Charmingly disgusting, Sarah Millican has us in the palm of her hand
£300,000 Margaret Thatcher statue needs plinth ‘to keep out vandals’ ITV
When ‘Former’ Spies Run Wild Bad Things Happen Moon of Alabama
Claims fly as Michael Cranston faces cross-examination
Record $1.3B methamphetamine haul intercepted
Police and lawyers talk often': force denies use of criminal solicitors as informants
Informer 3838 explosive revelation: Police registered informer 10 years earlier than they admitted, commissioner resigns
Explosive new information has revealed the defence barrister at the centre of the Informer 3838 scandal was registered as a police informer 10 years earlier than Victoria Police previously admitted, a development police blamed on an administrative "shortcoming".
Exclusive: Ex-NSA cyberspies reveal how they helped hack foes of UAE Reuters. That’s nice. Neera Tanden’s CAP took UAE money until last week (unless she simply converted them to anonymous donors).
Legendary New York newspaper columnists Pete
Hamill, left, and Jimmy Breslin.
(Courtesy: HBO/Brian Hamill) |
Newspaper rock stars
There was a time not
long ago when politicians didn’t run New York City. A couple of newspaper
columnists did.
HBO is profiling both in a terrific documentary about the lives, times and careers of legendary New York newspaper columnists Jimmy Breslin and Pete Hamill. The documentary “Breslin and Hamill: Deadline Artists’’ debuted Monday night, and will continue to air throughout February. Here’s a preview. And here’s more about the project. “Sometimes they were colleagues at the same paper,’’ said Jonathan Alter, who directed and produced the film along with John Block and Steve McCarthy. “Sometimes they were rivals. But they were always good friends.’’ What else were they? “These guys were like superstars,’’ filmmaker and lifelong New Yorker Spike Lee says in the documentary. “They were able to connect and that’s why people saw them as the voice of true New Yorkers.’’ The two wrote memorable columns about the Kennedy assassinations, the Son of Sam murders (Son of Sam is believed to have personally written Breslin during his murder spree), the Bernhard Goetz shooting, the AIDS crisis, the Central Park Jogger case and the 9/11 terrorist attacks. In addition, Breslin’s column after John Lennon was shot and killed is revered among journalists. The HBO film also features interviews with such famous people as Tom Wolfe, Gloria Steinem, Robert DeNiro, Shirley MacLaine, Andrew Cuomo and Garry Trudeau. You will also hear voice passages of stories written by Breslin and Hamill. Breslin died in 2017 at the age of 88. Hamill is 83 and lives in Brooklyn. The film is especially interesting to those who loved newspapers in their glory days, but it’s sad, too. As pointed out in the film, the New York Daily News, where Breslin and Hamill both worked at times, had 400 reporters and editors in 1988. By 2018, that number had dwindled to 45. “It’s like a drug.’’
Speaking of HBO, one
of the most dogged reporters in journalism will be featured tonight on the
network. Adam Schefter, who covers the NFL for ESPN, will be profiled on
“Real Sports With Bryant Gumbel.’’ No one breaks more NFL news than the
52-year-old Schefter.
“There are few things in life more satisfying than getting a big story,’’ Schefter said in this preview clip. “It’s like a drug. You become addicted to it.’’ In the story, Schefter relays what happens when so many people (he has more than 7.2 million Twitter followers) turn to him for breaking NFL news. “It’s a serious responsibility when there is that many people viewing,’’ Schefter said. “And there is that many people waiting for you to fall off the high wire.’’ Like the time he reported former Cowboys quarterback Tony Romo would miss the rest of the season with an injury, even though Cowboys coach, Jason Garrett, said the quarterback was “day to day’’ and Schefter’s colleagues were telling Schefter to walk back the story. Schefter did not and, as it turned out, Romo did miss the rest of the season. “There’s a certain sense of satisfaction that comes along in the end when, basically, you’re acquitted,’’ Schefter said. The show airs at 10 p.m. Eastern.
Politico
January 29,
2019
Foreign
adversaries are likely already planning to interfere in the 2020 U.S. election,
the nation's top intelligence official warned on Tuesday. In a worldwide threat
assessment to the Senate Intelligence Committee, Director of National
Intelligence Dan Coats wrote that competitors such as Russia, China and Iran
“probably already are looking to the 2020 U.S. elections as an opportunity to
advance their interests.” In his statement, he predicted that these countries
"will use online influence operations to try to weaken democratic
institutions, undermine U.S. alliances and partnerships and shape policy
outcomes in the United States and elsewhere." Furthermore, he said,
they'll "refine their capabilities and add new tactics as they learn from
each other’s experiences, suggesting the threat landscape could look very
different in 2020 and future elections." The assessment offered by Coats,
based on input from the entire U.S. intelligence community, predicts Russian
social media campaigns will focus on "aggravating" social and racial
tensions and striking back at anti-Kremlin politicians. Moscow may also seek to
spread disinformation, launch cyberattacks and manipulate data.
Nextgov
January 29,
2019
Unless
Congress consolidates authority over cyber issues, it won’t be able to move
fast enough to respond to the latest digital threats, according to one of
Capitol Hill’s top cyber advocates. Rep. Jim Langevin, D-R.I., on Tuesday
argued the current congressional committee structure hinders lawmakers’ ability
to bolster the country’s cyber posture. Because some 80 groups claim some
jurisdiction over cybersecurity, he said, it can take cyber legislation a
disproportionately long time to get put to a vote. With online threats evolving
every day, measures to fight back shouldn’t get gummed up in referrals and
reviews, he said. “We as a Congress are going to have to move with greater
agility to respond to the cybersecurity threats we face going forward, and we
can’t do it under the current construct,” Langevin said at the 2019 State of
the Net conference.
Politico
January 29,
2019
Warning
that the longest government shutdown in U.S. history may have opened the U.S.
up to new national security risks because of undetected cyberattacks,
Democratic lawmakers on Tuesday pressed the Trump administration to explain how
furloughs disrupted efforts to defend federal computer systems from hackers.
Six Senate Democrats sought answers from senior administration officials about
how the government will overcome delays in contracts with firms that safeguard
U.S. networks. They also worried that, during the shutdown, agencies weren't
able to quickly implement an emergency Department of Homeland Security order to
secure web traffic. The lawmakers also expressed alarm about the shutdown's
effect on the morale of federal cybersecurity workers, especially as Washington
struggles to compete with the private sector for top talent.
ADMINISTRATION
Federal
News Network
February 1,
2019
The Census
Bureau will join a growing number of agencies in offering a bug bounty program
as it ramps up security preparations for the 2020 population count. Atri
Kalluri, the head of the decennial information technology division, said Friday
that the agency recently completed “red team” testing, where staff playing the
role of malicious hackers added fraudulent responses in a copy of its 2018 field
test data. The exercise aims to test the accuracy of the Census Bureau’s
self-response quality assurance system, which is supposed to flag suspicious
incoming data. The Department of Homeland Security will coordinate with the
intelligence community and industry partners to launch census-specific threat
support “similar to what was provided during the recent elections,” Kalluri
said at the Census Program Management Review.
The
Security Ledger
February 1,
2019
In a 250
page regulatory filing, NERC fined undisclosed companies belonging to a
so-called “Regional Entity” $10 million for 127 violations of the Critical
Infrastructure Protection standards, the U.S.’s main cyber security standard
for critical infrastructure including the electric grid. Thirteen of the
violations listed were rated as a “serious risk” to the operation of the Bulk
Power System and 62 were rated a “moderate risk.” Together, the “collective
risk of the 127 violations posed a serious risk to the reliability of the (Bulk
Power System),” NERC wrote. The fines come as the U.S. intelligence community is
warning Congress of the growing risk of cyber attacks on the U.S. electric
grid. In testimony this week, Director of National Intelligence Dan Coats
specifically called out Russia’s use of cyber attacks to cause social
disruptions, citing that country’s campaign against Ukraine’s electric
infrastructure in 2015 and 2016. The extensively redacted document provides no
information on which companies were fined or where they are located, citing the
risk of cyber attack should their identity be known. Regional Entities account
for virtually all of the electricity supplied in the U.S.
ProPublica/The
Lexington Herald-Leader
In the
months after the 2016 elections, state election administrators spent millions
of dollars investigating and addressing the cyber intrusions that had
penetrated voting systems in dozens of states. Kentucky Secretary of State
Alison Lundergan Grimes emerged as one of the loudest voices calling for
improvements. In February 2017, at an elections conference dominated by talk of
cybersecurity, Grimes claimed to have found the perfect answer to the threat: A
small company called CyberScout, which she said would comb through Kentucky’s
voting systems, identify its vulnerabilities to hacking and propose solutions.
Three days later, Assistant Secretary of State Lindsay Hughes Thurston
submitted paperwork to give the company a no-bid two-year contract with the
State Board of Elections, or SBE, for $150,000 a year. She did not inform the
SBE — the agency that oversees the state’s voting systems — that she was doing
so. CyberScout’s CEO and his wife had given Grimes a total of $12,400 in
contributions over several elections, along with $4,000 to state Democratic
groups. (All of the donations fell within state limits.) Ultimately, the
contract went through — Grimes denies the contributions had any influence — and
CyberScout delivered little in the way of results, according to 15 election
officials interviewed for this article. CyberScout’s contract was not renewed
after the first stage expired in June.
Nextgov
February 1,
2019
The federal
government—so often derided for being behind the technical curve—is magnitudes
ahead of every other sector in at least one domain: email authentication and
security. Some 75 percent of the 5 billion email inboxes globally check
Domain-based Message Authentication Reporting and Conformance, or DMARC,
records to ensure that incoming emails are from a valid domain and not being
spoofed by a potential bad actor. Among government agencies, 80 percent are
using tools to publish DMARC records, putting government double-digits ahead of
every area of the private sector, according to a report released Friday from
email authentication vendor Valimail. The government’s implementation rate is
even more impressive when directly compared to other sectors, only two of which
topped 50 percent: Fortune 500 companies and U.S. tech companies worth more
than $1 billion. Valimail researchers pointed to a 2017 binding operational
directive issued by the Homeland Security Department as the main reason for
such a high adoption rate.
FCW
January 31,
2019
The Defense
Department's Joint Regional Security Stacks program is behind schedule,
undermanned, riddled with connectivity and security issues and needs to be shut
down -- at least for now, according to an internal Pentagon evaluation report
released Jan. 31. The Pentagon's CIO and the military branches "should
discontinue deploying JRSS's until the system demonstrates that it is capable
of helping network defenders to detect and respond to operationally realistic
cyber-attacks," the Director of Operational Test and Evaluation
(DOT&E) recommended. JRSS is part of major IT reform to reduce DOD's
vulnerabilities and access points. But the "difficulty inherent in
integrating disparate, complex commercial technologies into a functional system
of systems" along with "insufficient training" and
underdeveloped standard operating procedures have stalled progress, the report
found.
Bloomberg
January 30,
2019
Special
Counsel Robert Mueller told a federal judge that more than 1,000 confidential
files compiled in his case against hackers supported by a friend of Russian
President Vladimir Putin had somehow found their way onto the internet, where
the evidence was widely disseminated, in defiance of the judge’s order. The
revelation came in a filing involving Concord Management and Consulting LLC, a
firm controlled by Yevgeny Prigozhin, who runs a large catering business and is
known as “Putin’s chef.” Mueller’s team said Wednesday that “non-sensitive”
evidence that had been shared exclusively with Concord’s U.S. law firm, Reed
Smith LLP, ended up in an online file-sharing portal, apparently as a result of
a hacking operation targeting the law firm. “We’ve got access to the Special
Counsel Mueller’s probe database as we hacked Russian server with info from the
Russian troll case Concord LLC v. Mueller,” a posting from a newly created
Twitter account named @HackingRedstone said on Oct. 22, 2018, according to
Mueller’s filing. “You can view all the files Mueller had about the IRA and
Russian collusion. Enjoy the reading!” Eric Dubelier, Concord’s lawyer,
declined to comment on the filing.
Ars
Technica
On January
30, the US Department of Justice announced that it had partnered with the
Federal Bureau of Investigation and the Air Force Office of Special
Investigations to engage in a campaign to "map and further disrupt" a
botnet tied to North Korean intelligence activities detailed in an indictment
unsealed last September. Search warrants obtained by the FBI and AFOSI allowed
the agencies to essentially join the botnet, creating servers that mimicked the
beacons of the malware. "While the Joanap botnet was identified years ago
and can be defeated with antivirus software," said United States Attorney
Nick Hanna, "we identified numerous unprotected computers that hosted the
malware underlying the botnet. The search warrants and court orders announced
today as part of our efforts to eradicate this botnet are just one of the many
tools we will use to prevent cybercriminals from using botnets to stage
damaging computer intrusions.” Joanap is a remote access tool (RAT) identified
as part of "Hidden Cobra," the Department of Homeland Security
designator for the North Korean hacking operation also known as the Lazarus
Group. The same group has been tied to the WannaCry worm and the hacking of
Sony Motion Pictures. Joanap's spread dates back to 2009, when it was
distributed by Brambul, a Server Message Block (SMB) file-sharing protocol
worm. Joanap and Brambul were recovered from computers of the victims of the
campaigns listed in the indictment of Park Jin Hyok in September.
Federal
News Network
January 30,
2019
The Defense
Department said it’s considering new steps intended to help its lower-tier
suppliers tighten the cybersecurity of their IT systems, and may begin a new
regime of spot checks to ensure they’re meeting security regulations that now
apply to defense vendors and many of their subcontractors. The options under
consideration came from a new Pentagon task force that’s re-examining the
department’s contractual relationships with suppliers. Those may need to change
in order to better respond to data breach or ex-filtration incidents, said Dana
Deasey, the DoD chief information officer. At the end of 2017, the department
implemented a new contracting rule that requires its vendors to meet the
security controls in the National Institute of Standards and Technology’s
Special Publication 800-171. The new rules, designed to protect controlled,
unclassified information, also apply to subcontractors if they’re handling
“covered defense information” as part of the work.
Bloomberg
January 28,
2019
The U.S.
military’s cybersecurity capabilities aren’t advancing fast enough to stay
ahead of the “onslaught of multipronged” attacks envisioned by adversaries, the
Pentagon’s combat testing office is warning. Despite some progress in fending
off attacks staged by in-house “Red Teams,” the testing office said “we
estimate that the rate of these improvements is not outpacing the growing
capabilities of potential adversaries who continue to find new vulnerabilities
and techniques to counter fixes.” Automation and artificial intelligence are
beginning to “make profound changes to the cyber domain,” a threat that the
military hasn’t yet fully grasped how to counter, Robert Behler, the Defense
Department’s director of operational test and evaluation, said in his annual
assessment of cyber threats, which was obtained by Bloomberg News. The
evaluation, part of the testing office’s annual report that may be released as
early as this week, comes amid other critical appraisals of the military’s
ability to maintain and improves its defense against computer attacks.
Fifth
Domain
January 28,
2019
When
American soldiers train for a cyberattack on the battlefield, they often use
note cards. Although the U.S. military prides itself on being the best trained
fighting force in the world, some national security experts are concerned the
rudimentary training methods to simulate a cyberattack show the United States
is not prepared for future battles. “Cyber injects are often done via white
carding, which is the literal use of a note card intended to represent cyber
friction,” wrote Jennifer McArdle, a non-resident fellow at the Center for
Strategic and Budgetary Assessments, in a new paper. The document, titled
“Victory over and across domains: Training for tomorrow’s battlefield,"
was released Jan. 25. Pentagon officials, who have quietly monitored Russia’s
use of hybrid warfare in eastern Ukraine, envision a future fighting
environment where traditional land battles are combined with cyberattacks and
jammed radio frequencies. But McArdle identified gaps in how the American
military trains for this future combined warfare. “Training today is not
providing warfighters the kind of experience they need to fight in a complex
battle space,” McArdle told Fifth Domain.
INDUSTRY
Ars
Technica
February 1,
2019
The Firefox
browser will soon come with a new security feature that will detect and then
warn users when a third-party app is performing a Man-in-the-Middle (MitM)
attack by hijacking the user's HTTPS traffic. The new feature is expected to
land in Firefox 66, Firefox's current beta version, scheduled for an official
release in mid-March. The way this feature works is to show a visual error page
when, according to a Mozilla help page, "something on your system or
network is intercepting your connection and injecting certificates in a way
that is not trusted by Firefox." An error message that reads
"MOZILLA_PKIX_ERROR_MITM_DETECTED" will be shown whenever something
like the above happens. The most common situation where this error message may
appear is when users are running local software, such as antivirus products or
web-dev tools that replace legitimate website TLS certificates with their own
in order to scan for malware inside HTTPS traffic or to debug encrypted traffic.
CBS
February 1,
2019
An Illinois
couple said a hacker spoke to their baby through one of their Nest security
cameras and then later hurled obscenities at them, CBS station WBBM-TV reports.
Arjun Sud told the station he was outside his 7-month-old son's room Sunday
outside Chicago and he heard someone talking. "I was shocked to hear a
deep, manly voice talking," Sud said. "… My blood ran cold." Sud
told WBBM-TV he thought the voice was coming over the baby monitor by accident.
But it returned when he and his wife were downstairs. The voice was coming from
another of the many Nest cameras throughout the couple's Lake Barrington house.
"Asking me, you know, why I'm looking at him — because he saw obviously
that I was looking back — and continuing to taunt me," Sud said.
Gov Info
Security
January 31,
2019
Aerospace
giant Airbus says it suffered a hack attack leading to a data breach.
"Airbus SE detected a cyber incident on Airbus 'Commercial Aircraft
business' information systems, which resulted in unauthorized access to
data," the company says in a statement issued on Wednesday. "There is
no impact on Airbus' commercial operations." Airbus, the world's second
largest aviation and aeronautics business after Boeing, says it is continuing
to investigate the intrusion. The company is headquartered in Leiden,
Netherlands, although its main civilian airplane business is based near
Toulouse, France. The company's and manufacturing facilities are spread across
the EU - in France, Germany, Spain and the U.K. - with other facilities in
China and the United States. Airbus has 129,000 employees and reported 2017
revenue of €59 billion ($67.8 billion). The company's investigation continues.
"This incident is being thoroughly investigated by Airbus' experts who
have taken immediate and appropriate actions to reinforce existing security
measures and to mitigate its potential impact, as well as determining its
origins," the company says. So far, the aerospace giant says it doesn't
have a complete tally of all of the information that attackers might have
accessed.
Vice Motherboard
January 31,
2019
Sophisticated
hackers have long exploited flaws in SS7, a protocol used by telecom companies
to coordinate how they route texts and calls around the world. Those who
exploit SS7 can potentially track phones across the other side of the planet,
and intercept text messages and phone calls without hacking the phone itself.
This activity was typically only within reach of intelligence agencies or
surveillance contractors, but now Motherboard has confirmed that this
capability is much more widely available in the hands of financially-driven
cybercriminal groups, who are using it to empty bank accounts. So-called SS7
attacks against banks are, although still relatively rare, much more prevalent
than previously reported. Motherboard has identified a specific bank—the UK's
Metro Bank—that fell victim to such an attack.
CyberScoop
January 31,
2019
Conventional
wisdom says ransomware victims shouldn’t pay their attackers, but a panel of
legal experts suggested Thursday that standing firm might not always be the
smartest play in the real world. FBI officials, corporate bigwigs and public
sector security bosses in recent years all have advised their colleagues to
keep their wallets closed when ransomware hits. There’s no honor among thieves,
the logic goes, and even if you pay hackers to buzz off, who’s to say they will
follow through on promises to unlock encrypted data? But there are scenarios in
which small and medium-sized businesses should carefully consider their
decision, Mark Knepshield and Matthew Todd said during a panel discussion at
the Legalweek conference in New York. “I would say, if it’s a small amount, pay
it,” said Knepshield, a senior vice president at insurer McGriff, Seibels and
Williams. “It’s likely just be the easiest way out of your situation.”
The New
York Times
January 29,
2019
On Jan. 19,
Grant Thompson, a 14-year-old in Arizona, made an unexpected discovery: Using
FaceTime, Apple’s video chatting software, he could eavesdrop on his friend’s
phone before his friend had even answered the call. His mother, Michele
Thompson, sent a video of the hack to Apple the next day, warning the company
of a “major security flaw” that exposed millions of iPhone users to
eavesdropping. When she didn’t hear from Apple Support, she exhausted every
other avenue she could, including emailing and faxing Apple’s security team,
and posting to Twitter and Facebook. On Friday, Apple’s product security team
encouraged Ms. Thompson, a lawyer, to set up a developer account to send a
formal bug report. But it wasn’t until Monday, more than a week after Ms.
Thompson first notified Apple of the problem, that Apple raced to disable Group
FaceTime and said it was working on a fix. The company reacted after a separate
developer reported the FaceTime flaw and it was written about on 9to5mac.com, a
news site for Apple fans, in an article that went viral.
Reuters
January 29,
2019
A U.S.
judge rejected Yahoo’s proposed settlement with millions of people whose email
addresses and other personal information were stolen in the largest data breach
in history, faulting the Internet services provider for a lack of transparency.
In a Monday night decision, U.S. District Judge Lucy Koh in San Jose,
California, said she could not declare the settlement “fundamentally fair,
adequate and reasonable” because it did not say how much victims could expect
to recover. Yahoo, now part of New York-based Verizon Communications Inc, was
accused of being too slow to disclose three breaches from 2013 to 2016 that
affected an estimated 3 billion accounts. The settlement called for a $50
million payout, plus two years of free credit monitoring for about 200 million
people in the United States and Israel with nearly 1 billion accounts. But the
judge said the accord did not disclose the size of the settlement fund or the
costs of the credit monitoring, and the proposed class may be too big because
the number of “active” users that Yahoo disclosed privately to her was far
lower.
Reuters
January 29,
2019
A
co-ordinated global cyber attack, spread through malicious email, could cause
economic damages anywhere between $85 billion and $193 billion, a hypothetical
scenario developed as a stress test for risk management showed. Insurance
claims after such an attack would range from business interruption and cyber
extortion to incident response costs, the report jointly produced by insurance
market Lloyd's of London and Aon said on Tuesday. Total claims paid by the
insurance sector in this scenario is estimated to be between $10 billion and
$27 billion, based on policy limits ranging from $500,000 to $200 million. The
stark difference between insured and economic loss estimates highlights the
extent of underinsurance, in case of such an attack, the stress test showed. An
attack could affect several sectors globally, with the largest losses in
retail, healthcare, manufacturing and banking fields.
AP
January 28,
2019
When Sharyl
Attkisson first began hearing clicking sounds on her phone and her computers
started turning on and off in the middle of the night, she thought it was a
technical glitch that could be easily fixed. Attkisson, then a longtime
investigative reporter for CBS News, didn’t suspect anything more until her
sources in the intelligence community suggested that the government might be
spying on her because of critical stories she had done. Attkisson alleged in a
2015 lawsuit that former Attorney General Eric Holder, former Postmaster
General Patrick Donahoe, and unnamed federal agents conducted unauthorized
surveillance of her home and electronic devices in an attempt to determine who
was leaking confidential information to her. A federal judge dismissed
Attkisson’s lawsuit, finding that resolving the allegations would overstep the
court’s authority because it “would require inquiry into sensitive Executive
Branch discussions and decisions.” Attkisson’s appeal will be heard Tuesday by
the 4th U.S. Circuit Court of Appeals.
CyberScoop
January 28,
2019
For David
Cowan, the tipping point was a cyberattack from Anonymous. Cowan, a venture
capitalist at Bessemer Venture Partners, had spent years asking startup
founders what they planned to do if hackers targeted their business. Often, the
founders on the other side of the boardroom would shrug and say, “We don’t hold
any personal information, so they don’t need to come after us.” That changed,
he said, after the email marketing company SendGrid was hit in 2013 with a
denial-of-service attack that ultimately may have caused some of the young
company’s clients to walk away, Cowan said. Attackers struck roughly 14 months after
Bessemer had led a $21 million funding round for the company. As a result of
that incident and others like it, Cowan spent months asking security leaders at
established companies what they wished they knew in startup mode. Bessemer
published the resulting research in 2015 as advice to smaller companies.
INTERNATIONAL
FCW
February 1,
2019
Cyberattacks
like NotPetya and WannaCry can have consequences in the physical world and
devastating financial fallout, even if they fall below the traditional
definition of war. But U.S. officials, international organizations and
independent experts have so far been unable to frame a consensus about where to
draw that line. The nongovernmental Global Commission on Stability in
Cyberspace recently wrapped up a series of meetings in Geneva to hash out
fundamental principles that states, non-state actors and private industry
should follow. The commission, co-chaired by former Secretary of Homeland
Security Michael Chertoff and former Estonian Foreign Minister Marina
Kaljurand, has spent the past two-and-a-half years courting public and private
stakeholders and developing language around behavior in cyberspace that it
hopes will help guide not just governments but also private companies who work
in the murky, somewhat norm-less field of offensive cyber operations. It plans
to release a report detailing its final recommendations at the end of 2019.
Gov Info
Security
February 1,
2019
The
notorious Russian language cybercrime marketplace and forum xDedic Marketplace
remains offline following an international police takedown. But information
security experts say customers will no doubt quickly move their business
elsewhere. U.S. authorities estimate that xDedic, which was launched in 2014,
helped contribute to more than $68 million in global fraud. But the U.S.
Department of Justice says that on Jan. 24, "seizure orders were executed
against the domain names of the xDedic Marketplace, effectively ceasing the
website's operation." The takedown effort was international in its scope,
reflecting the distributed infrastructure used by xDedic. The U.S. probe
resulting in the seizure order was the work of the FBI and the Internal Revenue
Service's Criminal Investigation unit. In parallel, a joint Belgian-Ukrainian
investigation was led by Belgium's Federal Prosecutor's Office and the Federal
Computer Crime Unit, together with Ukraine's National Police and Prosecutor
General's Office. The EU effort was supported in turn by a Joint Investigative
Team at the EU's law enforcement intelligence agency, Europol. The German
Bundeskriminalamt - the federal police, known as the BKA - also helped seize
xDedic's infrastructure, authorities say.
Reuters
January 31,
2019
Bangladesh's
central bank on Thursday sued a Philippine bank to recoup losses it suffered
when unidentified hackers stole $81 million from its account at the Federal
Reserve Bank of New York nearly three years ago. In a complaint filed with the
U.S. District Court in Manhattan, Bangladesh Bank accused Rizal Commercial
Banking Corp (RCBC) and dozens of others, including several top executives, of
involvement in a "massive" and "intricately planned"
multi-year conspiracy to steal its money. Bangladesh Bank said funds were
stolen with the help of unnamed North Korean hackers who used malware with such
names as "Nestegg" and "Macktruck" to obtain backdoor
access its network. It said funds were then funneled through RCBC accounts in
New York City and to the Philippines, where much of it disappeared in that
country's casino industry.
The Daily Beast
January 31,
2019
Russia’s military intelligence directorate, the GRU, has been caught in
a new round of computer intrusion attempts, this time aimed at the Center for
Strategic and International Studies, a prominent Washington, D.C. think tank
heavy with ex-government officials. The new efforts by the Kremlin hackers who
notoriously breached the DNC and Hillary Clinton campaign to support Donald
Trump suggests that indictments, international sanctions, a botched
assassination and an unprecedented global spotlight have done little to deter
Vladimir Putin from continuing to target the West with his hacker army, even as
American intelligence agencies warn that Russia is gearing up to interfere in
the 2020 election.
Reuters
January 30,
2019
Two weeks
after leaving her position as an intelligence analyst for the U.S. National
Security Agency in 2014, Lori Stroud was in the Middle East working as a hacker
for an Arab monarchy. She had joined Project Raven, a clandestine team that
included more than a dozen former U.S. intelligence operatives recruited to
help the United Arab Emirates engage in surveillance of other governments,
militants and human rights activists critical of the monarchy. Stroud and her
team, working from a converted mansion in Abu Dhabi known internally as “the
Villa,” would use methods learned from a decade in the U.S intelligence
community to help the UAE hack into the phones and computers of its enemies.
Stroud had been recruited by a Maryland cybersecurity contractor to help the
Emiratis launch hacking operations, and for three years, she thrived in the
job. But in 2016, the Emiratis moved Project Raven to a UAE cybersecurity firm
named DarkMatter. Before long, Stroud and other Americans involved in the
effort say they saw the mission cross a red line: targeting fellow Americans
for surveillance. “I am working for a foreign intelligence agency who is
targeting U.S. persons,” she told Reuters. “I am officially the bad kind of
spy.”
The Hill
January 29,
2019
A cyber
espionage group linked to Iran has targeted telecommunications and high-tech
industries in order to steal personal information, according to a new report.
Cybersecurity firm FireEye announced Tuesday that it has added the newly identified
group called APT39 to its growing list of advanced persistent threats.
"APT39’s focus on personal information likely supports the planning,
monitoring, and tracking of intelligence operations that serve Iran’s national
priorities," Benjamin Read, FireEye's senior manager of Cyber Espionage
Analysis, said in a statement. "Targeting data supports the belief that
APT39's key mission is to track or monitor targets of interest, collect
personal information, including travel itineraries, and gather customer data
from telecommunications firms," the firm's latest report states.
The New York Times
January 28,
2019
Citizen
Lab, a cybersecurity watchdog organization at the University of Toronto, has
published hard-hitting research on powerful targets in recent years: Chinese
government censorship, Silicon Valley’s invasion of customers’ privacy, despotic
regimes’ electronic surveillance of dissidents. It’s the kind of work that can
make enemies. So when John Scott-Railton, a senior researcher at Citizen Lab,
got an odd request for a meeting last week from someone describing himself as a
wealthy investor from Paris, he suspected a ruse and decided to set a trap.
Over lunch at New York’s five-star Peninsula Hotel, the white-bearded visitor,
who said his name was Michel Lambert, praised Mr. Scott-Railton’s work and
pried for details about Citizen Lab. Then — “as I was finishing my crème
brûlée,” Mr. Scott-Railton said — a reporter and photographer from The
Associated Press, alerted by Mr. Scott-Railton and lurking nearby, confronted
the visitor, who bumped into chairs and circled the room while trying to flee.
At least two other men nearby appeared to be operatives — one who stood at the
door, another who seemed to be filming from a table, said Mr. Scott-Railton,
who himself filmed his lunch companion. The case of the bumbling spy is the
latest episode involving undercover agents, working for private intelligence
firms or other clients, who adopt false identities to dig up compromising
information about or elicit embarrassing statements from their targets.
Reuters
January 28,
2019
French
engineering consultancy Altran Technologies was the target of a cyber attack
last Thursday that hit operations in some European countries, it said on
Monday. Altran said it had shut down its IT network and applications and a
recovery plan was under way. "We have mobilized leading global third-party
technical experts and forensics, and the investigation we have conducted with
them has not identified any stolen data nor instances of propagation of the
incident to our clients," it said. Altran's clients include French utility
Engie, U.S. satellite operator Iridium, British online supermarket Ocado and
Britain's Network Rail. Governments are increasingly warning about the risks
private businesses face from cyber attacks, both those carried out by foreign governments
and financially motivated criminals.
IT Pro
January 28,
2019
Japan
approved a new amendment to a law on Friday which would allow government
workers to hack civilians' personal technology as part of a vast survey of the
country's insecure IoT devices. The survey is being initiated as part of a plan
to prevent a major cyber attack from crippling the infrastructure that will
support the Tokyo Olympic Games in 2020, stemming from insecure IoT devices.
The concerns aren't without merit, sporting events are fast-becoming prime
targets for cyber attacks. In February 2018, Pyeongchang's Winter Olympics was
hit by a cyber attack during the opening ceremony. The state-sponsored hacking
initiative will begin next month with a trial of 200 million devices, just
webcams and modems to start with. The survey will be carried out by employees
of the National Institute of Information and Communications Technology (NICT)
under the supervision of the Ministry of Internal Affairs and Communications.
Reuters
January 28,
2019
Iran is
likely to expand its cyber espionage activities as its relations with Western
powers worsen, the European Union digital security agency said on Monday. Iranian
hackers are behind several cyber attacks and online disinformation campaigns in
recent years as the country tries to strengthen its clout in the Middle East
and beyond, a Reuters Special Report published in November found. This month
the European Union imposed its first sanctions on Iran since world powers
agreed a 2015 nuclear deal with Teheran, in a reaction to Iran's ballistic
missile tests and assassination plots on European soil. "Newly imposed
sanctions on Iran are likely to push the country to intensify state-sponsored
cyber threat activities in pursuit of its geopolitical and strategic objectives
at a regional level," the European Union Agency for Network and
Information Security (ENISA) said in a report. A senior Iranian official rejected
the report, saying "these are all part of a psychological war launched by
the United States and its allies against Iran".
TECHNOLOGY
Wired
January 30,
2019
When
hackers breached companies like Dropbox and LinkedIn in recent years—stealing
71 million and 117 million passwords, respectively—they at least had the
decency to exploit those stolen credentials in secret, or sell them for
thousands of dollars on the dark web. Now, it seems, someone has cobbled
together those breached databases and many more into a gargantuan,
unprecedented collection of 2.2 billion unique usernames and associated
passwords and is freely distributing them on hacker forums and torrents,
throwing out the private data of a significant fraction of humanity like last
year's phone book. Earlier this month, security researcher Troy Hunt identified
the first tranche of that mega-dump, named Collection #1 by its anonymous
creator, a patched-together set of breached databases Hunt said represented 773
million unique usernames and passwords. Now other researchers have obtained and
analyzed an additional vast database called Collections #2–5, which amounts to
845 gigabytes of stolen data and 25 billion records in all. After accounting
for duplicates, analysts at the Hasso Plattner Institute in Potsdam, Germany,
found that the total haul represents close to three times the Collection #1
batch.
|