Wednesday, January 16, 2019

Dem senator presses IRS on cyber risks for taxpayers during shutdown

"It is difficult to get a man to understand something when his salary depends upon his not understanding it.”
~ Upton Sinclair via ABC:
Indeedy,
Soooo true:
"at least equally with communism, lies the threat to capitalism"

The Moth: Kathryn Bendall - a fear of flying - Comrade from Hunters Hill ;-)  -
Senior Trump official pens anonymous essay saying ‘wasteful government agencies’ are BETTER OFF without furloughed workers who are lazy and unaccountable – and should never be allowed back. “For government employees seeking to implement the president’s policy priorities, the person claimed their time is often wasted preventing so-called deep state actors from derailing the administration’s political agenda.”





The Hill


January 11, 2019


Sen. Ron Wyden (D-Ore.) on Friday pressed the Treasury Department and IRS about possible cyber risks facing taxpayers, questioning whether the threat of identity theft is increasing amid the partial government shutdown. Wyden, a member of the Senate Intelligence Committee, sent a letter to Treasury Secretary Steven Mnuchin and IRS Commissioner Charles Rettig asking them about what impact the shutdown is having on their operations and if there are any cyber implications. "Is there increased risk of taxpayer ID theft if lRS tries to maintain normal operations during a shutdown?" Wyden, who's also the ranking member of the Senate Finance Committee, asked in the letter. "For example, if IRS is working with a skeleton staff as a result of the shutdown, is there an elevated risk that cyber criminals filing fraudulent returns with stolen taxpayer identities will be able to steal taxpayers' refunds? Will IRS be able to detect, let alone thwart, these fraudulent attempts?" The letter comes amid a shutdown that is now in its 21st day, tying it for the longest in U.S. history.



Nextgov

January 7, 2019

The sweeping government reform legislation proposed Thursday by House Democrats would provide states with federal funding to improve their election infrastructure and support bug bounty programs to improve election cybersecurity. One of first bills of the 116th Congress, the For the People Act would also charge the Homeland Security Department with sharing information about election threats with state officials and test the security of voting systems nine months before every federal election. The legislation, introduced by House Speaker Nancy Pelosi, D-Calif., and Rep. John Sarbanes, D-Md., would mandate many of the key election security measures lawmakers have spent the last two years advocating. Previous attempts to lock down voting infrastructure were mired by legal hair-splitting and funding concerns, despite generally bipartisan support. Under the House bill, states would receive federal subsidies to improve election infrastructure, invest in paper ballot systems and audit elections after the fact. The federal government would also fund efforts to explore innovative infrastructure changes. Homeland Security would be required to create a commission to defend “U.S. democratic institutions” against foreign threats and keep election systems designated as critical infrastructure. Most of the provisions are derived from the Election Security Act, which House Homeland Security Committee Chairman Bennie Thompson, D-Miss., introduced last year.



ADMINISTRATION



Nextgov

January 11, 2019

More than 250 cybersecurity vulnerabilities, some more than a decade old, remain unaddressed in the Defense Department’s networks, according to an internal watchdog. Still, auditors found the agency has made significant strides in locking down its tech infrastructure. The Defense Department Inspector General found the Pentagon had yet to correct 266 cyber vulnerabilities highlighted in numerous watchdog reports between July 2017 and June 2018. Some of the issues were identified long ago—two dated back to 2008—but the majority were only discovered in the last year, which auditors acknowledge had given the agency little time to fix them. Most of the vulnerabilities revolved around the agency’s approach to identifying potential gaps in its cyber posture and proactively defending against those threats. Auditors specifically found many shortcomings related to cyber governance, or the policies and practices that help officials monitor risk.



Gov Info Security

January 11, 2019

There's a stark message on the front page of the U.S. National Institute of Standards and Technology's website: "NOTICE: Due to a lapse in federal funding, most of this website is not available." The warning points to the continuing standoff between President Donald Trump and Congress over the $5.7 billion he wants to fund a fortified border wall with Mexico. Trump says he won't sign a spending bill for fiscal 2019 that would reopen the government that lacks the funding he wants for the wall. Building the wall was one of his key campaign promises that attracted voters worried about illegal immigration. The government shutdown, which started on Dec. 21, 2018, is affecting as many as 800,000 federal workers, some of whom are continuing to work without pay. With the Democrats in control of the House of Representatives and neither party showing signs of budging, it's unclear how the standoff will be resolved.



AP


After Georgia's 2018 elections focused stinging criticism on the state's outdated election system, a study commission voted Thursday to recommend the use of machines that record votes and print a record. Members of the panel tasked with considering a potential replacement chose that option over hand-marked paper ballots favored by cybersecurity experts. The Secure, Accessible and Fair Elections, or SAFE, Commission voted 13-3 for a draft of a report to be sent to lawmakers, who are expected to decide on criteria for a new system during the legislative session that begins Monday. The commission includes lawmakers, political party representatives, voters and election officials. Georgia's paperless touchscreen voting machines, in use since 2002, have been widely criticized. Cybersecurity experts have warned they are unreliable and vulnerable to hacking. There's also no way to do an effective audit or confirm votes are recorded correctly because there's no paper trail.



CyberScoop

January 9, 2019

Recruiting people to work in the federal government, especially in cybersecurity, has been a challenge for as long as the term “cybersecurity” has existed. It’s why the government created vehicles like the CyberCorps: Scholarship for Service. If you are a college student who would like to devote your skills to the government, the United States will cut you a check — probably in the five-figure range — to study up on whatever tech-based track you’d like. In return, you’re obligated to work for Uncle Sam for the length of the scholarship issued, up to four years. In an ideal setting, this arrangement seems fair. Yet, clearly, when it comes to the government, these are not ideal times. The government shutdown has exacerbated this already fraught issue, with essential cybersecurity personnel at agencies like the Department of Homeland Security and National Institute of Standards and Technology either legally unable to continue working or forced to put projects on hold. That stagnation was on display for the latest crop of CyberCorps students, who earlier this week tucked themselves into the Gaylord National Hotel in National Harbor, Maryland for the program’s career fair. On Tuesday, the convention floor was littered with empty tables, as representatives from various agencies were unable to attend due to the government shutdown.



BBC

January 9, 2019

They still don’t know where it came from. But when it hit, the Alaskan borough of Matanuska-Susitna was knocked for six. Malware rapidly spread across the borough’s computer networks, disrupting a bewildering array of services. Hundreds of employees found themselves locked out of their work stations. Staff at local libraries received urgent phone calls telling them to quickly turn off all the public PCs. The animal shelter lost access to data on medications required by its furry residents. It didn’t stop there. An online booking system for swimming lessons went down, leaving people to queue up in person. One borough office had to switch to electronic typewriters temporarily. And Helen Munoz, an 87-year-old woman who has been campaigning for a better sewer system in the area, got an unexpected response to one of her regular calls to local administrators. “Our computers are down,” she was told. She threw her hands up in disgust. “The cyber-attack, God help us, just about stopped everything, you know,” Munoz says. “In fact, the borough still isn’t squared away with their computers.”



CyberScoop

January 9, 2019

A survey of 26 countries has found that Americans are among the most likely to expect a cyberattack to occur on assets like public infrastructure and national security data. Roughly eight in 10 Americans said it is either “very” or “somewhat likely” that national-security data will be breached (82 percent), public infrastructure will be damaged (83 percent), or elections will be tampered with (78 percent) via hacking, according to data published Wednesday by the Pew Research Center. Those were among the highest percentages of any respondents, indicating a growing acceptance among Americans that sensitive data breaches are a part of life. The answers also came through a partisan filter: 82 percent of U.S. Democrats said cyberattacks on elections infrastructure were likely, compared with 66 percent of Republicans.



FCW


The ongoing government shutdown comes at a sensitive time for the nascent Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security. The new DHS component, built out of the National Protection and Programs Directorate into CISA, was looking to spend much of 2019 in transition mode as part of its CISA 2020 plan, but because of an ongoing lapse in appropriations, just 56 percent of the workforce is on the job. "Almost half of the [CISA] workforce is furloughed, and the rest are working without pay," said House Homeland Security Committee Chair Rep. Bennie Thompson (D-Miss.) in a Jan. 3 statement. "In all, 87 percent of the DHS workforce is reporting to work … without knowing when their next paycheck will come." According to shutdown guidance provided by DHS in December 2018, just over 2,000 of CISA's 3,531 staffers were designated as exempt from the shutdown. A substantial amount of work remains to be done to fully stand up the agency as it forges ahead on newer initiatives like the National Risk Management Center and the Supply Chain Security Task Force.



The Hill

January 7, 2019

The National Counterintelligence and Security Center (NCSC) on Monday launched a program aimed at helping U.S. companies protect themselves from cyber attacks or other threats from foreign nation-state actors. The NCSC, housed within the Office of the Director of National Intelligence (ODNI), is now sharing materials on how firms can guard themselves against threats to the supply chain — or components manufactured outside of the U.S. — spear-phishing campaigns and economic espionage, like the theft of intellectual property. “Make no mistake, American companies are squarely in the cross-hairs of well-financed nation-state actors, who are routinely breaching private sector networks, stealing proprietary data, and compromising supply chains,” NCSC Director William Evanina said in a statement. “The attacks are persistent, aggressive, and cost our nation jobs, economic advantage, and hundreds of billions of dollars," he continued.



ZDNet

January 5, 2019

The US National Security Agency will release a free reverse engineering tool at the upcoming RSA security conference that will be held at the start of March, in San Francisco. The software's name is GHIDRA and in technical terms, is a disassembler, a piece of software that breaks down executable files into assembly code that can then be analyzed by humans. The NSA developed GHIDRA at the start of the 2000s, and for the past few years, it's been sharing it with other US government agencies that have cyber teams who need to look at the inner workings of malware strains or suspicious software. GHIDRA's existence was never a state secret, but the rest of the world learned about it in March 2017 when WikiLeaks published Vault7, a collection of internal documentation files that were allegedly stolen from the CIA's internal network. Those documents showed that the CIA was one of the agencies that had access to the tool.



INDUSTRY



Reuters

January 10, 2019

A Massachusetts man was sentenced on Thursday to more than 10 years in prison for carrying out a cyberattack on a hospital on behalf of the hacking activist group Anonymous to protest the treatment of a teenager in a high-profile custody dispute. Martin Gottesfeld, 34, was sentenced by U.S. District Judge Nathaniel Gorton in Boston nearly three years after he was rescued from a disabled powerboat off the coast of Cuba by a Disney Cruise Line ship after fleeing the United States amid a federal investigation. A federal jury in August found him guilty of two counts, including conspiracy to damage protected computers related to cyberattacks he carried out in 2014 on Boston Children’s Hospital and another facility. “Make no mistake, your crime was contemptible, invidious and loathsome,” Gorton said.



GovInfoSecurity

January 10, 2019

Forty-three states have reached a settlement with Neiman Marcus over its 2013 data breach, one of several breaches from that period blamed on card-scraping malware. Under terms of the deal, the Dallas-based luxury department store chain must pay the states a total of $1.5 million, according to Texas Attorney General Ken Paxton. Neiman Marcus must also put in place security measures to protect plaintext cardholder data. Attorneys general in Connecticut and Illinois led the legal action against the retailer. Neiman Marcus revealed the breach in January 2014, just a few weeks after Target said malware scraped about 40 million of its customers' payment card details. The breaches marked a new era in which attackers unleashed determined, large-scale efforts aimed at stealing payment card details.



Financial Times

January 9, 2019

Mondelez, the US food company that owns the Oreo and Cadbury brands, is suing its insurance company, Zurich, for refusing to pay out on a $100m claim for damage caused by the NotPetya cyber attack. The case will be the first serious legal dispute over how companies can recover the costs of a cyber attack, as insurance groups seek to tightly define their liabilities. “It’s a pretty big deal. I’ve never seen an insurance company take this position,” said Robert Stines, a cyber law specialist at the US law firm Freeborn. “It’s going to send ripples through the insurance industry. Major companies are going to rethink what’s in their policies.” The NotPetya attack in the summer of 2017 crippled the computer systems of companies around the world, including Merck, the pharmaceuticals company, Reckitt Benckiser, the consumer group, and Maersk, the world’s largest shipping group. It caused billions of dollars of damage and has been blamed by the US and the UK on Russian hackers attacking the Ukrainian government. The Kremlin has denied any involvement.



CyberScoop

January 9, 2019

Global hospitality chain Hyatt Hotels announced Wednesday that it’s launching a public bug bounty program through HackerOne, offering monetary prizes for security researchers to probe its websites and apps for leaky features and vulnerabilities that could be exploited by hackers. The company is now looking to crowdsource vulnerability testing from of a field of ethical hackers through HackerOne’s platform. Covered in the bug bounty program are the websites Hyatt.com, m.hyatt.com, world.hyatt.com and Hyatt’s Android and iOS apps. “At Hyatt, protecting guest and customer information is our top priority and launching this program represents an important step that furthers our goal of keeping our guests safe every day,” Benjamin Vaughn, Hyatt’s chief information security officer, in a press release.



Reuters

January 7, 2019

The U.S. Supreme Court on Monday declined to hear Fiat Chrysler’s appeal in a class action lawsuit over allegations that its Jeeps and other trucks are vulnerable to hacking, one of the first legal cases involving automotive cyber security risks. The court’s action paves the way for an October trial in the litigation centering on the question of whether truck buyers can sue over hypothetical future injuries without having been actual victims of cyber security attacks on their vehicles. Fiat Chrysler has received widespread support from industry groups in the dispute. Three car owners from Illinois, Michigan and Missouri in 2015 sued the U.S. subsidiary of the Italian-controlled carmaker and Harman International Industries, a subsidiary of Samsung Electronics Co that manufactures the Uconnect infotainment system installed in various Ram, Dodge, Jeep and Chrysler trucks. According to the lawsuit, cyber criminals are able to gain access to the infotainment system, allowing them to take over safety-critical functions such as acceleration, braking, steering and ignition.



Ars Technica

January 7, 2019

The prices for James Bond-style hacks keep growing, especially for those that hijack iPhones and secure messaging apps. It's the latest sign that governments and police forces around the world are as eager as ever to exploit software that's becoming ever more difficult to compromise. On Monday, market-leading exploit broker Zerodium said it would pay up to $2 million for zero-click jailbreaks of Apple's iOS, $1.5 million for one-click iOS jailbreaks, and $1 million for exploits that take over secure messaging apps WhatsApp and iMessage. Previously, Zerodium was offering $1.5 million, $1 million, and $500,000 for the same types of exploits respectively. The steeper prices indicate not only that the demand for these exploits continues to grow, but also that reliably compromising these targets is becoming increasingly hard. "I think one conclusion is that targets are getting harder to exploit," Patrick Wardle, a former hacker for the National Security Agency and now a cofounder of Digital Security, told Ars. "But also another is that there is now a higher demand for exploits."



INTERNATIONAL



The New York Times

January 11, 2019

The Polish authorities arrested two people, including a Chinese employee of the telecommunications giant Huawei, and charged them with spying for Beijing, officials said on Friday, as the United States and its allies move to restrict the use of Chinese technology because of concerns that it is being used for espionage. The arrest of the Huawei employee is almost certain to escalate tensions between Western countries and China over the company, which the authorities in the United States have accused of acting as an arm of the Chinese government and making equipment designed for spying.



BBC

January 11, 2019

A British cyber criminal who carried out an attack so powerful it knocked a nation offline has been jailed. Daniel Kaye admitted attacking an African phone company - inadvertently crashing Liberia's internet - in 2016. The 29-year-old remains at the heart of a major international investigation into hundreds of acts of cyber sabotage around the world. The National Crime Agency says Kaye is perhaps the most significant cyber criminal yet caught in the UK. Jailing Kaye for 32 months at Blackfriars Crown Court in London, Judge Alexander Milne QC said Kaye had committed a "cynical" financial crime.



The Wall Street Journal

January 10, 2019

One morning in March 2017, Mike Vitello’s work phone lighted up. Customers wanted to know about an odd email they had just received. What was the agreement he wanted signed? Where was the attachment? Mr. Vitello had no idea what they were talking about. The Oregon construction company where he works, All-Ways Excavating USA, checked it out. The email was bogus, they told Mr. Vitello’s contacts. Ignore it. Then, a few months later, the U.S. Department of Homeland Security dispatched a team to examine the company’s computers. You’ve been attacked, a government agent told Mr. Vitello’s colleague, Dawn Cox. Maybe by Russians. They were trying to hack into the power grid. “They were intercepting my every email,” Mr. Vitello says. “What the hell? I’m nobody.” “It’s not you. It’s who you know,” says Ms. Cox. The cyberattack on the 15-person company near Salem, Ore., which works with utilities and government agencies, was an early thrust in the worst known hack by a foreign government into the nation’s electric grid. It set off so many alarms that U.S. officials took the unusual step in early 2018 of publicly blaming the Russian government. A reconstruction of the hack reveals a glaring vulnerability at the heart of the country’s electric system. Rather than strike the utilities head on, the hackers went after the system’s unprotected underbelly—hundreds of contractors and subcontractors like All-Ways who had no reason to be on high alert against foreign agents. From these tiny footholds, the hackers worked their way up the supply chain. Some experts believe two dozen or more utilities ultimately were breached.



FT

January 10, 2019

An inquiry has found that hackers resembling state-sponsored actors were responsible for the biggest cyber attack in Singapore’s history, which targeted the healthcare details of Prime Minister Lee Hsien Loong and accessed the data of a quarter of the population. A report published on Thursday described the hackers involved in last year’s attack as “skilled and sophisticated,” with characteristics matching “state-linked cyber attackers who conduct extended, carefully planned cyber campaigns, to steal information or disrupt operations”. The findings come as state-backed cyber crime across Asia Pacific proliferates and as Singapore has tried to ramp up its defence against digital attacks, most recently with a new cyber security act passed in February 2018. The attackers’ identity remains undisclosed. Singaporean officials have said they would not name suspects, citing national security concerns.



Ars Technica

January 10, 2019

Federal authorities and private researchers are alerting companies to a wave of domain hijacking attacks that use relatively novel techniques to compromise targets at an almost unprecedented scale. The attacks, which security firm FireEye said have been active since January 2017, use three different ways to manipulate the Domain Name System records that allow computers to find a company's computers on the Internet. By replacing the legitimate IP address for a domain such as example.com with a booby-trapped address, attackers can cause example.com to carry out a variety of malicious activities, including harvesting users' login credentials. The techniques detected by FireEye are particularly effective, because they allow attackers to obtain valid TLS certificates that prevent browsers from detecting the hijacking. “A large number of organizations has been affected by this pattern of DNS record manipulation and fraudulent SSL certificates,” FireEye researchers Muks Hirani, Sarah Jones, Ben Read wrote in a report published Thursday. “They include telecoms and ISP[s], government and sensitive commercial entities.” The campaign, they added, is occurring around the globe at “an almost unprecedented scale, with a high degree of success.” The researchers assessed with moderate confidence that the attackers had a link to Iran, based on IP addresses they’re using.



Wired

January 10, 2019

It was a treasure trove of information: nearly 20,000 emails and 8,000 attachments, sent by and to the Democratic National Committee (DNC), the body which runs the United States’ Democratic party, found its way into the hands of WikiLeaks and were unleashed on the world in late July 2016. The emails were siphoned off DNC servers over the course of a two-month period, but dated back to January 2015, and included private conversations that torpedoed the campaign of Democratic presidential nominee Hillary Clinton, and eventually helped elevate Donald Trump to the White House. It wasn’t just in the United States that the ramifications of this unprecedented leak of internal correspondence – which in July 2018 US special counsel Robert Mueller attributed to 12 members of the Russian military – were felt. Something seismic shifted underfoot. While nefarious nation states had been propping up or supporting campaigns aimed at promoting their goals in third countries for decades, this was the most overt attempt at changing the course of history in favour of a third party. And it worked. On November 8, 2016, around three hours after polls in Alaska closed and Donald Trump was declared president-elect, preparations for the European Parliamentary elections due in May 2019 changed. They changed because everything changed. There was a recognition across the European Union that preparations for its upcoming parliamentary elections needed to be stepped up – but the core principle of independence among the member states meant that only a certain amount of centralised planning could take place. Instead, each of the 27 member states expected to be part of the Union in May (Britain, of course, departs at the end of March, if all goes to plan) will take the lead in ensuring the sanctity of their vote, while the European Union will possibly oversee exercises stress-testing member states’ response.



CyberScoop

January 10, 2019

A criminal hacking group suspected of operating out of Russia has shifted tactics in recent months from wire fraud to targeting big organizations for ransomware payouts, according to new research. The change in tactics is exemplified by the infamous Ryuk ransomware, which cybersecurity company CrowdStrike said Thursday is being used by a subset of the Russian group to rake in $3.7 million since August. The trend in extorting bigger organizations “has been increasing in the last year and poses a significant challenge to enterprises and businesses,” Adam Meyers, vice president of intelligence at CrowdStrike, told CyberScoop. “We have observed numerous adversaries adopting this tactic and charging substantial fees to unlock data across the entire network.”



Politico

January 9, 2019

The 2016 arrest of a former National Security Agency contractor charged with a massive theft of classified data began with an unlikely source: a tip from a Russian cybersecurity firm that the U.S. government has called a threat to the country. Moscow-based Kaspersky Lab turned Harold T. Martin III in to the NSA after receiving strange Twitter messages in 2016 from an account linked to him, according to two people with knowledge of the investigation. They spoke with POLITICO on condition of anonymity because they’re not authorized to discuss the case. The company’s role in exposing Martin is a remarkable twist in an increasingly bizarre case that is believed to be the largest breach of classified material in U.S. history.



AP

January 9, 2019

Israel's internal security service said Wednesday it was prepared to thwart any foreign intervention in the upcoming elections, after its director warned such efforts were being made by a world power, with suspicions falling on Russia. The unusual Shin Bet statement followed a TV report that Shin Bet chief Nadav Argaman recently told a closed audience that a foreign country was trying to intervene in the April elections via hackers and cyber technology. "The Shin Bet would like to make clear that the state of Israel and the intelligence community have the tools and capabilities to identify, monitor and thwart foreign influence efforts, should there be any," it said. "The Israeli defense apparatus is able to guarantee democratic and free elections are held in Israel." Argaman did not say for whose benefit the alleged meddling was being done. Prime Minister Benjamin Netanyahu has grown closer to Russian President Vladimir Putin in recent years. However, Netanyahu is far ahead in the polls at the moment, and does not appear to need any outside help.



The New York Times

January 8, 2019

A 20-year-old German student took advantage of passwords as weak as “Iloveyou” and “1234” to hack into online accounts of hundreds of lawmakers and personalities whose political stances he disliked, officials revealed Tuesday, shaking Berlin’s political establishment and raising questions about data security in Europe’s leading economy. Working from his computer in his parents’ home, the young man used relatively simple techniques to hack into successive accounts, the authorities said. There, he stole the users’ personal information and published it through Twitter over the course of December. But it was not until late on Jan. 3 that an employee in the office of Andrea Nahles, leader of the center-left Social Democratic Party, finally noticed the hack and informed security officials, who then scrambled to track the source of the leaks.



The New York Times

January 6, 2019

The Trump administration has warned scientists doing biomedical research at American universities that they may be targets of Chinese spies trying to steal and exploit information from their laboratories. Scientists and universities receiving funds from the National Institutes of Health for cutting-edge research need to tighten their security procedures and take other precautions, said a panel of experts commissioned by the agency to investigate “foreign influences on research integrity.” “Unfortunately, some foreign governments have initiated systematic programs to unduly influence and capitalize on U.S.-conducted research, including that funded by N.I.H.,” the panel said in a report last month to the director of the N.I.H., Dr. Francis S. Collins.



AP

January 5, 2019

Germany's IT security agency on Saturday defended its response to the leaking of hundreds of politicians' private information, after lawmakers accused it of failing to inform them quickly enough. Politicians from several parties questioned why the Federal Office for Information Security, or BSI, didn't alert Parliament about the suspected hacking case when it first came to light in December. In a statement, the agency acknowledged it was approached by one lawmaker about suspicious activity on his private email and social media accounts in early December, but said it believed at the time his experience was a one-off case. "The BSI took this case very serious and took it up with the National Cyber Defense Center," the agency said in a statement, adding that it wasn't aware of the planned mass online leak of data that occurred Thursday via Twitter. "It was impossible to foresee at the start of December 2018 that there would be further cases," the BSI said.



TECHNOLOGY



ZDNet

January 9, 2019

A new penetration testing tool published at the start of the year by a security researcher can automate phishing attacks with an ease never seen before and can even blow through login operations for accounts protected by two-factor authentication (2FA). Named Modlishka --the English pronunciation of the Polish word for mantis-- this new tool was created by Polish researcher Piotr Duszyński. Modlishka is what IT professionals call a reverse proxy, but modified for handling traffic meant for login pages and phishing operations. It sits between a user and a target website --like Gmail, Yahoo, or ProtonMail. Phishing victims connect to the Modlishka server (hosting a phishing domain), and the reverse proxy component behind it makes requests to the site it wants to impersonate.



Wired

January 8, 2019

The promise of digital cryptocurrencies like bitcoin is that you don't need to trust the people to whom you send or receive money, because the software makes it technically impossible for anyone to cheat the system. Instead of relying on humans and their flawed judgment, you rely on the laws of mathematics. But a recent attack on the cryptocurrency Ethereum Classic—not to be confused with the original Ethereum project—shows once again how hard it is to remove human frailty from digital systems. Like other cryptocurrencies, Ethereum Classic relies on a decentralized ledger known as a blockchain created and shared by the machines that process transactions on the network. This ledger ensures that no one can spend their virtual tokens twice. Unless, that is, someone could take over at least 51 percent of the machines in the network. That's what appears to have happened last weekend.