Sydney dad involved in home invasion death had 'no sympathy' for thieves
Two weeks before the break-in at Francois Schwartz's home, he'd commented on a video of a thief caught in the act.
The weird rise of cyber funerals Wired
The weird rise of cyber funerals Wired
Emoji are showing up in court cases exponentially, and courts aren’t prepared The Verge
New York Post, Whistleblower Makes Shocking IRS, Insider Trading Allegations:
A
whistleblower made this shocking allegation to me last week: the IRS
was tipping off members of Congress to corporate takeovers so the
elected officials could profit from insider trading.
My snitch also charged that higher-level employees of the IRS also used that information to enrich themselves.This may sound crazy but remember: Up until a few years ago members of Congress were allowed to trade stock based on information they got while performing their public duties.
It wasn’t until 2012, during President Obama’s tenure, that the practice was banned.
Award-winning Aussie barista told to 'get out of Sweden'
He's
twice been named Sweden's best barista, but this Aussie says the
country's red tape is threatening to ruin his successful new business.
The
Washington Post
February
14, 2019
Senators
from both political parties on Thursday praised the military’s cyber force for
helping secure last year’s midterm elections, with one suggesting it was
largely due to U.S. Cyber Command that the Russians failed to affect the 2018
vote. “Would it be fair to say that it is not a coincidence that this election
went off without a hitch and the fact that you were actively involved in the
protection of very important infrastructure?” Sen. Mike Rounds (R-S.D.) asked
Gen. Paul Nakasone, the command’s leader, at a hearing of the Senate Armed
Services Committee. Military officials have said new authorities, approved over
the last year, enabled CyberCom to be more aggressive — and effective — in what
they privately say was an apparent success. Nakasone, who also heads the
National Security Agency, stopped short of saying it was CyberCom that made the
difference, telling Rounds that safeguarding the election was the agencies’
“number-one priority.” Nakasone assumed his dual posts in May and has privately
told Pentagon leaders that having the two agencies under a single director was
key to the operation’s outcome.
FCW
February
14, 2019
Responsibility
for oversight of 2.7 million miles of U.S. pipeline infrastructure falls to the
Transportation Security Administration, but an oversight report from December
2018 found that TSA needs to get a better handle on this role. According to
Government Accountability Office, the agency hasn't maintained needed staffing
levels in its pipeline security operations or kept its risk assessment
methodology up to date. China has the ability to launch disruptive cyberattacks
on U.S. critical infrastructure including gas pipelines, according to a recent
public intelligence assessment. That possibility has lawmakers concerned. At a
Feb. 14 Senate hearing, Sen. Martin Heinrich (D-N.M.) asked Neil Chatterjee,
chairman of the Federal Energy Regulatory Committee, if TSA was the right
agency to oversee gas pipeline security. Chatterjee co-authored an Axios column
in June 2018 calling for an agency with more stringent rulemaking authority,
possibly the Department of Energy, to take over to take over pipeline security.
Since then the energy regulator has changed his tune a bit.
FCW
February
14, 2019
The budget
agreement to keep government open includes $25 million for the Technology
Modernization Fund. Securing funding for the TMF has been a bumpy road. House
Democrats initially zeroed out the fund at the start of the new Congress,
matching the Senate funding bill from June 2018, before the $25 million figure
appeared as part of the General Service Administration appropriation in a later
bill. The number falls well short of the $100 million appropriated for the fund
in fiscal year 2018 and of the $150 million the House approved just last year. Sen.
Jerry Moran (R-Kan.), a sponsor of the Modernizing Government Technology Act
that authorized $250 million for the fund, said that "while this funding
falls short of the authorization level for this fiscal year, I am pleased that
our efforts with appropriators and relevant agencies to improve transparency
around agencies' modernization proposals have resulted in bipartisan support
for the Technology Modernization Fund."
CyberScoop
February
13, 2019
Democratic
lawmakers are calling on the Trump administration to release a public report on
efforts to secure the 2018 midterm elections so the country can learn what
worked and what didn’t. “It’s important for the public to have confidence in
our election systems,” Rep. Jim Langevin, D-R.I., told CyberScoop Wednesday.
“In order to have confidence, I think there has to be transparency.” The departments
of Homeland Security and Justice on Feb. 4 sent a classified report to
President Donald Trump assessing foreign attempts to interfere in the 2018
midterms. Officials found no evidence that foreign operatives had a “material
impact on the integrity or security” of election or campaign infrastructure
used in the midterms, according to a statement summarizing the report. That
terse statement is insufficient for lawmakers like Langevin. In the interest of
transparency and making improvements, they say, the administration should
publish an assessment of security in the 2018 midterms. A redacted version of
the classified report could add to Americans’ knowledge of the
election-security landscape without revealing sensitive information,
legislators argue.
Politico
February
13, 2019
The leaders
of the Senate Banking Committee on Wednesday kicked off a push to write
stricter data collection and security standards for financial institutions.
Sen. Mike Crapo (R-Idaho), the panel’s chairman, and Sen. Sherrod Brown (Ohio),
the ranking Democrat, on Wednesday asked for input on ways to give consumers
more control of personally identifiable information collected by financial
firms and regulators. Data security, privacy and collection issues are among
the top bipartisan priorities for the Banking Committee, which has broad
oversight over U.S. banks, lenders, insurers, traders and credit reporting
agencies. Crapo and Brown’s call for feedback is one of the first steps toward
proposing a bipartisan bill to address those concerns. “Given the exponential
growth and use of data, and corresponding data breaches, it is worth examining
how the Fair Credit Reporting Act should work in a digital economy, and whether
certain data brokers and other firms serve a function similar to the original
consumer reporting agencies,” Crapo said in a statement. Crapo said he’s
focused on “what data is contained in modern consumer reports, how the
information is gathered, who compiles it, how it is protected, how consumers
can access it and correct it, and how privacy is respected.”
FCW
February
13, 2019
The
nation's top cybersecurity official told Congress that the ability to audit
voting machines after elections is critical for ballot security. "The area
that I think we need to invest the most in the nation is ensuring auditability
across infrastructure," Christopher Krebs, head of the Cybersecurity and
Infrastructure Security Agency said at a Feb. 13 hearing of the House Homeland
Security Committee. "If you don't know what's happening and you can't
check back at what's happening in the system -- you don't have security."
While 34 states and the District of Columbia have some laws mandating
post-election audits, according to the National Conference of State
Legislatures, Congress has been unable to agree on how hard or soft to make
such language in legislation. Krebs and Election Assistance Commission (EAC)
Chair Thomas Hicks endorsed the need for greater auditability, though both
deferred to states on the question of whether it should be done digitally or by
hand.
Politico
February
11, 2019
Wisconsin
Republican Sen. Ron Johnson leads the committee with broad oversight over the
nation’s most important cybersecurity issues, including protecting consumers
and U.S. elections from hackers. But he’s also a major reason little
legislation on these topics ever passes, according to lobbyists, cybersecurity
policy experts, lawmakers and congressional aides from both parties who spoke
with POLITICO. Johnson or members of his staff have derailed many of the most
significant cybersecurity-related bills in the past four years, including
legislation to secure elections, study whether the growing use of encrypted
apps hampers law enforcement, and hold companies accountable for the
proliferation of insecure connected devices, people who track the legislation
told POLITICO. His panel “is the place where legislation goes to die on
cybersecurity,” said Mieke Eoyang, a former Hill aide and vice president for
the national security program at Third Way, a centrist think tank in Washington
that works on national technology policy issues.
The Hill
February
11, 2019
Sens. Amy
Klobuchar (D-Minn.) and John Thune (R-S.D.) on Monday introduced a bipartisan
bill to create an exchange program between the federal government and private
firms aimed at bringing more cybersecurity expertise to the federal workforce.
The legislation, known as the “Cyber Security Exchange Act,” provides a path
for cyber experts at private firms or academia to work for federal agencies for
up to two years. At the same time, federal workers would be given a chance to
work in the private sector to brush up on the latest in cybersecurity
practices. Klobuchar — who announced over the weekend that she is seeking the
Democratic nomination in the 2020 presidential race — said in a statement that
the government “needs additional cyber security experts to ensure we are not
vulnerable to attacks from adversaries and cybercriminals.” And Thune called
the bill “a great opportunity for federal government agencies to tap into the
vast cybersecurity resources that exist in the private sector and academia, as
well as bolster the capabilities of their counterparts.”
ADMINISTRATION
FCW
February
14, 2019
The head of
the Department of Homeland Security's cybersecurity wing is pushing back on a
media report that the agency has scaled back personnel and resources from its
combatting foreign election interference. Cybersecurity and Infrastructure
Security Agency Director Chris Krebs hosted a conference call with reporters
less than 24 hours after The Daily Beast published a story that quoted multiple
anonymous DHS officials who said two CISA task forces focused on coordinating
the department's response to foreign influence in U.S. elections were
significantly downsized shortly after the mid-terms. Krebs didn't deny that
personnel levels for the task forces were reduced. He characterized the task
forces as temporary vehicles to address an emerging threat while CISA worked to
hire staff and build more permanent institutional capacity to tackle the issue.
The
Daily Beast
February
13, 2019
Two teams
of federal officials assembled to fight foreign election interference are being
dramatically downsized, according to three current and former Department of
Homeland Security officials. And now, those sources say they fear the
department won’t prepare adequately for election threats in 2020. “The clear
assessment from the intelligence community is that 2020 is going to be the
perfect storm,” said a DHS official familiar with the teams. “We know Russia is
going to be engaged. Other state actors have seen the success of Russia and
realize the value of disinformation operations. So it’s very curious why the
task forces were demoted in the bureaucracy and the leadership has not
committed resources to prepare for the 2020 election.” The task forces, part of
the Cyber Security and Infrastructure Agency (CISA), were assembled in response
to Russian meddling in the 2016 presidential election. One focuses in part on
securing election infrastructure and the other focuses on foreign influence
efforts, including social media disinformation campaigns.
Ars
Technica
Marcus
Hutchins, the widely acclaimed security researcher charged with creating
malware that sold for thousands of dollars on the Internet, has lost his bid to
suppress self-incriminating statements he made following days of heavy partying
at the 2017 Defcon hacker convention in Las Vegas. Hutchins—who, under the
moniker MalwareTech, unwittingly helped neutralize the virulent WannaCry
ransomware worm—was charged with developing the Kronos banking trojan and an
advanced spyware program known as the UPAS Kit. The then-23-year-old UK citizen
was arrested in August 2017 at McCarran International Airport as he was about
to fly home. He had spent the previous week attending the Black Hat and Defcon
conferences. Hutchins has pleaded not guilty to the charges. According to court
documents, federal agents questioned Hutchins in an airport interview room
shortly after he was arrested. When asked about his involvement in developing
malware, the court records show, Hutchins grew visibly confused about the
purpose of the interrogation. Eventually, prosecutors said, Hutchins
acknowledged that, when he was younger, he wrote code that ended up in malware,
but he denied that he had developed the malware itself.
CyberScoop
February
13, 2019
Months
after the government accused a former CIA computer engineer of leaking
government secrets from behind bars, prosecutors said hard drives containing
discovery materials in the case somehow have been “misplaced.” The announcement
is the latest complication in a case that only has become more convoluted since
it entered the public consciousness. The government said it intends to provide
the defendant, Joshua Schulte, with a reproduction of the unclassified
material. Prosecutors have accused Schulte, a former software engineer, of
providing WikiLeaks with an archive of stolen documents — known as the Vault 7
files — detailing the agency’s surveillance and hacking capabilities. In a Feb.
12 court filing, U.S. Attorney Geoffrey Berman told Judge Paul Crotty “the
government has consulted with the [New York City’s Metropolitan Correctional
Center, where Schulte is being held] and understand that the hard drives
containing the defendant’s discovery were misplaced.”
The
Washington Post
February
12, 2019
The Trump
administration is poised to issue an executive order this week to secure
American telecommunications networks, a move that’s likely to result in the
barring of Chinese tech firms such as Huawei, according to three U.S.
officials. The order, which President Trump is expected to sign by Friday,
would give the commerce secretary broad powers to stop American companies from
doing business with foreign suppliers. In development for more than a year, it
will lay out the administration’s concern that foreign-owned or -controlled
suppliers of equipment and services could compromise the security of the United
States’ phone and Internet infrastructure. The pending announcement comes as
U.S. officials continue to press their case with allies and other foreign
countries that companies such as Huawei, which has close ties to the Chinese
government, pose considerable risk to burgeoning high-speed telecom networks
known as 5G. Officials cautioned that last-minute snags could delay the new
order, which has been expected since last summer. But they stressed that any
holdups are not related to ongoing, high-level trade talks between Washington
and Beijing aimed at ending the two countries’ months-long trade war.
Politico
February
12, 2019
Lawsuits,
complaints about lax security and accusations of voter suppression marred
Georgia’s election for governor in November. But the state’s race for
lieutenant governor had its own trouble, Democrats and election security
advocates say. The contest between Republican Geoff Duncan and Democrat Sarah
Riggs Amico drew far less national attention than the marquee governor’s race
in which GOP candidate Brian Kemp narrowly defeated Stacey Abrams. But
plaintiffs in a lawsuit against the state say abnormalities in the lieutenant
governor’s election raise questions about Duncan’s victory — and potentially
about the outcome of other races on the ballot if the state’s electronic voting
machines were to blame. In addition to the lawsuit, Amico asked the state to
investigate irregularities in the election. The problem: Georgians cast nearly
4 million ballots on Election Day, but about 160,000 of them showed no vote
cast in the lieutenant governor race, about 4.3 percent of ballots. To election
experts, this so-called “undervote” rate — when a race is left blank — is
evidence either that Georgia voters were unusually apathetic about their
lieutenant governor, or that something went wrong.
CyberScoop
February
12, 2019
Two men
were charged with conducting cyberattacks on various organizations and
threatening physical violence on Southern California school districts and the
Los Angeles International Airport, among other targets, according to an
indictment that was unsealed by U.S. prosecutors on Tuesday. The men, an
American and a Briton, sent false reports of violent attacks on schools via
email and carried out distributed denial-of-service (DDoS) attacks on websites,
according to the indictment announced by the U.S. Attorney’s Office of the
Central District of California. The defendants –a 19-year-old British national
named George Duke-Cohan and a 20-year-old North Carolina man named Timothy
Dalton Vaughn – are accused of being part of a hacking collective known as
Apophis Squad. Duke-Cohan is already serving a prison sentence in Britain for
threatening violence on an airliner, U.S. officials said. Vaughn’s online
moniker, “WantedbyFeds,” turned prophetic Tuesday morning when he was arrested
by U.S. authorities. Their alleged criminal activity took place in the first
eight months of 2018.
INDUSTRY
Fifth
Domain
February
14, 2019
The defense
and aerospace industry wants the Department of Defense to adopt the same set of
cybersecurity standards their companies use to trim vulnerabilities throughout
their supply chain, rather than piling on additional requirements. The message
to the DoD is one of a handful from the Aerospace Industries Association to
encourage what CEO Eric Fanning called “smart regulation” during a media
briefing about AIA’s 2019 agenda. “We’re not always seeking less regulation — I
know you don’t hear that from industry every day, but [aerospace and defense]
has benefited from smart government regulations, often developed with
industry,” he told reporters Feb. 14. In terms of cybersecurity, “we’re trying
to get away from the traditional way of assurance, which is just labor
intensive and doesn’t keep up with changing regulations, technology and
threats.” Specifically, large companies are working with smaller suppliers to
streamline their processes for greater assurance. AIA, in turn, released in
December a list of 110 security controls, broken down into what it describes as
22 control families. Organizations can use the rubric to assess their
vulnerability to cyberattacks. Beyond enhancing security among its members, AIA
says the standards could, in theory, be used as a baseline for the DoD.
The Hill
February
14, 2019
Cybersecurity
risks to utilities' systems increased in 2018, with more intrusions into those
networks and malware that infected those systems, according to a new report
from a threat assessment firm released Thursday. Dragos, which specializes in
industrial cybersecurity, found that the threat for systems such as electric
grids have grown over the last year, even without a substantial attack taking
place. The firm pointed to one threat actor group known as “Xenotime” as being
particularly threatening to the industry systems. And the company warned that
compromises of different vendors have likely happened. The report also
highlighted “Living off the Land” tactics — in which an adversary is able to
access a system and move through it undetected — as a threat that will continue
in the coming years. “As anti-virus products, detection software, and other
threat detection methods become more robust and capable of detecting various
malicious activity, adversaries must modify their methods to evade capture by
blending in with the environment and not leaving behind identifiable
artifacts,” the report states. In another report released Thursday, Dragos
warned that advisories issued about vulnerabilities to industrial systems
sometimes don’t get across the full risk of threats, or properly express how to
stop them.
CyberScoop
February
14, 2019
The
founders of NSO Group, a controversial Israeli spyware vendor, said Thursday
that they had re-acquired the company from private equity firm Francisco
Partners. NSO Group co-founders Shalev Hulio and Omri Lavie led the acquisition
and promised more growth for the company, which reported dozens of customers
and $250 million in revenue in 2018. NSO Group did not reveal the terms of the
deal, which was supported by Novalpina Capital, a London-based firm. Sources
had told CyberScoop in June of 2017 that Francisco Partners was asking for more
than $1 billion for NSO Group. Francisco paid $120 million for a majority stake
in the company in 2014. NSO Group says it lawfully sells its surveillance
technology to governments to combat terrorism and organized crime. However, the
company’s signature Pegasus spyware has been used to target journalists,
anticorruption watchdogs and political dissidents, according to research from
Amnesty International and the University of Toronto’s Citizen Lab.
Reuters
February
13, 2019
Software
pirates have hijacked technology designed by Apple Inc to distribute hacked
versions of Spotify, Angry Birds, Pokemon Go, Minecraft and other popular apps
on iPhones, Reuters has found. Illicit software distributors such as TutuApp,
Panda Helper, AppValley and TweakBox have found ways to use digital
certificates to get access to a program Apple introduced to let corporations
distribute business apps to their employees without going through Apple’s
tightly controlled App Store. Using so-called enterprise developer
certificates, these pirate operations are providing modified versions of
popular apps to consumers, enabling them to stream music without ads and to
circumvent fees and rules in games, depriving Apple and legitimate app makers
of revenue. By doing so, the pirate app distributors are violating the rules of
Apple’s developer programs, which only allow apps to be distributed to the
general public through the App Store. Downloading modified versions violates
the terms of service of almost all major apps.
CNBC
February
13, 2019
On Sept. 7,
2017, the world heard an alarming announcement from credit ratings giant
Equifax: In a brazen cyberattack, somebody had stolen sensitive personal
information from more than 140 million people, nearly half the population of
the U.S. It was the consumer data security scandal of the decade. The information
included Social Security numbers, driver's license numbers, information from
credit disputes and other personal details. CEO Richard Smith stepped down
under fire. Lawmakers changed credit freeze laws and instilled new regulatory
oversight of credit ratings agencies. Then, something unusual happened. The
data disappeared. Completely.
Ars
Technica
February
13, 2019
Microsoft’s
Patch Tuesday this month had higher-than-usual stakes with fixes for a zero-day
Internet Explorer vulnerability under active exploit and an Exchange Server
flaw that was disclosed last month with proof-of-concept code. The IE
vulnerability, Microsoft said, allows attackers to test whether one or more
files are stored on disks of vulnerable PCs. Attackers first must lure targets
to a malicious site. Microsoft, without elaborating, said it has detected
active exploits against the vulnerability, which is indexed as CVE-2019-0676
and affects IE version 10 or 11 running on all supported versions of Windows.
The flaw was discovered by members of Google’s Project Zero vulnerability
research team. Microsoft also patched Exchange against a vulnerability that
allowed remote attackers with little more than an unprivileged mailbox account
to gain administrative control over the server.
Wired
February
12, 2019
The fleets
of electric scooters that have inundated cities are alarming enough as is. Now
add cybersercurity concerns to the list: Researchers from the mobile security
firm Zimperium are warning that Xiaomi’s popular M365 scooter model has a
worrying bug. The flaw could allow an attacker to remotely take over any of the
scooters to control crucial things like, ahem, acceleration and braking. Rani
Idan, Zimperium’s director of software research, says he found and was able to
exploit the flaw within hours of assessing the M365’s security. His analysis
found that the scooters contain three software components: battery management,
firmware that coordinates between hardware and software, and a Bluetooth module
that lets users communicate with their scooter via a smartphone app. The latter
leaves the devices woefully exposed. Idan quickly found that he could connect
to the scooter via Bluetooth without being asked to enter a password or
otherwise authenticate. From there, he could go a step further and install
firmware on the scooter without the system checking that this new software was
an official, trusted Xiaomi update. This means that an attacker could easily
put malware on a scooter, giving herself full command over it.
Ars Technica
February
12, 2019
Email
provider VFEmail said it has suffered a catastrophic destruction of all of its
servers by an unknown assailant who wiped out almost two decades' worth of data
and backups in a matter of hours. “Yes, @VFEmail is effectively gone,” VFEmail
founder Rick Romero wrote on Twitter Tuesday morning after watching someone
methodically reformat hard drives of the service he started in 2001. “It will
likely not return. I never thought anyone would care about my labor of love so
much that they'd want to completely and thoroughly destroy it.” The ordeal
started on Monday when he noticed all the servers for his service were down. A
few hours later, VFEmail’s Twitter account reported the attacker “just
formatted everything.” The damage, Romero reported, extended to VFEmail’s
“entire infrastructure,” including mail hosts, virtual machine hosts, and a SQL
server cluster.
CyberScoop
February
12, 2019
Symantec
has acquired an Israeli company that specializes in protecting corporate
networks based in the cloud — an area of competency that will only become more
important as businesses continue to move their data and software to third-party
cloud providers. The Silicon Valley cybersecurity giant said it is acquiring
Luminate Security because of its strength in zero-trust security and “software
defined perimeter” technology. Luminate’s zero-trust technology “securely
connects any user from any device, anywhere in the world to corporate
applications, on-premises and in the cloud, while all other corporate resources
are cloaked without granting access to the entire network,” according to a
release. Tel Aviv-based Luminate’s software defined perimeter technology helps
customers protect the fringes of their networks by providing “full visibility
of users’ actions as they access corporate resources, as well as real-time
governance of these resources.” The idea is that the perimeter is no longer
just the computer on the average worker’s desk.
Ars
Technica
February
12, 2019
Researchers
have found a way to run malicious code on systems with Intel processors in such
a way that the malware can't be analyzed or identified by antivirus software,
using the processor's own features to protect the bad code. As well as making
malware in general harder to examine, bad actors could use this protection to,
for example, write ransomware applications that never disclose their encryption
keys in readable memory, making it substantially harder to recover from attacks.
The research, performed at Graz University of Technology by Michael Schwarz,
Samuel Weiser, and Daniel Gruss (one of the researchers behind last year's
Spectre attack), uses a feature that Intel introduced with its Skylake
processors called SGX ("Software Guard eXtensions").
CyberScoop
February
12, 2019
A new
vulnerability in a popular WordPress plugin could allow outsiders who exploit
the flaw to take control of a website, according to new research. Luka Šikić,
who works as a security developer at WebARX, published a report Monday
revealing the bug in the Simple Social Buttons plugin, which more than 40,000
websites use to distribute their content on Facebook, Twitter and others. The
problem would allow hackers to modify a WordPress site’s settings in a way
plugin developers did not intend. WPBrigade, the firm that developed Simple
Social Buttons, patched the flaw in the 2.0.22 software update, which was
released Friday. Šikić said he informed WPBrigade about the vulnerability on
Feb. 7, and that the company fixed the issue within a day. “If your website
uses the WordPress plugin ‘Simple Social Buttons,’ you should update it to the
latest version as soon as possible,” WebARX said in a blog post detailing the
findings.
Ars
Technica
February
11, 2019
Malware
pushers are experimenting with a novel way to infect Mac users that runs
executable files that normally execute only on Windows computers. Researchers
from antivirus provider Trend Micro made that discovery after analyzing an app
available on a Torrent site that promised to install Little Snitch, a firewall
application for macOS. Stashed inside the DMG file was an EXE file that
delivered a hidden payload. The researchers suspect the routine is designed to
bypass Gatekeeper, a security feature built into macOS that requires apps to be
code-signed before they can be installed. EXE files don’t undergo this
verification, because Gatekeeper only inspects native macOS files.
CNBC
February 9,
2019
There are a
lot of scary cybersecurity headlines, and many shiny new solutions from vendors
that promise to address those threats. Ignore them and look at history instead.
That's the advice of Google's Heather Adkins, who has served for 16 years as
the head of information security and privacy at the tech giant. Adkins has
witnessed many landmark cyber events from the front lines. She says the
attacks, methods, motivations, tools and even criminals themselves are the same
as they've been since the 1980s. History is a better teacher for businesses
than a frightening pitch deck from a vendor, she says.
INTERNATIONAL
Motherboard
February 15,
2019
Hackers
allegedly working for the embattled Venezuelan government tried to trick
activists into giving away their passwords to popular services such as Gmail,
Facebook, Twitter, and others, according to security researchers. Last week,
the Venezuelan opposition leader Juan Guaido called for citizens to volunteer
with the goal of helping international humanitarian organizations deliver aid
into the country. President Nicolas Maduro is refusing to accept aid and has
erected blocks across a border bridge with Colombia with the military’s help.
The
National Post
February 14,
2019
Canada’s
foreign signals intelligence agency says government networks have weathered a
lot of cyber security “incidents” but no successful attacks in the last two
years. Documents tabled in the House of Commons last month reported thousands
of incidents across all government departments, with 2,051 coming in 2017 and
1,713 through the first ten months of 2018. In 2017, the national resources,
energy and environment departments were hit hardest, while the incidents on
“government administration” networks spiked in 2018. In an emailed response to
questions from the National Post, the Communications Security Establishment
said none of the events reported in the documents “would be considered to be an
‘attack.’” The numbers refer to any incident that requires “further
intervention to prevent a compromise,” CSE said. “Many of these kinds of
incidents are ultimately mitigated by other security actions deeper in the
networks before they can have any significant impact,” said CSE spokesman Ryan
Foreman.
AP
February 14,
2019
Russian
hackers are redoubling their efforts in the run-up to presidential elections in
Ukraine, according to the head of Ukraine’s cyber-police. Serhii Demediuk said
in an interview with The Associated Press that Russian-controlled digital
saboteurs are stepping up attacks on the Central Elections Commission and its
employees, trying to penetrate electronic systems in order to manipulate
information about the March 31 election. “On the eve of the election and during
the counting of votes there will be cyberattacks on certain objects of critical
infrastructure. This applies to the work of the polling stations themselves,
districts, and the CEC,” he said. “From what we are seeing, it will be
manipulation aimed at distorting information about the results of elections,
and calling the elections null or void,” Demediuk said.
Reuters
February
13, 2019
Bank of
Valletta which accounts for almost half of Malta's banking transactions, had to
shut down all of its operations on Wednesday after hackers broke into its
systems and shifted funds overseas. Prime Minister Joseph Muscat told
parliament the cyber attack involved the creation of false international
payments totaling 13 million euros ($14.7 million) to banks in Britain, the
United States, the Czech Republic and Hong Kong. The funds have been traced and
the Bank of Valletta is seeking to have the fraudulent transactions reversed.
Muscat said the attack was detected soon after the start of business on
Wednesday when discrepancies were noticed during the reconciliation of
international transactions. Shortly after, the bank was informed by state
security services that it had received information from abroad that the company
had been the target of a cyber attack.
Wired
February
12, 2019
In 2019, an indictment of Iranian hackers targeting American government
officials barely raises an eyebrow. But in one remarkable case, those hackers
had an unusual advantage: the alleged help of an American defector with top
secret clearance. On Wednesday, the Department of Justice announced charges
against Monica Elfriede Witt, a former Air Force counterintelligence officer
who, the indictment claims, was recruited by the Iranian government to spill
highly classified information, some of which was then used by Iranian
hackers—four of whom are also charged—to target Witt's former US government
colleagues. The charges represent a rare defection of an American military
officer to become an active participant in another country's espionage
operations. Witt allegedly helped exposed the identity of an active US agent,
as well as the codename and classified details of a secret US
counterintelligence operation, all in service of Iran.
The New York Times
February
12, 2019
For more
than 1,000 years, the sprawling castle complex perched high above Prague has
been the seat of power for Holy Roman emperors, the kings of Bohemia and, now,
the Czech president, Milos Zeman. And for the last four years, the Chinese
technology giant Huawei has had a contract to fulfill the communication needs
of the president and his staff. The presidential contract is the most visible
symbol of how deeply Huawei has established itself in the Czech Republic, long
viewed by China as a springboard country for its interests across the European
Union. So when the Czech government’s cybersecurity agency issued a directive
in December warning that Huawei represented a potential national security
threat, company officials were shocked — as was Mr. Zeman, known for his
closeness to China. Huawei has threatened legal and financial retaliation. Mr.
Zeman has accused his own intelligence services, including the cybersecurity
agency, known as Nukib, of “dirty tricks.” The unexpected confrontation in the
Czech Republic comes as Huawei, already entangled in the trade war between
China and the United States, is running into deepening problems in European
Union countries, where it has worked for years to build inroads. Only weeks
after Nukib issued its directive against Huawei, Polish authorities in January
arrested a Huawei employee in Warsaw on charges of spying.
CyberScoop
February
12, 2019
Keeping the
world’s dizzying array of hacking groups straight has become a challenge for
researchers and journalists. One person’s Helix Kitten is another’s OilRig,
sowing confusion — in this writer as well as others — about where one group
ends and the next one begins. But getting hacking taxonomy right matters
because knowing which group is responsible for malicious activity can help
network defenders secure their data. That’s why researchers from multiple
companies are pointing out what they say is a case of mistaken attribution of a
global hacking operation. A report published last week by cybersecurity
companies Recorded Future and Rapid7 blamed a well-known Chinese threat group,
APT10, for breaching a Norwegian software vendor, a U.S. law firm, and an international
apparel company. APT10, which U.S. officials and private analysts have linked
to China’s civilian intelligence agency, gained greater notoriety in December
when the Department of Justice announced charges against two of the group’s
alleged members. But analysts at other companies that follow APT10 say the
activity described in the report is the work of another China-linked hacking
group, called APT31 or Zirconium.
Bloomberg
February
11, 2019
European
Union member states are considering a possible joint response to cyber attacks
allegedly conducted by a Chinese state-linked hacker group after the U.K.
presented evidence last month about network infiltration, according to people
familiar with the matter. U.K. experts briefed EU colleagues at a technical
meeting on Jan. 28, providing evidence of both software and hardware attacks by
the group known as Advanced Persistent Threat 10, or APT 10, said some of the
people, who asked not to be identified as the talks were private. They wouldn’t
give details about the alleged hardware attack, saying the information was
classified. Officials who were at the meeting discussed potential responses,
such as sanctions or a joint warning, according to two of the people. The issue
will probably be discussed at a scheduled EU-China Summit in April, one of the
officials said.
Your phone and TV are tracking you and political campaigns are listening in
La Times: “…Welcome to the new frontier of campaign tech — a loosely regulated world in which simply downloading a weather app or game, connecting to Wi-Fi at a coffee shop or powering up a home router can allow a data broker to monitor your movements with ease, then compile the location information and sell it to a political candidate who can use it to surround you with messages. “We can put a pin on a building, and if you are in that building, we are going to get you,” said Democratic strategist Dane Strother, who advised Evers. And they can get you even if you aren’t in the building anymore, but were simply there at some point in the last six months.
TECHNOLOGY
CyberScoop
February
12, 2019
The
investigation of the network of hackers generally associated with the seminal
2015 cyberattack on the Ukrainian power grid continues. A researcher has
reverse-engineered malware used by a subgroup of those attackers and found
“massive amounts of junk code” meant to throw analysts off the trace. “The
threat actors’ broad use of anti-forensic techniques underlines their attempt
to be stealthy and ensure that the infection would go unnoticed,” Alessandro Di
Pinto, a researcher at industrial cybersecurity company Nozomi Networks, wrote
in a paper published Tuesday. The malware Di Pinto analyzed is the handiwork of
GreyEnergy, a likely derivative of the hacking group known as BlackEnergy,
which Western governments have attributed to Russian military intelligence.
(Both the groups and the malware they deployed have been referred to as
BlackEnergy and GreyEnergy.)
Federal News Network
February
12, 2019
Improving
cybersecurity across federal agencies requires staying on top of new and
evolving threats. Now, the MITRE Corporation has a new resource, called
ATT&CK, to further that mission. Richard Struse, chief strategist of Cyber
Threat Intelligence at MITRE Corporation, called ATT&CK an “encyclopedia of
information” on cyber adversaries and their techniques for getting into
systems. “And it’s something that continues to grow and evolve as adversaries
grow and evolve and then originated out of a MITRE internal research project,”
Struse said. “We used it to solve some of our own problems. And we saw that it
really had great utility. And since then, since we publicly released it, a lot
of other folks have decided that it’s really valuable to have that kind of
insight into what adversaries are doing.” The resource’s website explains that
ATT&CK takes publicly available information about adversary tradecraft and
organizes it in two ways. One is to identify what those adversaries are trying
to achieve technically.
via Nick
Leiserson