Thursday, January 17, 2019

The Elite Intel Team Still Fighting Meltdown and Spectre



The Day Mainstream Culture Died


Jared Marcel Pollen: No taste is triumphant anymore. This is to say that the mainstream is itself in peril as much as the domination of any narrative art within it. Indeed, the very notion of a mainstream seems to be perishing in overproduction and disaffection with the cultural gatekeepers. – 3AM Magazine



Bipartisan bill seeks to toughen Trump approach on China
Politico
January 4, 2019
A bipartisan pair of Senate lawmakers proposed legislation on Friday to compel the Trump administration to take a stronger stance against digital and technological threats from countries such as China. The bill from Sen. Mark Warner (D-Va.), the top Democrat on the Senate Intelligence Committee, and Sen. Marco Rubio (R-Fla.), who also serves on the panel, is the latest sign of growing, bipartisan unease with President Donald Trump's attitude toward China and worries that national security concerns will be given short shrift as the White House pursues a trade deal with Beijing. Those fears grew last month when Trump suggested that he might use the case of Meng Wanzhou, the CFO of Chinese tech giant Huawei who was arrested in Vancouver for violating US sanctions on Iran, as a bargaining chip in negotiations. “It is clear that China is determined to use every tool in its arsenal to surpass the United States technologically and dominate us economically," Warner, a former tech executive, said in a statement. "We need a whole-of-government technology strategy to protect U.S. competitiveness in emerging and dual-use technologies and address the Chinese threat by combating technology transfer from the United States."


China offers NASA use of moon mission probeSydney Morning Herald (Kevin W)
  WELL, GOOD: Tax Refunds Will Be Paid During Shutdown, White House Says. “New policy meant to ‘mitigate the impact’ of shutdown, Vice President Mike Pence says  

Nextgov
January 4, 2019
Less than two months after the Senate failed to take up the Federal CIO Authorization Act, the bipartisan bill’s cosponsors reintroduced it to the House Friday. Sponsored by Reps. Robin Kelly, D-Ill. and Will Hurd, R-Texas, the bill is unchanged from the version that passed the House unanimously on Nov. 30 but died in the Senate. The legislation’s main intent is to elevate the authority of the federal chief information officer by moving the position to a direct report to the Office of Management and Budget director. It would also codify the federal CIO and federal chief information security officer position as presidentially appointed positions. The federal CIO would oversee the federal CISO.

FCW
The funding bill introduced by House Democrats to end the shutdown zeroes out a popular program among the federal IT community: the Technology Modernization Fund. Authorized via the Modernizing Government Act, the TMF was authorized for up to $250 million in each of fiscal years 2018 and 2019, ultimately receiving $100 million this past year. The new House measure would not allocate money for the TMF. The House bill doesn't appear to be going anywhere, however. A White House policy statement released Jan. 3 announced that President Donald Trump would veto the measure if passed by Congress. Senate Majority Leader Mitch McConnell (R-Ky.) has said he would not advance a bill that Trump wouldn't sign. Still, it's possible that the TMF funding, a tiny sidelight in a massive appropriations bill, could remain unfunded as a legislative compromise advances. "It's disappointing to see new Democratic leadership zero out something that" with popularity across the political spectrum, said Mike Hettinger, a former Hill staffer and currently a lobbyist specializing in procurement and IT issues. "I think year two funding of this program is essential to the program's success."

CyberScoop
January 3, 2019
House Democrats will include proposed cybersecurity measures in a massive bill due to be unveiled Friday as Congress begins a new session. The bill, H.R. 1, includes an array of legislation, such as a plan to force all presidential nominees to disclose their tax returns, new campaign finance rules and changes to sexual harassment law. Cybersecurity also is a major component, as reports indicate H.R. 1 will repurpose much of the language from the Elections Security Act, proposed last year by Rep. Bennie Thompson, D-Miss. H.R. 1, known as the “For the People Act,” also would require states to replace paperless voting systems, create grants to help states audit their election results, and force election system vendors to report data breaches, according to the Brennan Center.


ADMINISTRATION

Gov Info Security
January 2, 2019
With the aim of helping healthcare entities of all sizes improve their cybersecurity, the Department of Health and Human Services has issued a four-volume publication of voluntary best practices. The authors of the publication note that the document "does not create new frameworks, rewrite specifications, or 'reinvent the wheel.' We felt that the best approach to 'moving the cybersecurity needle' was to leverage the NIST Cybersecurity Framework, introducing the framework's terms to start educating health sector professionals on an important and generally accepted language of cybersecurity and answering the prevailing question: 'Where do I start, and how do I adopt certain cybersecurity practices?'" The goal of the guidance is to aid healthcare entities - regardless of their current level of cyber sophistication - in bolstering their preparedness to deal with the ever-evolving cyber threat landscape.

The Hill
January 2, 2019
Former Obama homeland security adviser Lisa Monaco in a new interview speaks critically of the Trump administration’s place on the global stage in defeating cyber threats. Monaco told former CIA Director Michael Morrell in an interview for CBS News’s “Intelligence Matters” podcast that aired Wednesday that she would like the U.S. under President Trump to be involved in more multilateral agreements to establish norms in cyberspace, rather than just deals with one country at a time. “I think that the focus on bilateral, to the exclusion of multilateral, agreements in the cyber realm to try and establish norms of behavior is something that is a departure from past approaches and past administrations, again, crossing the political spectrum,” Monaco said. She added that it “should not be a partisan issue,” but acknowledged that there is a place for some bilateral cyber agreements, like the 2015 deal between former President Obama and China's President Xi Jinping aimed at curbing Chinese economic espionage.

AP
Georgia’s outdated election system has drawn criticism from cybersecurity experts and voting integrity advocates, and now a commission tasked with examining potential replacements is preparing to make recommendations to lawmakers. The paperless system was closely scrutinized during last year’s nationally watched gubernatorial race between Democrat Stacey Abrams and Republican Brian Kemp, who was Georgia’s secretary of state and chief elections official. Abrams and her allies accused Kemp of suppressing minority votes and mismanaging the election, including by neglecting elections infrastructure. Kemp, now governor-elect, has vehemently denied those allegations. Cybersecurity experts have warned that the touchscreen voting machines Georgia has used since 2002 are unreliable and vulnerable to hacking, and provide no way to do an audit or confirm that votes have been recorded correctly because there’s no paper trail.

Politico
December 31, 2018
Hours before a 2016 leak of some of the National Security Agency’s most closely guarded hacking tools, a former NSA contractor sent a cryptic Twitter message that prompted alarm on the part of federal investigators, a federal judge has revealed. Messages that the former NSA computer security specialist, Hal Martin, sent via Twitter appear to have led to an FBI raid on his Maryland home and to his arrest on charges of retaining a vast trove of classified information there without permission, according to a newly released court ruling. Passages in the decision from U.S. District Court Judge Richard Bennett were deleted from a version made public by the court, but the remaining details suggest that investigators believed Martin was offering sensitive information to someone online shortly before a nebulous internet-based entity, the Shadow Brokers, released NSA hacking tools in August 2016 through the attention-grabbing technique of an online auction.

StateScoop
December 31, 2018
Among the first items the North Dakota legislature will consider when it convenes Thursday is a radical overhaul of the state’s information technology budget, proposed earlier this year by the state’s top technology officials, to unify IT and cybersecurity polices for nearly every public institution across the state under a single agency. The proposal would give North Dakota an information technology structure unlike that of any other state. While it takes the relatively common step of consolidating all of the state government’s IT operations under a single office, the North Dakota Information Technology Department is also proposing it be responsible for managing cybersecurity operations across all of the state’s public entities, including local governments, schools, courts and the state legislature. If successful, the project would leave ITD with a broader security mission than any other statewide IT agency in the country. North Dakota’s universities and local governments manage their cybersecurity needs individually, though often with shortages of staff and resources, particularly at educational institutions. Moving cybersecurity under ITD, state officials argue, will bring unity and more rigorous governance to those efforts.


INDUSTRY

The New York Times
January 4, 2019
Marriott International said on Friday that the biggest hacking of personal information in history was not quite as big as first feared, but for the first time conceded that its Starwood hotel unit did not encrypt the passport numbers for roughly five million guests. Those passport numbers were lost in an attack that many outside experts believe was carried out by Chinese intelligence agencies. When the attack was first revealed by Marriott at the end of November, it said that information on upward of 500 million guests may have been stolen, all from the reservations database of Starwood, a major hotel chain Marriot had acquired. But at the time, the company said that the figure was a worst-case scenario because it included millions of duplicate records. On Friday the firm said that teams of forensic and data analysts had identified “approximately 383 million records as the upper limit” for the total number of guest reservations records lost, though the company still says it has no idea who carried out the attack, and it suggested the figure would decline over time as more duplicate records are identified.

CBS
January 3, 2019
As Americans become increasingly connected to the virtual world through phones, computers and smart appliances, vital utilities like power and water grids, are also going digital. A massive power plant near Niagara Falls, New York, is upgrading its systems with artificial intelligence in a move that's raising concerns among some security experts about the dangers from hackers. New York state's largest power plant harnesses the awesome energy of the Niagara River and now the New York Power Authority– or NYPA – is connecting that plant and miles of transmission lines with tens of thousands of sensors that can essentially "think," reports CBS News correspondent Errol Barnett. "So if there are anomalies or if the temperature is outside the range of design, these sensors will communicate automatically to our integrated smart operations center," explained Gil Quiniones, president and CEO of the NYPA. The A.I. network reaches statewide, warning not only of problems on the grid but predicting where unscheduled maintenance is needed. The aim is to lower costs and pass savings on to customers, with all data processed and verified by computer engineers. But with those improvements comes an increase in potential risk from cyberattacks.  "We have to think about cyber at every step of the process. We have to incorporate cyber defenses in every step of the software and hardware that we're putting together," Quiniones said.

Wired
January 3, 2019
A year ago today, Intel coordinated with a web of academic and independent researchers to disclose a pair of security vulnerabilities with unprecedented impact. Since then, a core Intel hacking team has worked to help clean up the mess—by creating attacks of their own. Known as Spectre and Meltdown, the two original flaws—both related to weaknesses in how processors manage data to maximize efficiency—not only affected generations of products that use chips from leading manufacturers like Intel, AMD, and ARM, but offered no ready fix. The software stopgaps Intel and others did roll out caused a slew of performance issues. On top of all of this, Meltdown and particularly Spectre revealed fundamental security weaknesses in how chips have been designed for over two decades. Throughout 2018, researchers inside and outside Intel continued to find exploitable weaknesses related to this class of "speculative execution" vulnerabilities. Fixing many of them takes not just software patches, but conceptually rethinking how processors are made. At the center of these efforts for Intel is STORM, the company's strategic offensive research and mitigation group, a team of hackers from around the world tasked with heading off next-generation security threats. Reacting to speculative execution vulnerabilities in particular has taken extensive collaboration among product development teams, legacy architecture groups, outreach and communications departments to coordinate response, and security-focused research groups at Intel. STORM has been at the heart of the technical side.

Reuters
January 3, 2019
A cyber security researcher canceled a hacking conference briefing on how he said he could crack biometric facial recognition on Apple Inc iPhones, at the request of his employer, which called the work “misleading.” The prospect that Face ID could be defeated is troubling because it is used to lock down functions on tens of millions of iPhones from banking and healthcare apps to emails, text messages and photos. There is a one in 1 million chance a random person could unlock a Face ID, versus one in 50,000 chance that would happen with the iPhone’s fingerprint sensor, according to Apple. Face ID has proven more secure than its predecessor, Touch ID, which uses fingerprint sensors to unlock iPhones. Touch ID was defeated within a few days of its 2013 launch. China-based researcher Wish Wu was scheduled to present a talk entitled “Bypass Strong Face ID: Everyone Can Deceive Depth and IR Camera and Algorithms” at the Black Hat Asia hacking conference in Singapore in March. Wu told Reuters that his employer, Ant Financial, asked him to withdraw the talk from Black Hat, one of the largest and most prestigious organizers of hacking conferences.

CyberScoop
December 31, 2018
It’s too soon to tell whether North Korean hackers were responsible for a cyberattack that prevented multiple major U.S. newspapers from delivering weekend editions on time. The attack last week against the Tribune Company disrupted printing operations at papers including the Los Angeles Times, the San Diego Union-Tribune, the New York Times and the Wall Street Journal. Several sources told the Los Angeles Times the attack appeared to be caused by Ryuk, a type of ransomware with low technical capabilities. Ryuk  has infected hundreds of computers at multiple companies, according to researchers from security vendor Check Point. While Ryuk shares attributes with the Hermes malware, which is often attributed to suspected North Korean hackers known as the Lazarus Group, researchers say that doesn’t mean Pyongyang has launched a digital assault against U.S. press institutions. “The style of this attack fits the pattern of a lot of different groups at this point,” Robert M. Lee, CEO of the industrial cybersecurity company Dragos, told CyberScoop in an email. “This complicates the attribution claims of course and at this point any claims of attribution simply are too early.”

The Los Angeles Times
December 29, 2018
What first arose as a server outage was identified Saturday as a malware attack, which appears to have originated from outside the United States and hobbled computer systems and delayed weekend deliveries of the Los Angeles Times and other newspapers across the country. Technology teams worked feverishly to quarantine the computer virus, but it spread through Tribune Publishing’s network and reinfected systems crucial to the news production and printing process. Multiple newspapers around the country were affected because they share a production platform. The attack delayed distribution of Saturday editions of the Los Angeles Times and San Diego Union Tribune. It also stymied distribution of the West Coast editions of the Wall Street Journal and New York Times, which are printed at the Los Angeles Times’ Olympic printing plant in downtown Los Angeles.


INTERNATIONAL

The New York Times
January 4, 2019
After hackers, later determined to be working for Russia, broke into Parliament’s main computer network three years ago, the government vowed to fortify its cybersecurity. The authorities schooled lawmakers about changing passwords, using two-step identification and other measures to protect online data. But on Friday, nearly 1,000 lawmakers and other prominent Germans, including rappers, journalists and internet personalities, awoke to find links to their street and email addresses, private chats from social media, bank account details and pictures of their children published on Twitter, in another major breach aimed at the country’s political establishment. All those attacked had a history of criticizing the far right, whose politicians appeared to be spared, raising suspicion that the hacker or hackers were sympathetic to their agenda, though the authorities said they had no indication yet who was behind the attack.

Haaretz
January 4, 2019
If you enter the lobby of the Tel Aviv building that acts as its headquarters, you won’t find its name in the directory. You also won’t find a website for it because it doesn’t have one. Its 120 or so employees don’t post profiles on LinkedIn and sign strict confidentiality agreements. Inquiries by TheMarker elicited a polite but firm “no comment.” The company is known as Candiru, named after an Amazon fish known for its alleged tendency to invade and parasitize the human urethra. The name fits the company’s business, which is offensive cyber, the technology used to hack into computers or smartphones and spy on users. Offensive cyber is a big business in Israel, with industry sources saying it generates about $1 billion in sales a year. The biggest and most controversial of the players is NSO, which has been cited repeatedly for selling its equipment to countries like Saudi Arabia and Mexico that have used them to spy and crack down on dissidents.

ABC
January 3, 2019
Three hours north of Romania's capital city of Bucharest, into the mountains and rural towns of the eastern European country, lies the city of Ramnicu Valcea. It looks like an idyllic mountain oasis, but around the world it has a troubling nickname: “Hackerville.” “This is a town that had many different organized groups of hackers," Peter Traven, an FBI assistant legal attache at the U.S. embassy in Bucharest. "And then, also, potentially organized criminals that were basically profiting off of the skill set of these hackers based in Romania.” This city became a hotbed for cybercrime in the 1990s, and despite crackdowns by law enforcement, it gained a reputation as ground zero for hackers.

FT
January 1, 2019
The EU is looking to toughen scrutiny of potential security risks with Chinese technology companies in the wake of growing concerns about cyber theft and cyber espionage allegedly linked to Beijing. Brussels wants to step up efforts to map Chinese electronic infrastructure in the bloc, after pressure from Washington and growing unease in capitals from Berlin to Tokyo. “A number of like-minded countries are increasingly concerned about China’s behaviour in this [cyber]sphere,” said one western diplomat, who pointed to the importance of upcoming 5G mobile communications spectrum auctions in Europe. “EU countries, including Spain, Italy and Finland, held 5G auctions in 2018, with a clutch of others scheduled for 2019. The sales can raise billions of euros for government. We are urging everyone to avoid making any hasty moves they might regret later.” The US justice department charged two Chinese nationals late last month with conducting a global hacking campaign, on the heels of accusations that a group linked to the People’s Liberation Army had infiltrated the EU’s diplomatic communications system — an allegation that Beijing denies.

AFP
January 1, 2019
A law requiring internet companies in Vietnam to remove content communist authorities deem to be against the state came into effect Tuesday, in a move critics called "a totalitarian model of information control". The new cybersecurity law has received sharp criticism from the US, the EU and internet freedom advocates who say it mimics China's repressive censorship of the internet. The law requires internet companies to remove content the government regards as "toxic". Tech giants such as Facebook and Google will also have to hand over user data if asked by the government, and open representative offices in Vietnam. The communist country's powerful Ministry of Public Security (MPS) published a draft decree on how the law may be implemented in November, giving companies which offer internet service in Vietnam up to 12 months to comply. MPS has also said the bill was aimed at staving off cyber-attacks -- and weeding out "hostile and reactionary forces" using the internet to stir up violence and dissent, according to a transcript of a question-and-answer session with lawmakers in October.



TECHNOLOGY

ZDNet
January 2, 2019
A hacker duo claims to have hijacked thousands of internet-exposed Chromecasts, smart TVs, and Google Home devices to play a video urging users to subscribe to PewDiePie's YouTube channel. The main hacker behind this hacking campaign --codenamed CastHack-- is known online as TheHackerGiraffe. The hacker explained on Twitter that CastHack takes advantage of users who use incorrectly configured routers that have the UPnP (Universal Plug'n'Play) service enabled, service which forwards specific ports from the internal network on the Internet. The ports are 8008, 8009, and 8443, which are normally used by smart TVs, Chromecasts, and Google Home for various management functions. The devices expose these ports on internal networks, where users can send commands from their smartphones or computers to the devices for remote management purposes. But routers with incorrectly configured UPnP settings are making these ports available on the internet. This allowed FriendlyH4xx0r to set up a script that scans the entire internet for devices with these ports exposed. Once devices are identified, the hacker said another script renames the devices to "HACKED_SUB2PEWDS_#" and then tries to autoplay a video.

CyberScoop
December 30, 2018
BGP security is going global. International agencies including the U.S. Department of Homeland Security, the National Science Foundation, the European Research Council and others are funding the Automatic and Real-Time dEtection and Mitigation System (ARTEMIS), in an effort to stop hackers from rerouting internet traffic through malicious networks. Border Gateway Protocol hijacking occurs when attackers redirect web traffic away from its intended destination and instead send those connections somewhere else. Perhaps the best known example of BGP hijacking occurred in November when millions of IP addresses aimed at Google were instead sent to a state-controlled telecom in China, apparently by accident. The issue has become more urgent since nation-state hackers and criminal groups started to utilize this technique for their own gain, Rob Joyce, a senior adviser at the U.S. National Security agency, said in December. ARTEMIS is seeking to resolve this problem with the release of an open-source software tool that aims to detect and stop BGP attacks within one minute. The group also received funding from a grant from the RIPE Network Coordination Centre, which works as the internet registry for Europe, West Asia and former Soviet states.