulnerabilities, according to a new and blistering government review. The report by the Government Accountability Office concluded that many of the weapons, or the systems that control them, could be neutralized within hours. In many cases, the military teams developing or testing the systems were oblivious to the hacking. A public version of the study, published on Tuesday, deleted all names and descriptions of which systems were attacked so the report could be published without tipping off American adversaries about the vulnerabilities. Congress is receiving the classified version of the report, which specifies which among the $1.6 trillion in weapons systems that the Pentagon is acquiring from defense contractors were affected. But even the declassified review painted a terrifying picture of weaknesses in a range of emerging weapons, from new generations of missiles and aircraft to prototypes of new delivery systems for nuclear weapons.

The Hill
October 10, 2018
Lawmakers are demanding answers to concerns about reports of Chinese cyber espionage regarding the IT company Super Micro. Sens. Richard Blumenthal (D-Conn.) and Marco Rubio (R-Fla.) on Wednesday put pressure on the company, asking in a letter that it cooperate with law enforcement and explain more about the potential breach. The lawmakers’ concerns stem from a Bloomberg Businessweek report that detailed how the Chinese government was able to take advantage of vulnerabilities in Super Micro’s supply chain to install their own chips onto the company’s motherboards, which it then sold to many American firms including Apple and Amazon. Super Micro, Apple and Amazon have all refuted the Bloomberg report, saying that their own investigations have not found evidence of a hack or of being compromised in the way described in the report. Rubio and Blumenthal acknowledged the denials, but say that given the severity of the report, they still want further explanation.


ADMINISTRATION

Rolling Stone
October 12, 2018
As part of its efforts to combat forms of foreign election interference like that seen in 2016, the FBI in August launched a project called Protected Voices to help political candidates and consultants defend against the next wave of cyberattacks on U.S. soil. Now, just three weeks before the 2018 midterm elections, the program has taken a strange turn. This past Tuesday, two FBI special agents who work on Protected Voices had planned an online briefing with political operatives based in Washington and northern Virginia to share “cyber hygiene” tips on how to not get hacked by foreign nations, e-criminals and other malicious actors. Director of National Intelligence Dan Coats said in July that the warning lights for future cyberattacks and election interference were “blinking red.” Those threats have only increased, cybersecurity experts say, as the midterm elections get closer. But just one day before the campaign briefing, the FBI announced that the hearing was off and postponed until 2019 “due to factors beyond our control.” In an interview with Rolling Stone, Andrew Ames, an FBI spokesman, said that sign-ups for the briefing were “so low” that the bureau had to delay it until after the midterms.

CyberScoop
October 12, 2018
The Food and Drug Administration has issued a cybersecurity advisory for two models of programming equipment that doctors use to check cardiac devices like pacemakers, citing a vulnerability that could allow unauthorized access to the programmers. The FDA said it confirmed that when the two models of programmers, which are made by Minneapolis-based Medtronic, have an internet connection, unauthorized users could exploit the vendor’s software-updating network to change the programmers’ functionality. Doctors use the programmers to do things like adjust the settings of a pacemaker and check its batteries, according to the FDA. “While we are not aware of patients who may have been harmed by this particular cyber vulnerability, the risk to patient harm of leaving such a vulnerability unaddressed is too great,” Suzanne Schwartz, a top cybersecurity official at the FDA, said Thursday in a statement.

Nextgov
A new program to ensure the cybersecurity of the government’s supply chain will be based on unclassified, public information whenever possible, according to a question-and-answer sheet the Homeland Security Department posted Thursday. The document, which was posted to a government contracting site, contains Homeland Security responses to industry questions following a formal request for information and meeting with industry about the supply chain initiative in September. Homeland Security intends to share the companies it’s reviewing with the intelligence community, the document states. In most cases, however, intelligence agencies will just suggest particular areas Homeland Security should focus on or identify companies that require especially close attention. Intelligence agencies won’t share the classified basis for those suggestions, the document states.

Nextgov
October 12, 2018
The Los Angeles Cyber Lab, a public-private partnership that aims to promote cybersecurity and protect the city against hacker attacks, will expand its reach using a $3 million grant from the Department of Homeland Security. The expansion will grow the lab’s capacity by developing a “universal, standardized platform for threat intelligence, analysis and sharing” that can be accessed for free by participating private-sector companies and government agencies. “Each participant will automatically and seamlessly feed threats to the Cyber Lab, which will subsequently be analyzed, correlated and distributed to all participating members,” the city said in a news release. The expansion will also include conferences, training sessions and the creation of an “innovation incubator” that will make the lab and its data available for students, researchers and product developers. By 2020, city officials hope to also launch a cyber simulator with both physical and online space where entrepreneurs and product developers can enhance security tools by performing tests and forensic investigations, among other things.

Federal News Radio
October 11, 2018
What infrastructure qualifies as critical? What functionalities do citizens most depend on? Does a cyberattack by a foreign power that doesn’t damage critical infrastructure or kill anyone count as an attack? These are some of the heavy questions the National Risk Management Center, the Homeland Security Department’s new one-stop shop aimed at protecting and sharing cyber threat information with major industries, is weighing as it begins to examine how adversaries could disrupt day-to-day life in the U.S. “That’s really the first effort of this National Risk Management Center, is to identify what those critical functions are in coordination with industry. And then what we need to do is assess the risk to those functions, and who those stakeholders are that are involved in those functions,” Jeanette Manfra, National Protection and Programs Directorate assistant secretary for the Office of Cybersecurity and Communications at DHS, said during a panel at an Oct. 10 RealClearPolitics event, Securing Cyberspace: Forging a Collective Defense.

AP
October 11, 2018
An elections integrity activist is demanding a rigorous security review of voting systems in Tennessee's largest county before the November election, and the replacement in the next year of its electronic voting machines with paper ballots. Attorney Carol Chumney says in a letter she also wants Secretary of State Tre Hargett and Shelby County Election Commission officials to ask the U.S. Department of Homeland Security to perform risk and vulnerability assessments on voting systems ahead of the Nov. 6 elections. Election security experts say the type of electronic voting system used by Shelby County is easily hacked and unreliable because it does not produce a voter-verifiable paper trail. Chumney wants the county to let outside experts examine its election management software before and after the election and report any evidence of hacking, possible editing of votes cast or unauthorized software to the Tennessee Bureau of Investigation. And the county must replace its entire elections system ahead of October 2019 Memphis municipal elections with an optical scan system that uses hand-marked paper ballots, Chumney wrote.

Nextgov
October 11, 2018
Holding government leaders accountable for cybersecurity lapses was a major pillar of a cybersecurity executive order President Donald Trump issued in 2017 and of a national Cybersecurity Strategy released last month. The government is unlikely to advertise when it brings that accountability to bear, however, federal Chief Information Security Officer Grant Schneider told reporters Thursday. When asked for particular instances of accountability for agency security incidents and low compliance scores on cybersecurity metrics, Schneider replied that the government was likely to be discreet about disciplinary action. “The government is never going to publicize anyone getting fired for anything,” he said, adding: “I think there are a variety of ways to hold people accountable besides they got fired from the federal government.” People who fail to meet cybersecurity requirements may be ushered out of their positions in ways that aren’t officially recorded as an involuntary separation from the federal government, Schneider added.

CyberScoop
October 10, 2018
A news report claiming a compromise of U.S. companies’ supply chains by Chinese spies has triggered a thorough search in government and industry for evidence of the breach that has so far turned up nothing, according to a senior National Security Agency official, who expressed concern that the search was a distraction and potentially a waste of resources. “I have grave concerns about where this has taken us,” Rob Joyce said Wednesday at the U.S. Chamber of Commerce. “I worry that we’re chasing shadows right now.” The story in question is an explosive, anonymously-sourced report published last week by Bloomberg Businessweek. The report alleges Chinese intelligence agents placed malicious microchips on server motherboards supplied by Super Micro Computing Inc., setting up a backdoor to some 30 companies, including Apple and Amazon Web Services. While supply-chain threats emanating from China are certainly a concern, Joyce said, “what I can’t find are any ties to the claims that are in the article.”

The Atlantic
October 10, 2018
In August, 28-year-old Grant Michalski was implicated as part of a ring of men sharing images and videos of a young girl, the daughter of one of the ring’s members, being sexually abused. The FBI arrived at Michalski’s home with the authority to require him to unlock his iPhone X using the phone’s Face ID feature. It was the first search warrant of its kind. When Michalski’s phone was seized, agents were limited in what they could access. Even after it was unlocked, the FBI agent would need the phone’s passcode in order to plug it into a computer for forensic analysis to find“hidden, erased, compressed, password-protected, or encrypted files.” Interestingly, the law treats passcodes and PINs differently from fingerprints and face scans, even if they perform the same function: unlocking devices. According to John Verdi, Vice President of Policy at the Future of Privacy Forum, compelling passcodes from suspects can be extraordinarily difficult because of the Fifth Amendment, which enshrines our right not to be forced to incriminate ourselves. High courts have ruled consistently that passcodes are “testimonial”—that is, that they “explicitly or implicitly, relate a factual assertion or disclose information”—and therefore that forcing citizens to surrender them is self-incriminating and unconstitutional. But biometrics are different.

Gov Info Security
October 10, 2018
The Department of Health and Human Services' Office of Inspector General has launched a new web page to draw attention to the growing importance of the watchdog agency's cybersecurity-related activities - ranging from security audits to fraud investigations. "OIG recognizes protecting HHS data, systems and beneficiaries from cybersecurity threats as a top management and performance challenge facing HHS," the agency said in a statement on Tuesday announcing the launch of the new web page. "In partnering with various HHS agencies to address this challenge, OIG has formed a multidisciplinary cybersecurity team comprised of auditors, evaluators, investigators and attorneys focused on combatting cybersecurity threats within HHS and the healthcare industry." OIG is raising the profile of its cybersecurity efforts for many of the same reasons other organizations are intensifying their cyber focus, says Mac McMillan, CEO of the security consultancy CynergisTek. "The threat has become more dangerous and more pervasive. It puts service at risk. Privacy isn't the only thing at risk anymore. And these incidents are costing the U.S. and businesses significant losses of money."

AP
October 10, 2018
With the midterm elections less than a month away, a strong majority of Americans are concerned the nation’s voting systems might be vulnerable to hackers, according to a poll released Wednesday. That is roughly unchanged from concerns about election security held by Americans just before the 2016 presidential election, but with a twist. Two years ago, it was Republicans who were more concerned about the integrity of the election. This year, it’s Democrats. The survey from The University of Chicago Harris School of Public Policy and The Associated Press-NORC Center for Public Affairs Research found that Democrats have grown increasingly concerned about election security while Republicans have grown more confident. By 58 percent to 39 percent, Democrats are more likely than Republicans to say they are very concerned about hackers affecting U.S. election systems. That represents a flip from the results of a similar survey taken in 2016.

McClatchy
October 10, 2018
Four advocacy groups for elections and cybersecurity called Wednesday for the halt of a pilot project in West Virginia that allows military personnel posted overseas and other U.S. citizens living abroad to cast ballots for the 2018 midterms using a smartphone app. “Military voters … deserve any help the government can give them to participate in democracy equally with all other citizens. However, in this threat environment, online voting endangers the very democracy the U.S. military is charged with protecting,” the groups said. Proponents argued that with voter turnout so low, technology like the app is worth the risk. The report was issued by the National Election Defense Coalition, the nonpartisan watchdog group Common Cause, the center-right think tank R Street Institute, and the Technology Policy Committee of the Association for Computing Machinery, a group that says it provides neutral input on issues involving computing technology.

Nextgov
October 9, 2018
Roughly half of all government email domains are on track to meet an Oct. 16 deadline to protect against phishing and impersonation scams, according to data from the email security firm ValiMail. That’s up from just 4 percent of domains that had implemented the tool, known as DMARC, when the Homeland Security Department first ordered agencies to do so in October 2017. Another 25 percent of email federal domains have set up DMARC but haven’t set it to the highest protection level, according to the ValiMail report. DMARC stands for Domain-based Message Authentication, Reporting and Conformance, an email protocol that verifies a sender’s email domain. If the domain says the sender is illegitimate, DMARC can send the email to the recipient’s spam folder or decline to deliver it entirely.

FCW
October 9, 2018
The Army announced that it was looking for its first colonel to join the service as part of its direct commissioning program for civilians who specialize in cybersecurity. The announcement comes as the Army, and Defense Department as a whole, grapples with the problem of attracting and retaining cyber workers. The service is hunting for the first colonel to come through its direct commissioning program for cyber operators, Army Cyber Director Brig. Gen. Jennifer Buckner said during a panel discussion about cyber teams at the AUSA conference and trade show on Oct. 8. "We don't know what one looks like, but we're ready," Buckner said.

McClatchy
October 8, 2018
Barely a month before midterm elections, voting integrity advocates and electronic voting experts want the federal government to issue an official warning to states that use voting machines with integrated cellular modems that the machines are vulnerable to hacks, potentially interfering with the ballot counting. Once seen as a useful tool to provide quick election results, voting machines with cellular modems are now subject to fierce debate over how easy it would be to break into them and change the results. Such machines are certified for use in Florida, Illinois, Michigan and Wisconsin. A spokeswoman for the Florida Department of State, Sarah Revell, defended the certification of such machines. “Voting machines are not connected to the internet,” Revell said in an email to McClatchy, adding that “it is important to note that when transmitting election data everything is encrypted and authenticated.” But a number of voting machine researchers take issue with such assertions, saying that cellular networks increasingly overlap with the internet and open avenues for hackers to interfere with unofficial early results even when there are paper ballots that can be tallied for a slower official count. They say interfering with unofficial early results, even when corrected later, could increase mistrust among voters and add uncertainty immediately after elections conclude.

The Washington Post
October 8, 2018
Federal and state employees responsible for running government websites will soon have to use two-factor authentication to access their administrator accounts, adding a layer of security to prevent intruders from taking over dot-gov domains. Officials at federal agencies such as the departments of Justice, State and Defense can begin adding two-step verification to their accounts on Monday, according to the General Services Administration, the agency that manages dot-gov domains for the U.S. government. In the coming months, state and local officials will be prompted to add the security feature. Two-factor verification works by requiring a user to input both a password and a special code generated by a device in the possession of an authorized user. This means even if a password is compromised, a hacker would still need to steal a government worker’s physical device.


INDUSTRY

The Washington Post
October 12, 2018
An online attack that forced Facebook to log out 90 million users last month directly affected 29 million people on the social network, the company said Friday as it released new details about the scope of an incident that has regulators and law enforcement on high alert. Through a series of interrelated bugs in Facebook’s programming, unnamed attackers stole the names and contact information of 15 million users, Facebook said. The contact information included a mix of phone numbers and email addresses. An additional 14 million users were affected more deeply, having additional details taken related to their profiles, such as their recent search history, gender, educational background, geolocation data, birth dates, and lists of people and pages they follow. Facebook said last month that it detected the attack when it noticed an uptick in user activity. An investigation soon found that the activity was linked to the theft of security codes that, under normal circumstances, allow Facebook users to navigate away from the site while remaining logged in.

Gov Info Security
October 12, 2018
Millions of internet-of-things devices made by a Chinese company and sold in stores such as Home Depot and Wal-Mart still have glaring security problems, a Danish security consultancy warns. SEC Consult writes in a blog post that it examined software that runs on IP camera and digital video recorders made by Hangzhou Xiongmai Technology Co. Ltd. Xiongmai was a little-known manufacturer until two years ago when its products and those of many other IoT manufacturers were compromised by the Mirai malware. Xiongmai has a surprisingly large reach, however. By SEC Consult's count, its technology is incorporated into the products of more than 100 companies, a practice known as white labeling. The problem is that identifying products that have Xiongmai embedded inside requires a bit of detective work, making it broadly more difficult for users of the products to even realize their networks are at risk.

The Hill
October 11, 2018
FICO and the U.S. Chamber of Commerce released a new tool Thursday to score how strong businesses' protections are when it comes to cybersecurity. The tool, called the Assessment of Business Cybersecurity (ABC), uses an algorithm known as the FICO Cyber Risk Score to determine how secure a business or business sector is. The algorithm considers factors like the health of a company’s network infrastructure and the scope of their internet-exposed systems to reach a score, similar to a credit score. “Businesses are on the front line of cybersecurity threats. Their risk impacts our economy’s health and our national security,” Christopher D. Roberti, senior vice president for cyber intelligence and security policy for U.S. Chamber of Commerce, said in a statement.

CyberScoop
October 11, 2018
A newly uncovered Android trojan can install advanced spyware on unsuspecting users’ phones under the guise that it’s just part of the operating system, according to research from Cisco Talos out Thursday. Talos says that the malware’s sophistication is “of an uncommonly high level, making it a dangerous threat.” Vitor Ventura, who authored the Talos report, told CyberScoop by email that it “appears to be a new family of malware.” After being installed and going through some onboarding procedures, the “GPlayed” trojan has a broad range of spying capabilities. It can exfiltrate information like texts and contacts, track geolocation, change the lockscreen password and collect payment credentials. Beyond that, the trojan has the built-in ability to adapt after being installed, Talos says. It load new plugins remotely, inject new scripts and compile new code.

Bloomberg
October 10, 2018
Ant Financial’s Alipay and Tencent Holdings Ltd. warned that cyber-attackers employed stolen Apple IDs to break into customers’ accounts and made off with an unknown amount of cash, in a rare security breach for China’s top digital payments providers. Alipay, whose parent also operates the world’s largest money market fund, said on its Weibo blog that it contacted Apple and is working to get to the bottom of the breach. It warned users that’ve linked their Apple identities to any payment services, including Tencent’s WePay, to lower transaction limits to prevent further losses. Tencent said in a separate statement it too had noticed the cyber-heist and reached out to the iPhone maker. China’s two largest companies both recommended that users of their digital wallets take steps to safeguard their Apple accounts, including by changing passwords. It’s unclear how the attackers may have gotten their hands on the Apple IDs, which are required for iPhone users that buy content such as music from iTunes or the app store. Apple representatives haven’t responded to requests and phone calls seeking comment.

CyberScoop
October 10, 2018
A newly revealed hacking group has been going after diplomatic and military targets in a malware-less campaign that researchers say makes it difficult to detect. Over the last 10 months, the so-called Gallmaker group has conducted what appear to be cyber-espionage operations against several embassies belonging to an Eastern European country, according to research from cybersecurity company Symantec published Wednesday. The group, which researchers say is likely state-sponsored, has also targeted military and defense organizations in the Middle East. “The type of targets seen in the attacks really fit that of what an espionage group would be interested in,” Jon DiMaggio, senior threat intelligence analyst at Symantec, told CyberScoop. “If simply for financial gain, it would be odd to restrict targets to diplomatic, military and defense personnel.” Gallmaker’s end goal appears to collecting intelligence on its targets in the form of documents and communications, according to DiMaggio.

The Wall Street Journal
October 8, 2018
Google exposed the private data of hundreds of thousands of users of the Google+ social network and then opted not to disclose the issue this past spring, in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage, according to people briefed on the incident and documents reviewed by The Wall Street Journal. As part of its response to the incident, the Alphabet Inc. unit on Monday announced a sweeping set of data privacy measures that include permanently shutting down all consumer functionality of Google+. The move effectively puts the final nail in the coffin of a product that was launched in 2011 to challenge Facebook Inc. and is widely seen as one of Google’s biggest failures. A software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, when internal investigators discovered and fixed the issue, according to the documents and people briefed on the incident. A memo reviewed by the Journal prepared by Google’s legal and policy staff and shared with senior executives warned that disclosing the incident would likely trigger “immediate regulatory interest” and invite comparisons to Facebook’s leak of user information to data firm Cambridge Analytica.


INTERNATIONAL

TechCrunch
October 12, 2018
Apple has strongly criticized Australia’s anti-encryption bill, calling it “dangerously ambiguous” and “alarming to every Australian.” The Australian government’s draft law — known as the Access and Assistance Bill — would compel tech companies operating in the country, like Apple, to provide “assistance” to law enforcement and intelligence agencies in accessing electronic data. The government claims that encrypted communications are “increasingly being used by terrorist groups and organized criminals to avoid detection and disruption,” without citing evidence. But critics say that the bill’s “broad authorities that would undermine cybersecurity and human rights, including the right to privacy” by forcing companies to build backdoors and hand over user data — even when it’s encrypted.

IT World Canada
October 12, 2018
To help network defenders around the world Canada and the other members of the Five Eyes intelligence partnership have issued a report detailing five publicly-available tools used by threat actors, including advice on how to limit their effectiveness and to detect their use. “Experience from all our countries makes it clear that, while cyber actors continue to develop their capabilities, they still make use of established tools and techniques,” says the report, available on the home pages of each country’s cyber centre (see below). “Even the most sophisticated groups use common, publicly-available tools to achieve their objectives.” The tools detailed fall into five categories: Remote Access Trojans (RATs) with the JBiFrost tool highlighted; Web Shells, with the China Chopper tool highlighted;  Credential stealers, with Mimikatz highlighted;  Lateral movement frameworks, focusing on PowerShell Empire; and Command and Control (C2) obfuscators, with HUC Packet Transmitter highlighted.

ZDNet
October 12, 2018
The WannaCry ransomware cyber attack cost the National Health Service almost £100m and led to the cancellation of 19,000 appointments, the Department of Health has revealed. The NHS wasn't specifically targeted by the global ransomware attack, but a significant number of hospitals and GP surgeries fell victim to the outbreak which took advantage of a leaked NSA hacking tool to self spread itself across vulnerable Windows systems. A patch to protect against the EternalBlue vulnerability was released prior to the WannaCry outbreak, but despite warnings, a number of NHS Trusts hadn't applied the update. Because of this, one third of NHS hospital trusts and around eight percent of GP practices found their IT systems disrupted by WannaCry ransomware, which left PCs encrypted and unusable, causing significant disruption to patients and care. Now, almost 18 months on from the incident, the Department of Health has attempted to calculate the financial cost of WannaCry and puts the total figure at £92m.

Wired
October 11, 2018
This is the story of how the US finally achieved some leverage over China to bring a stop to more than a decade of rampant cybertheft, how a Canadian couple became bargaining chips in China’s desperate countermove, and how the game ended happily—only to start up again in recent months with more rancor and new players.

CyberScoop
October 11, 2018
New research provides evidence linking some of the most impactful cybersecurity incidents on record – the 2015 and 2016 attacks on the Ukrainian power grid and the 2017 NotPetya malware outbreak – to the same set of hackers that Western governments have linked to the Russian government. Researchers from cybersecurity company ESET say they have laid out the first concrete, public evidence of those ties, citing a pattern of “backdoors” —  or tools for remote access  — used by the hackers. In April, ESET researchers found that the group, which they dub TeleBots, was trying to set up a new backdoor. ESET says this backdoor, known as Win32/Exaramel, is an “improved version” of the “Industroyer” backdoor used in the 2016 attack on the Ukrainian power sector, which knocked out at electrical substation outside of Kiev. The 2015 attack on the Ukrainian grid, using the group’s custom BlackEnergy malware, cut power for some 225,000 people. The group is also referred to as “Sandworm” by other cybersecurity firms.

BBC
October 10, 2018
A Cumbrian council has said it will "never know" whether it was the target of a cyber attack because it is host to the Sellafield nuclear waste plant. Copeland Borough Council has revealed that an attack on its systems in August 2017 has cost it about £2m. The hack locked staff out of a number of council services, including payroll, planning and environmental health. The authority said it had brought in experts to better protect the authority from any future attack. Copeland, Islington and Salisbury councils were all targeted in the Bank Holiday cyber attack, in which hackers demanded a bitcoin ransom to regain access to encrypted files. No sensitive data was taken. Some processes were not restored until February this year.

ZDNet
October 10, 2018
A 25-year-old Italian man pleaded guilty this week for defacing NASA websites and 60 other Italian government sites back in 2013. The suspect, identified only by his initials of Z.R., was a member of the "Master Italian Hackers Team" that claimed responsibility for the hacks at the time on social media. Italian police say they tracked down the suspect after he boasted on social media about being part of the group and participating in the hacks. "The young man turned out to be one of the leaders," said Italian State Police in a statement released on Monday. "The investigations led to a search that ended with the seizure of computer devices whose content allowed the police to acquire important clues to charge the man," State Police said. Investigators tracked down the suspect to the city of Salò in Italy's Brescia province.

Reuters
October 10, 2018
Vietnam is preparing to strictly enforce a new cybersecurity law requiring global technology companies to set up local offices and store data locally despite pleas from Facebook, Google and other firms, a government document showed. Vietnamese lawmakers approved the new law in June overriding strong objections from the business community, rights groups and Western governments including the United States, who said the measure would undermine economic development, digital innovation and further stifle political dissent. Alphabet Inc’s Google, Facebook and other big technology companies had hoped a draft decree on how the law would be implemented would soften provisions they find most objectionable. But the document seen by Reuters indicates those hopes are unlikely to materialize, potentially setting up a showdown over whether the companies will ultimately comply with the law or pull out of the country.

Reuters
October 8, 2018
Russia has carried out cyber attacks on Latvia's foreign and defense apparatus and other state institutions, a Latvian intelligence agency said on Monday. Russia's military intelligence agency (GRU) has tried to access information by e-mail phishing attacks against government computers in "recent years", Latvia's Constitution Protection Bureau said. "The cyber attacks in Latvia were carried out by the GRU for espionage purposes, and the most frequent attacks were directed against state institutions, including the foreign and defense sectors," it said in a statement. No attacks directed at influencing last weekend's parliamentary elections were detected, it said. Several Western countries issued coordinated denunciations of Russia last week for running what they described as a global hacking campaign, targeting institutions from sports anti-doping bodies to a nuclear power company and the chemical weapons watchdog.

The Times
October 7, 2018
Defence chiefs have war-gamed a massive cyber-strike to black out Moscow if Vladimir Putin launches a military attack on the West, after concluding that the only other way of hitting back would be to use nuclear weapons. Senior security sources have told The Sunday Times they are concerned that Britain has a capability gap that has left commanders with too few weapons to meet Kremlin aggression short of firing a Trident nuclear missile. Planning exercises on the threat posed by Russia have left officials “ashen-faced” at the speed with which confrontation with Moscow could escalate.


TECHNOLOGY

Gov Info Security
October 12, 2018
Since the end of last year, cryptojacking - the hidden mining of virtual currencies - has been a focus for many online attackers, usurping the dominance of ransomware attacks. Blame the explosion in cryptocurrencies' value at the end of 2017, after which many cybercriminals came calling. As they shifted their focus, the growth in banking Trojan and ransomware attacks slowed, although both continue. Cryptojacking attacks are continuing to to rise, says Europol, the EU's law enforcement intelligence agency. Such illicit cryptomining involves attackers exploiting computer users' bandwidth and processing power to "mine" for cryptocurrency, solving mathematical problems that build the cryptocurrency's blockchain. In return, participants can receive cryptocurrency as a reward.

Nextgov
October 10, 2018
As cyberattacks and data breaches make Social Security numbers increasingly insecure, the government needs to explore new ways to verify people’s identities, according to a recent report. “This nine-digit number has become the core credential for government and commercial purposes—things for which it was never designed,” cybersecurity researchers at McAfee and the Center for Strategic and International Studies wrote in a report published Wednesday. “The [Social Security number] faces significant problems as an identifier, and after 80 years, it is time to modernize it.” In 2015, experts estimated between 60 and 80 percent of Social Security numbers had at some point been stolen by hackers, and that was before the massive breach at Equifax exposed information on 143 million Americans last year. As a result, for most people, the number “is no longer a secret,” researchers said. Still, the government needs some mechanism to authenticate identity and connect records to a specific individual, they said. Instead of exploring brand new authentication system, researchers argued for modernizing the Social Security number to make it harder to steal and easier to secure if it does get compromised. They concluded creating a “smart” Social Security card would be the best strategy.


by Nick Leiserson






Official Corruption Prosecutions Drop Under Trump

“The latest available data from the Justice Department show that federal prosecutions for official corruption have dropped sharply. During the first eleven months of FY 2018 the government reported 340 new official corruption prosecutions. If this activity continues at the same pace, the annual total of prosecutions will be down 23.5% over the past fiscal year.  Theft or bribery in programs receiving federal funds under Title 18 U.S.C. Section 666 was the most frequent recorded lead charge. The single largest number of prosecutions of these matters through August 2018 was for corruption of local government officials. These accounted for about one-third (32.9%) of all prosecutions. The comparisons of the number of defendants charged with official corruption offenses are based on case-by-case information obtained and analyzed by the Transactional Records Access Clearinghouse (TRAC) at Syracuse University. View the full report here: http://trac.syr.edu/tracreports/crim/532/.”

  1. 'Bad decision': NSW Labor MP sorry for linking Twitter followers to KKK leader's website

    NSW Labor MLC Shaoquett Moselmane says his decision to link Twitter followers to a story on the website of a former Ku Klux Klan leader was "a bad mistake".