Friday, February 22, 2019

Where cybersecurity legislation 'goes to die' in Congress



Sydney dad involved in home invasion death had 'no sympathy' for thieves

Two weeks before the break-in at Francois Schwartz's home, he'd commented on a video of a thief caught in the act.

The weird rise of cyber funerals Wired 



Dark Patterns – How tech companies use dark patterns to discourage us from exercising our rights to privacy. The Norwegian Consumer Council (the Forbrukerrådet or NCC) report criticizes “features of interface design crafted to trick users into doing things that they might not want to do, but which benefit the business in question.”

Emoji are showing up in court cases exponentially, and courts aren’t prepared The Verge 

New York Post, Whistleblower Makes Shocking IRS, Insider Trading Allegations:



A whistleblower made this shocking allegation to me last week: the IRS was tipping off members of Congress to corporate takeovers so the elected officials could profit from insider trading.
My snitch also charged that higher-level employees of the IRS also used that information to enrich themselves.
This may sound crazy but remember: Up until a few years ago members of Congress were allowed to trade stock based on information they got while performing their public duties.
It wasn’t until 2012, during President Obama’s tenure, that the practice was banned.





Award-winning Aussie barista told to 'get out of Sweden'


He's twice been named Sweden's best barista, but this Aussie says the country's red tape is threatening to ruin his successful new business.

The Washington Post

February 14, 2019

Senators from both political parties on Thursday praised the military’s cyber force for helping secure last year’s midterm elections, with one suggesting it was largely due to U.S. Cyber Command that the Russians failed to affect the 2018 vote. “Would it be fair to say that it is not a coincidence that this election went off without a hitch and the fact that you were actively involved in the protection of very important infrastructure?” Sen. Mike Rounds (R-S.D.) asked Gen. Paul Nakasone, the command’s leader, at a hearing of the Senate Armed Services Committee. Military officials have said new authorities, approved over the last year, enabled CyberCom to be more aggressive — and effective — in what they privately say was an apparent success. Nakasone, who also heads the National Security Agency, stopped short of saying it was CyberCom that made the difference, telling Rounds that safeguarding the election was the agencies’ “number-one priority.” Nakasone assumed his dual posts in May and has privately told Pentagon leaders that having the two agencies under a single director was key to the operation’s outcome.



FCW

February 14, 2019

Responsibility for oversight of 2.7 million miles of U.S. pipeline infrastructure falls to the Transportation Security Administration, but an oversight report from December 2018 found that TSA needs to get a better handle on this role. According to Government Accountability Office, the agency hasn't maintained needed staffing levels in its pipeline security operations or kept its risk assessment methodology up to date. China has the ability to launch disruptive cyberattacks on U.S. critical infrastructure including gas pipelines, according to a recent public intelligence assessment. That possibility has lawmakers concerned. At a Feb. 14 Senate hearing, Sen. Martin Heinrich (D-N.M.) asked Neil Chatterjee, chairman of the Federal Energy Regulatory Committee, if TSA was the right agency to oversee gas pipeline security. Chatterjee co-authored an Axios column in June 2018 calling for an agency with more stringent rulemaking authority, possibly the Department of Energy, to take over to take over pipeline security. Since then the energy regulator has changed his tune a bit.



FCW

February 14, 2019

The budget agreement to keep government open includes $25 million for the Technology Modernization Fund. Securing funding for the TMF has been a bumpy road. House Democrats initially zeroed out the fund at the start of the new Congress, matching the Senate funding bill from June 2018, before the $25 million figure appeared as part of the General Service Administration appropriation in a later bill. The number falls well short of the $100 million appropriated for the fund in fiscal year 2018 and of the $150 million the House approved just last year. Sen. Jerry Moran (R-Kan.), a sponsor of the Modernizing Government Technology Act that authorized $250 million for the fund, said that "while this funding falls short of the authorization level for this fiscal year, I am pleased that our efforts with appropriators and relevant agencies to improve transparency around agencies' modernization proposals have resulted in bipartisan support for the Technology Modernization Fund."



CyberScoop

February 13, 2019

Democratic lawmakers are calling on the Trump administration to release a public report on efforts to secure the 2018 midterm elections so the country can learn what worked and what didn’t. “It’s important for the public to have confidence in our election systems,” Rep. Jim Langevin, D-R.I., told CyberScoop Wednesday. “In order to have confidence, I think there has to be transparency.” The departments of Homeland Security and Justice on Feb. 4 sent a classified report to President Donald Trump assessing foreign attempts to interfere in the 2018 midterms. Officials found no evidence that foreign operatives had a “material impact on the integrity or security” of election or campaign infrastructure used in the midterms, according to a statement summarizing the report. That terse statement is insufficient for lawmakers like Langevin. In the interest of transparency and making improvements, they say, the administration should publish an assessment of security in the 2018 midterms. A redacted version of the classified report could add to Americans’ knowledge of the election-security landscape without revealing sensitive information, legislators argue.



Politico

February 13, 2019

The leaders of the Senate Banking Committee on Wednesday kicked off a push to write stricter data collection and security standards for financial institutions. Sen. Mike Crapo (R-Idaho), the panel’s chairman, and Sen. Sherrod Brown (Ohio), the ranking Democrat, on Wednesday asked for input on ways to give consumers more control of personally identifiable information collected by financial firms and regulators. Data security, privacy and collection issues are among the top bipartisan priorities for the Banking Committee, which has broad oversight over U.S. banks, lenders, insurers, traders and credit reporting agencies. Crapo and Brown’s call for feedback is one of the first steps toward proposing a bipartisan bill to address those concerns. “Given the exponential growth and use of data, and corresponding data breaches, it is worth examining how the Fair Credit Reporting Act should work in a digital economy, and whether certain data brokers and other firms serve a function similar to the original consumer reporting agencies,” Crapo said in a statement. Crapo said he’s focused on “what data is contained in modern consumer reports, how the information is gathered, who compiles it, how it is protected, how consumers can access it and correct it, and how privacy is respected.”



FCW

February 13, 2019

The nation's top cybersecurity official told Congress that the ability to audit voting machines after elections is critical for ballot security. "The area that I think we need to invest the most in the nation is ensuring auditability across infrastructure," Christopher Krebs, head of the Cybersecurity and Infrastructure Security Agency said at a Feb. 13 hearing of the House Homeland Security Committee. "If you don't know what's happening and you can't check back at what's happening in the system -- you don't have security." While 34 states and the District of Columbia have some laws mandating post-election audits, according to the National Conference of State Legislatures, Congress has been unable to agree on how hard or soft to make such language in legislation. Krebs and Election Assistance Commission (EAC) Chair Thomas Hicks endorsed the need for greater auditability, though both deferred to states on the question of whether it should be done digitally or by hand.



Politico

February 11, 2019

Wisconsin Republican Sen. Ron Johnson leads the committee with broad oversight over the nation’s most important cybersecurity issues, including protecting consumers and U.S. elections from hackers. But he’s also a major reason little legislation on these topics ever passes, according to lobbyists, cybersecurity policy experts, lawmakers and congressional aides from both parties who spoke with POLITICO. Johnson or members of his staff have derailed many of the most significant cybersecurity-related bills in the past four years, including legislation to secure elections, study whether the growing use of encrypted apps hampers law enforcement, and hold companies accountable for the proliferation of insecure connected devices, people who track the legislation told POLITICO. His panel “is the place where legislation goes to die on cybersecurity,” said Mieke Eoyang, a former Hill aide and vice president for the national security program at Third Way, a centrist think tank in Washington that works on national technology policy issues.



The Hill

February 11, 2019

Sens. Amy Klobuchar (D-Minn.) and John Thune (R-S.D.) on Monday introduced a bipartisan bill to create an exchange program between the federal government and private firms aimed at bringing more cybersecurity expertise to the federal workforce. The legislation, known as the “Cyber Security Exchange Act,” provides a path for cyber experts at private firms or academia to work for federal agencies for up to two years. At the same time, federal workers would be given a chance to work in the private sector to brush up on the latest in cybersecurity practices. Klobuchar — who announced over the weekend that she is seeking the Democratic nomination in the 2020 presidential race — said in a statement that the government “needs additional cyber security experts to ensure we are not vulnerable to attacks from adversaries and cybercriminals.” And Thune called the bill “a great opportunity for federal government agencies to tap into the vast cybersecurity resources that exist in the private sector and academia, as well as bolster the capabilities of their counterparts.”



ADMINISTRATION



FCW

February 14, 2019

The head of the Department of Homeland Security's cybersecurity wing is pushing back on a media report that the agency has scaled back personnel and resources from its combatting foreign election interference. Cybersecurity and Infrastructure Security Agency Director Chris Krebs hosted a conference call with reporters less than 24 hours after The Daily Beast published a story that quoted multiple anonymous DHS officials who said two CISA task forces focused on coordinating the department's response to foreign influence in U.S. elections were significantly downsized shortly after the mid-terms. Krebs didn't deny that personnel levels for the task forces were reduced. He characterized the task forces as temporary vehicles to address an emerging threat while CISA worked to hire staff and build more permanent institutional capacity to tackle the issue.



The Daily Beast

February 13, 2019

Two teams of federal officials assembled to fight foreign election interference are being dramatically downsized, according to three current and former Department of Homeland Security officials. And now, those sources say they fear the department won’t prepare adequately for election threats in 2020. “The clear assessment from the intelligence community is that 2020 is going to be the perfect storm,” said a DHS official familiar with the teams. “We know Russia is going to be engaged. Other state actors have seen the success of Russia and realize the value of disinformation operations. So it’s very curious why the task forces were demoted in the bureaucracy and the leadership has not committed resources to prepare for the 2020 election.” The task forces, part of the Cyber Security and Infrastructure Agency (CISA), were assembled in response to Russian meddling in the 2016 presidential election. One focuses in part on securing election infrastructure and the other focuses on foreign influence efforts, including social media disinformation campaigns.



Ars Technica


Marcus Hutchins, the widely acclaimed security researcher charged with creating malware that sold for thousands of dollars on the Internet, has lost his bid to suppress self-incriminating statements he made following days of heavy partying at the 2017 Defcon hacker convention in Las Vegas. Hutchins—who, under the moniker MalwareTech, unwittingly helped neutralize the virulent WannaCry ransomware worm—was charged with developing the Kronos banking trojan and an advanced spyware program known as the UPAS Kit. The then-23-year-old UK citizen was arrested in August 2017 at McCarran International Airport as he was about to fly home. He had spent the previous week attending the Black Hat and Defcon conferences. Hutchins has pleaded not guilty to the charges. According to court documents, federal agents questioned Hutchins in an airport interview room shortly after he was arrested. When asked about his involvement in developing malware, the court records show, Hutchins grew visibly confused about the purpose of the interrogation. Eventually, prosecutors said, Hutchins acknowledged that, when he was younger, he wrote code that ended up in malware, but he denied that he had developed the malware itself.



CyberScoop

February 13, 2019

Months after the government accused a former CIA computer engineer of leaking government secrets from behind bars, prosecutors said hard drives containing discovery materials in the case somehow have been “misplaced.” The announcement is the latest complication in a case that only has become more convoluted since it entered the public consciousness. The government said it intends to provide the defendant, Joshua Schulte, with a reproduction of the unclassified material. Prosecutors have accused Schulte, a former software engineer, of providing WikiLeaks with an archive of stolen documents — known as the Vault 7 files — detailing the agency’s surveillance and hacking capabilities. In a Feb. 12 court filing, U.S. Attorney Geoffrey Berman told Judge Paul Crotty “the government has consulted with the [New York City’s Metropolitan Correctional Center, where Schulte is being held] and understand that the hard drives containing the defendant’s discovery were misplaced.”



The Washington Post

February 12, 2019

The Trump administration is poised to issue an executive order this week to secure American telecommunications networks, a move that’s likely to result in the barring of Chinese tech firms such as Huawei, according to three U.S. officials. The order, which President Trump is expected to sign by Friday, would give the commerce secretary broad powers to stop American companies from doing business with foreign suppliers. In development for more than a year, it will lay out the administration’s concern that foreign-owned or -controlled suppliers of equipment and services could compromise the security of the United States’ phone and Internet infrastructure. The pending announcement comes as U.S. officials continue to press their case with allies and other foreign countries that companies such as Huawei, which has close ties to the Chinese government, pose considerable risk to burgeoning high-speed telecom networks known as 5G. Officials cautioned that last-minute snags could delay the new order, which has been expected since last summer. But they stressed that any holdups are not related to ongoing, high-level trade talks between Washington and Beijing aimed at ending the two countries’ months-long trade war.



Politico

February 12, 2019

Lawsuits, complaints about lax security and accusations of voter suppression marred Georgia’s election for governor in November. But the state’s race for lieutenant governor had its own trouble, Democrats and election security advocates say. The contest between Republican Geoff Duncan and Democrat Sarah Riggs Amico drew far less national attention than the marquee governor’s race in which GOP candidate Brian Kemp narrowly defeated Stacey Abrams. But plaintiffs in a lawsuit against the state say abnormalities in the lieutenant governor’s election raise questions about Duncan’s victory — and potentially about the outcome of other races on the ballot if the state’s electronic voting machines were to blame. In addition to the lawsuit, Amico asked the state to investigate irregularities in the election. The problem: Georgians cast nearly 4 million ballots on Election Day, but about 160,000 of them showed no vote cast in the lieutenant governor race, about 4.3 percent of ballots. To election experts, this so-called “undervote” rate — when a race is left blank — is evidence either that Georgia voters were unusually apathetic about their lieutenant governor, or that something went wrong.



CyberScoop

February 12, 2019

Two men were charged with conducting cyberattacks on various organizations and threatening physical violence on Southern California school districts and the Los Angeles International Airport, among other targets, according to an indictment that was unsealed by U.S. prosecutors on Tuesday. The men, an American and a Briton, sent false reports of violent attacks on schools via email and carried out distributed denial-of-service (DDoS) attacks on websites, according to the indictment announced by the U.S. Attorney’s Office of the Central District of California. The defendants –a 19-year-old British national named George Duke-Cohan and a 20-year-old North Carolina man named Timothy Dalton Vaughn – are accused of being part of a hacking collective known as Apophis Squad. Duke-Cohan is already serving a prison sentence in Britain for threatening violence on an airliner, U.S. officials said. Vaughn’s online moniker, “WantedbyFeds,” turned prophetic Tuesday morning when he was arrested by U.S. authorities. Their alleged criminal activity took place in the first eight months of 2018.



INDUSTRY



Fifth Domain

February 14, 2019

The defense and aerospace industry wants the Department of Defense to adopt the same set of cybersecurity standards their companies use to trim vulnerabilities throughout their supply chain, rather than piling on additional requirements. The message to the DoD is one of a handful from the Aerospace Industries Association to encourage what CEO Eric Fanning called “smart regulation” during a media briefing about AIA’s 2019 agenda. “We’re not always seeking less regulation — I know you don’t hear that from industry every day, but [aerospace and defense] has benefited from smart government regulations, often developed with industry,” he told reporters Feb. 14. In terms of cybersecurity, “we’re trying to get away from the traditional way of assurance, which is just labor intensive and doesn’t keep up with changing regulations, technology and threats.” Specifically, large companies are working with smaller suppliers to streamline their processes for greater assurance. AIA, in turn, released in December a list of 110 security controls, broken down into what it describes as 22 control families. Organizations can use the rubric to assess their vulnerability to cyberattacks. Beyond enhancing security among its members, AIA says the standards could, in theory, be used as a baseline for the DoD.



The Hill

February 14, 2019

Cybersecurity risks to utilities' systems increased in 2018, with more intrusions into those networks and malware that infected those systems, according to a new report from a threat assessment firm released Thursday. Dragos, which specializes in industrial cybersecurity, found that the threat for systems such as electric grids have grown over the last year, even without a substantial attack taking place. The firm pointed to one threat actor group known as “Xenotime” as being particularly threatening to the industry systems. And the company warned that compromises of different vendors have likely happened. The report also highlighted “Living off the Land” tactics — in which an adversary is able to access a system and move through it undetected — as a threat that will continue in the coming years. “As anti-virus products, detection software, and other threat detection methods become more robust and capable of detecting various malicious activity, adversaries must modify their methods to evade capture by blending in with the environment and not leaving behind identifiable artifacts,” the report states. In another report released Thursday, Dragos warned that advisories issued about vulnerabilities to industrial systems sometimes don’t get across the full risk of threats, or properly express how to stop them.



CyberScoop

February 14, 2019

The founders of NSO Group, a controversial Israeli spyware vendor, said Thursday that they had re-acquired the company from private equity firm Francisco Partners. NSO Group co-founders Shalev Hulio and Omri Lavie led the acquisition and promised more growth for the company, which reported dozens of customers and $250 million in revenue in 2018. NSO Group did not reveal the terms of the deal, which was supported by Novalpina Capital, a London-based firm. Sources had told CyberScoop in June of 2017 that Francisco Partners was asking for more than $1 billion for NSO Group. Francisco paid $120 million for a majority stake in the company in 2014. NSO Group says it lawfully sells its surveillance technology to governments to combat terrorism and organized crime. However, the company’s signature Pegasus spyware has been used to target journalists, anticorruption watchdogs and political dissidents, according to research from Amnesty International and the University of Toronto’s Citizen Lab.



Reuters

February 13, 2019

Software pirates have hijacked technology designed by Apple Inc to distribute hacked versions of Spotify, Angry Birds, Pokemon Go, Minecraft and other popular apps on iPhones, Reuters has found. Illicit software distributors such as TutuApp, Panda Helper, AppValley and TweakBox have found ways to use digital certificates to get access to a program Apple introduced to let corporations distribute business apps to their employees without going through Apple’s tightly controlled App Store. Using so-called enterprise developer certificates, these pirate operations are providing modified versions of popular apps to consumers, enabling them to stream music without ads and to circumvent fees and rules in games, depriving Apple and legitimate app makers of revenue. By doing so, the pirate app distributors are violating the rules of Apple’s developer programs, which only allow apps to be distributed to the general public through the App Store. Downloading modified versions violates the terms of service of almost all major apps.



CNBC

February 13, 2019

On Sept. 7, 2017, the world heard an alarming announcement from credit ratings giant Equifax: In a brazen cyberattack, somebody had stolen sensitive personal information from more than 140 million people, nearly half the population of the U.S. It was the consumer data security scandal of the decade. The information included Social Security numbers, driver's license numbers, information from credit disputes and other personal details. CEO Richard Smith stepped down under fire. Lawmakers changed credit freeze laws and instilled new regulatory oversight of credit ratings agencies. Then, something unusual happened. The data disappeared. Completely.



Ars Technica

February 13, 2019

Microsoft’s Patch Tuesday this month had higher-than-usual stakes with fixes for a zero-day Internet Explorer vulnerability under active exploit and an Exchange Server flaw that was disclosed last month with proof-of-concept code. The IE vulnerability, Microsoft said, allows attackers to test whether one or more files are stored on disks of vulnerable PCs. Attackers first must lure targets to a malicious site. Microsoft, without elaborating, said it has detected active exploits against the vulnerability, which is indexed as CVE-2019-0676 and affects IE version 10 or 11 running on all supported versions of Windows. The flaw was discovered by members of Google’s Project Zero vulnerability research team. Microsoft also patched Exchange against a vulnerability that allowed remote attackers with little more than an unprivileged mailbox account to gain administrative control over the server.



Wired

February 12, 2019

The fleets of electric scooters that have inundated cities are alarming enough as is. Now add cybersercurity concerns to the list: Researchers from the mobile security firm Zimperium are warning that Xiaomi’s popular M365 scooter model has a worrying bug. The flaw could allow an attacker to remotely take over any of the scooters to control crucial things like, ahem, acceleration and braking. Rani Idan, Zimperium’s director of software research, says he found and was able to exploit the flaw within hours of assessing the M365’s security. His analysis found that the scooters contain three software components: battery management, firmware that coordinates between hardware and software, and a Bluetooth module that lets users communicate with their scooter via a smartphone app. The latter leaves the devices woefully exposed. Idan quickly found that he could connect to the scooter via Bluetooth without being asked to enter a password or otherwise authenticate. From there, he could go a step further and install firmware on the scooter without the system checking that this new software was an official, trusted Xiaomi update. This means that an attacker could easily put malware on a scooter, giving herself full command over it.



Ars Technica

February 12, 2019

Email provider VFEmail said it has suffered a catastrophic destruction of all of its servers by an unknown assailant who wiped out almost two decades' worth of data and backups in a matter of hours. “Yes, @VFEmail is effectively gone,” VFEmail founder Rick Romero wrote on Twitter Tuesday morning after watching someone methodically reformat hard drives of the service he started in 2001. “It will likely not return. I never thought anyone would care about my labor of love so much that they'd want to completely and thoroughly destroy it.” The ordeal started on Monday when he noticed all the servers for his service were down. A few hours later, VFEmail’s Twitter account reported the attacker “just formatted everything.” The damage, Romero reported, extended to VFEmail’s “entire infrastructure,” including mail hosts, virtual machine hosts, and a SQL server cluster.



CyberScoop

February 12, 2019

Symantec has acquired an Israeli company that specializes in protecting corporate networks based in the cloud — an area of competency that will only become more important as businesses continue to move their data and software to third-party cloud providers. The Silicon Valley cybersecurity giant said it is acquiring Luminate Security because of its strength in zero-trust security and “software defined perimeter” technology. Luminate’s zero-trust technology “securely connects any user from any device, anywhere in the world to corporate applications, on-premises and in the cloud, while all other corporate resources are cloaked without granting access to the entire network,” according to a release. Tel Aviv-based Luminate’s software defined perimeter technology helps customers protect the fringes of their networks by providing “full visibility of users’ actions as they access corporate resources, as well as real-time governance of these resources.” The idea is that the perimeter is no longer just the computer on the average worker’s desk.



Ars Technica

February 12, 2019

Researchers have found a way to run malicious code on systems with Intel processors in such a way that the malware can't be analyzed or identified by antivirus software, using the processor's own features to protect the bad code. As well as making malware in general harder to examine, bad actors could use this protection to, for example, write ransomware applications that never disclose their encryption keys in readable memory, making it substantially harder to recover from attacks. The research, performed at Graz University of Technology by Michael Schwarz, Samuel Weiser, and Daniel Gruss (one of the researchers behind last year's Spectre attack), uses a feature that Intel introduced with its Skylake processors called SGX ("Software Guard eXtensions").



CyberScoop

February 12, 2019

A new vulnerability in a popular WordPress plugin could allow outsiders who exploit the flaw to take control of a website, according to new research. Luka Šikić, who works as a security developer at WebARX, published a report Monday revealing the bug in the Simple Social Buttons plugin, which more than 40,000 websites use to distribute their content on Facebook, Twitter and others. The problem would allow hackers to modify a WordPress site’s settings in a way plugin developers did not intend. WPBrigade, the firm that developed Simple Social Buttons, patched the flaw in the 2.0.22 software update, which was released Friday. Šikić said he informed WPBrigade about the vulnerability on Feb. 7, and that the company fixed the issue within a day. “If your website uses the WordPress plugin ‘Simple Social Buttons,’ you should update it to the latest version as soon as possible,” WebARX said in a blog post detailing the findings.



Ars Technica

February 11, 2019

Malware pushers are experimenting with a novel way to infect Mac users that runs executable files that normally execute only on Windows computers. Researchers from antivirus provider Trend Micro made that discovery after analyzing an app available on a Torrent site that promised to install Little Snitch, a firewall application for macOS. Stashed inside the DMG file was an EXE file that delivered a hidden payload. The researchers suspect the routine is designed to bypass Gatekeeper, a security feature built into macOS that requires apps to be code-signed before they can be installed. EXE files don’t undergo this verification, because Gatekeeper only inspects native macOS files.



CNBC

February 9, 2019

There are a lot of scary cybersecurity headlines, and many shiny new solutions from vendors that promise to address those threats. Ignore them and look at history instead. That's the advice of Google's Heather Adkins, who has served for 16 years as the head of information security and privacy at the tech giant. Adkins has witnessed many landmark cyber events from the front lines. She says the attacks, methods, motivations, tools and even criminals themselves are the same as they've been since the 1980s. History is a better teacher for businesses than a frightening pitch deck from a vendor, she says.



INTERNATIONAL



Motherboard

February 15, 2019

Hackers allegedly working for the embattled Venezuelan government tried to trick activists into giving away their passwords to popular services such as Gmail, Facebook, Twitter, and others, according to security researchers. Last week, the Venezuelan opposition leader Juan Guaido called for citizens to volunteer with the goal of helping international humanitarian organizations deliver aid into the country. President Nicolas Maduro is refusing to accept aid and has erected blocks across a border bridge with Colombia with the military’s help.



The National Post

February 14, 2019

Canada’s foreign signals intelligence agency says government networks have weathered a lot of cyber security “incidents” but no successful attacks in the last two years. Documents tabled in the House of Commons last month reported thousands of incidents across all government departments, with 2,051 coming in 2017 and 1,713 through the first ten months of 2018. In 2017, the national resources, energy and environment departments were hit hardest, while the incidents on “government administration” networks spiked in 2018. In an emailed response to questions from the National Post, the Communications Security Establishment said none of the events reported in the documents “would be considered to be an ‘attack.’” The numbers refer to any incident that requires “further intervention to prevent a compromise,” CSE said. “Many of these kinds of incidents are ultimately mitigated by other security actions deeper in the networks before they can have any significant impact,” said CSE spokesman Ryan Foreman.



AP

February 14, 2019

Russian hackers are redoubling their efforts in the run-up to presidential elections in Ukraine, according to the head of Ukraine’s cyber-police. Serhii Demediuk said in an interview with The Associated Press that Russian-controlled digital saboteurs are stepping up attacks on the Central Elections Commission and its employees, trying to penetrate electronic systems in order to manipulate information about the March 31 election. “On the eve of the election and during the counting of votes there will be cyberattacks on certain objects of critical infrastructure. This applies to the work of the polling stations themselves, districts, and the CEC,” he said. “From what we are seeing, it will be manipulation aimed at distorting information about the results of elections, and calling the elections null or void,” Demediuk said.



Reuters

February 13, 2019

Bank of Valletta which accounts for almost half of Malta's banking transactions, had to shut down all of its operations on Wednesday after hackers broke into its systems and shifted funds overseas. Prime Minister Joseph Muscat told parliament the cyber attack involved the creation of false international payments totaling 13 million euros ($14.7 million) to banks in Britain, the United States, the Czech Republic and Hong Kong. The funds have been traced and the Bank of Valletta is seeking to have the fraudulent transactions reversed. Muscat said the attack was detected soon after the start of business on Wednesday when discrepancies were noticed during the reconciliation of international transactions. Shortly after, the bank was informed by state security services that it had received information from abroad that the company had been the target of a cyber attack.



Wired

February 12, 2019

In 2019, an indictment of Iranian hackers targeting American government officials barely raises an eyebrow. But in one remarkable case, those hackers had an unusual advantage: the alleged help of an American defector with top secret clearance. On Wednesday, the Department of Justice announced charges against Monica Elfriede Witt, a former Air Force counterintelligence officer who, the indictment claims, was recruited by the Iranian government to spill highly classified information, some of which was then used by Iranian hackers—four of whom are also charged—to target Witt's former US government colleagues. The charges represent a rare defection of an American military officer to become an active participant in another country's espionage operations. Witt allegedly helped exposed the identity of an active US agent, as well as the codename and classified details of a secret US counterintelligence operation, all in service of Iran.



The New York Times

February 12, 2019

For more than 1,000 years, the sprawling castle complex perched high above Prague has been the seat of power for Holy Roman emperors, the kings of Bohemia and, now, the Czech president, Milos Zeman. And for the last four years, the Chinese technology giant Huawei has had a contract to fulfill the communication needs of the president and his staff. The presidential contract is the most visible symbol of how deeply Huawei has established itself in the Czech Republic, long viewed by China as a springboard country for its interests across the European Union. So when the Czech government’s cybersecurity agency issued a directive in December warning that Huawei represented a potential national security threat, company officials were shocked — as was Mr. Zeman, known for his closeness to China. Huawei has threatened legal and financial retaliation. Mr. Zeman has accused his own intelligence services, including the cybersecurity agency, known as Nukib, of “dirty tricks.” The unexpected confrontation in the Czech Republic comes as Huawei, already entangled in the trade war between China and the United States, is running into deepening problems in European Union countries, where it has worked for years to build inroads. Only weeks after Nukib issued its directive against Huawei, Polish authorities in January arrested a Huawei employee in Warsaw on charges of spying.



CyberScoop

February 12, 2019

Keeping the world’s dizzying array of hacking groups straight has become a challenge for researchers and journalists. One person’s Helix Kitten is another’s OilRig, sowing confusion — in this writer as well as others — about where one group ends and the next one begins. But getting hacking taxonomy right matters because knowing which group is responsible for malicious activity can help network defenders secure their data. That’s why researchers from multiple companies are pointing out what they say is a case of mistaken attribution of a global hacking operation. A report published last week by cybersecurity companies Recorded Future and Rapid7 blamed a well-known Chinese threat group, APT10, for breaching a Norwegian software vendor, a U.S. law firm, and an international apparel company. APT10, which U.S. officials and private analysts have linked to China’s civilian intelligence agency, gained greater notoriety in December when the Department of Justice announced charges against two of the group’s alleged members. But analysts at other companies that follow APT10 say the activity described in the report is the work of another China-linked hacking group, called APT31 or Zirconium.



Bloomberg

February 11, 2019

European Union member states are considering a possible joint response to cyber attacks allegedly conducted by a Chinese state-linked hacker group after the U.K. presented evidence last month about network infiltration, according to people familiar with the matter. U.K. experts briefed EU colleagues at a technical meeting on Jan. 28, providing evidence of both software and hardware attacks by the group known as Advanced Persistent Threat 10, or APT 10, said some of the people, who asked not to be identified as the talks were private. They wouldn’t give details about the alleged hardware attack, saying the information was classified. Officials who were at the meeting discussed potential responses, such as sanctions or a joint warning, according to two of the people. The issue will probably be discussed at a scheduled EU-China Summit in April, one of the officials said.



Your phone and TV are tracking you and political campaigns are listening in


La Times: “…Welcome to the new frontier of campaign tech — a loosely regulated world in which simply downloading a weather app or game, connecting to Wi-Fi at a coffee shop or powering up a home router can allow a data broker to monitor your movements with ease, then compile the location information and sell it to a political candidate who can use it to surround you with messages. “We can put a pin on a building, and if you are in that building, we are going to get you,” said Democratic strategist Dane Strother, who advised Evers. And they can get you even if you aren’t in the building anymore, but were simply there at some point in the last six months.


TECHNOLOGY



CyberScoop

February 12, 2019

The investigation of the network of hackers generally associated with the seminal 2015 cyberattack on the Ukrainian power grid continues. A researcher has reverse-engineered malware used by a subgroup of those attackers and found “massive amounts of junk code” meant to throw analysts off the trace. “The threat actors’ broad use of anti-forensic techniques underlines their attempt to be stealthy and ensure that the infection would go unnoticed,” Alessandro Di Pinto, a researcher at industrial cybersecurity company Nozomi Networks, wrote in a paper published Tuesday. The malware Di Pinto analyzed is the handiwork of GreyEnergy, a likely derivative of the hacking group known as BlackEnergy, which Western governments have attributed to Russian military intelligence. (Both the groups and the malware they deployed have been referred to as BlackEnergy and GreyEnergy.)



Federal News Network

February 12, 2019

Improving cybersecurity across federal agencies requires staying on top of new and evolving threats. Now, the MITRE Corporation has a new resource, called ATT&CK, to further that mission. Richard Struse, chief strategist of Cyber Threat Intelligence at MITRE Corporation, called ATT&CK an “encyclopedia of information” on cyber adversaries and their techniques for getting into systems. “And it’s something that continues to grow and evolve as adversaries grow and evolve and then originated out of a MITRE internal research project,” Struse said. “We used it to solve some of our own problems. And we saw that it really had great utility. And since then, since we publicly released it, a lot of other folks have decided that it’s really valuable to have that kind of insight into what adversaries are doing.” The resource’s website explains that ATT&CK takes publicly available information about adversary tradecraft and organizes it in two ways. One is to identify what those adversaries are trying to achieve technically.