Talleyrand also traced MEdia Dragon and Internal audit to the field of medicine terminology as we know what doctors need to reach internally when you start celebrating recycling teenagers years ...
The cold river “flows up the map,” they used to say, first south, then west, and then north, and through some of the most verdant and beautiful country in America. It is called the Tennessee, but it drains some forty thousand square miles of land in seven states, from the Blue Ridge Mountains to Alabama, and from Mississippi to the Ohio River, an area nearly the size of England.
Before the 1930s, it ran wild, threatening each spring to flood and wash away the humble farms and homes along its banks. Most of it was not navigable for any distance, thanks to “an obstructive fist thrust up by God or Devil”—as the writer George Fort Milton characterized it—that created a long, untamed run of rapids known as Muscle Shoals. The fist dropped the river 140 feet over the course of 30 miles, and therein lay the untapped potential of the Tennessee, the chance to make power—a lot of it—out of water.
Where Our New World Begins Harpers.
CNN
May 3, 2019
Two members
of Congress who represent Florida are demanding a classified briefing from the
Justice Department for the state's congressional delegation regarding the claim
that Russia successfully hacked into at least one Florida county network before
the 2016 election. “We are determined to learn as much as we can about what
transpired so that, as lawmakers, we can take appropriate steps to prevent such
intrusions from reoccurring in the future," US Reps. Stephanie Murphy, a
Democrat, and Michael Waltz, a Republican, wrote in a letter dated Thursday to
Attorney General William Barr and FBI Director Christopher Wray. Murphy and
Waltz said the special counsel Robert Mueller's report "raises a host of
critically-important questions that require answers."
CNN
May 2, 2019
The
Government Accountability Office has urged the Census Bureau to step up its
efforts to implement hundreds of action items on its cybersecurity to-do list,
as well as recommendations made by the Department of Homeland Security. GAO, in
a report released Tuesday, said the bureau still needs to address more than 500
cybersecurity vulnerabilities discovered during its security reviews, about
half of which the bureau considers “high-risk” or “very high-risk.” The
watchdog office also recommends that Census develop a formal process for
tracking and implementing the 17 cybersecurity recommendations the Department
of Homeland Security has made to the Bureau over the past two years. Nick
Marinos, GAO’s director of information technology and cybersecurity, told
members of the House Appropriations Subcommittee on Commerce, Justice, Science
and Related Agencies that shoring up these vulnerabilities would reduce the
Bureau’s overall risk of a data breach.
Politico
May 1, 2019
Senate Democrats and Republicans can agree on
perhaps just one thing about special counsel Robert Mueller’s investigation —
that Russia interfered in the 2016 presidential election. But bipartisan
legislation to address foreign intrusions is all but dead amid a distinct lack
of enthusiasm from Senate GOP leadership and the Trump White House. At a heated
hearing with Attorney General William Barr on Wednesday, Sen. Amy Klobuchar
(D-Minn.) blasted the White House for blocking the election security bill she
co-sponsored with Sen. James Lankford (R-Okla.) in the previous Congress. And in
an interview, Klobuchar put the blame for the impasse squarely on President
Donald Trump’s former White House counsel Don McGahn as well as Senate Majority
Leader Mitch McConnell. “It was Don McGahn,” Klobuchar said Wednesday. “He
called Republicans about the bill, didn’t want them to do it. And McConnell
also didn’t want the bill to move forward. So it was a double-edged thing.”
Nextgov
May 1, 2019
A Senate
bill passed unanimously Tuesday would create a civilian personnel rotation
program for federal cybersecurity professionals. The bipartisan Federal Rotational
Cyber Workforce Program Act of 2019, authored by Sens. Gary Peters, D-Mich.,
and John Hoeven, R-N.D., would establish a rotational system to allow select IT
and cybersecurity professionals to apply for duty assignments of between 180
days and one year. Under the program, existing federal tech talent would have
avenues to bolster their training and experience, while smaller agencies would
gain access to cyber employees who can improve their security posture. “I’m
pleased the Senate passed this bipartisan bill to help the federal government
recruit and retain highly skilled cybersecurity professionals, address staffing
challenges in agencies across government, and strengthen our ability to combat
cybersecurity threats and secure our systems,” Peter said in a statement.
FCW
May 1, 2019
The
Transportation Security Administration has submitted a plan to keep pipeline
cybersecurity guidelines up to date, the Government Accountability Office's
acting director told a May 1 House Energy and Commerce Energy Subcommittee
hearing on pipeline security. TSA has federal oversight responsibility for the
physical security and cybersecurity of oil, natural gas and hazardous materials
pipelines in the U.S. That pipeline infrastructure is mostly privately held. In
his testimony at the hearing, GAO Acting Director William Russell referenced
his agency's December 2018 report on TSA's pipeline oversight. In that report,
the GAO had recommended TSA formally document its review and revision processes
for its Pipeline Security Guidelines for private pipeline infrastructure
providers. The GAO also found weakness in TSA's cybersecurity workforce, as
well as a shortage of workers. The watchdog agency said staffing levels for the
agency's pipeline branch have fluctuated "significantly" from a
single worker in 2014, to six between 2015 and 2018. Those workers, it said,
lacked cybersecurity expertise.
ADMINISTRATION
AP
May 2, 2019
While
candidates were focused on campaigning in 2016, Russians were carrying out a
devastating cyber operation that changed the landscape of American politics,
with aftershocks continuing well into Donald Trump's presidency. And it all
started with the click of a tempting email and a typed-in password. Whether
presidential campaigns have learned from the cyberattacks is a critical
question ahead as the 2020 election approaches. Preventing the attacks won't be
easy or cheap. "If you are the Pentagon or the NSA, you have the most
skilled adversaries in the world trying to get in but you also have some of the
most skilled people working defense," said Robby Mook, who ran Hillary
Clinton's campaign in 2016. "Campaigns are facing similar adversaries, and
they don't have similar resources and virtually no expertise."
Traditionally, cybersecurity has been a lower priority for candidates,
especially at the early stages of a campaign. They need to raise money, hire
staff, pay office rents, lobby for endorsements and travel repeatedly to early
voting states. Particularly during primary season, campaign managers face
difficult spending decisions: Air a TV ad targeting a key voting demographic or
invest in a more robust security system for computer networks?
CyberScoop
May 2, 2019
The White
House issued an executive order Thursday that is intended to bolster the
nation’s cybersecurity workforce. The order includes provisions geared toward
the federal government’s employees, as well as education and career development
initiatives for the U.S. workforce in general. The goal is to build a “superior
cybersecurity workforce,” one senior administration official told reporters on
a call about the order Thursday. The White House wants to create a President’s
Cup Cybersecurity Competition that “will identify, challenge, and reward the
government’s best personnel supporting cybersecurity and cyber excellence,” one
official said on the call. Other elements include allowing cybersecurity
employees to rotate among agencies and using new cybersecurity aptitude tests
as part of efforts to reskill federal workers.
Ars
Technica
AvengerCon
was the brainchild of Capt. Skyler Onken and Capt. Steve Rogacki. Until
recently, Onken was company commander for Alpha Company 781st Military
Intelligence Battalion, a component of the 780th MI Brigade—nicknamed "the
Avengers," thus the event's name. He has now moved on to the US Army Cyber
School at Fort Gordon, Georgia. Rogacki is an officer from a unit at Fort
Gordon, Georgia. The two came up with the idea for AvengerCon while attending
DEF CON a few years ago. While sitting at a Johnny Rockets at the Flamingo
Hotel in Las Vegas, Onken said, the two were reveling in the experience of DEF
CON. "It's such great experience just being a part of the [hacker]
community, the things you learn, things you get to try, it gets you
excited," he recalled. "And we were like, 'We wish that the soldiers
could get that.'"
AP
May 2, 2019
A British
cybersecurity researcher credited with stopping a worldwide computer virus in
2017 has pleaded guilty in Wisconsin federal court to developing malware to steal
banking information. Marcus Hutchins appeared in court Thursday after he agreed
last month to plead guilty to developing a malware called Kronos and conspiring
to distribute it from 2012 to 2015. Prosecutors dismissed eight more charges in
exchange for his plea. Sentencing for Hutchins is set for July 26. He faces up
10 years in prison but could receive a more lenient sentence for accepting
responsibility.
Nextgov
May 1, 2019
Under the
White House’s new shared services policy, the Homeland Security Department has
been chosen as the official lead agency for all cybersecurity acquisitions,
programs and standards across government. Security leaders at federal agencies
say they’re on board with this structure, so long as Homeland Security
officials don’t try to force everyone into the same box. Homeland Security was
named as the Quality Services Management Office for cybersecurity, a new
designation that puts the department at the center of all cybersecurity
decisions governmentwide. As agencies improve their existing capabilities or
stand up new ones, Homeland Security will have authority to set the standards
by which those agencies operate. “I actually appreciate the top-cover,” said
Eric Rippetoe, chief information security officer for the Federal Energy
Regulatory Commission. “A lot of these things that they’re telling us to do,
I’ve been trying to do anyway.”
The
Marine Corps Times
May 1, 2019
Plans to
bolster the Marine Corps’ cohort of cyber experts are moving forward, but this
new unit won’t be donning the Marine Corps uniform. The Corps will create a new
Cyber Auxiliary division, Commandant Gen. Robert Neller said Monday, and its
new force will not be beholden to strict Marine grooming standards. “We are
going to do a Marine Corps Cyber Auxiliary, for the record,” Neller said at the
Future Security Forum in Washington. “If anybody wants to join, you can sign
up. You can have purple hair, too, but no [Eagle, Globe and Anchor]." The
comment was easy to dismiss as a joke, but Marine officials said the Cyber
Auxiliary unit is a serious endeavor that is moving forward, although confirmed
details are scarce. “I will confirm, however, that the CMC was not joking about
the creation of a new cyber unit,” said Capt. Joseph Butterfield, Headquarters
Marine Corps spokesman.
CyberScoop
As hackers
continue to use native programming tools to blend into target networks, Mitre
Corp. is beginning to test vendors’ ability to detect those techniques. The
federally-funded, not-for-profit organization announced Wednesday it would
throw the stealthy tactics of an infamous hacking group, the
Russian-government-linked APT29, at several threat-detection products. But the
evaluation is about more than one set of adversaries. The “living off the land”
techniques, such as hiding in PowerShell scripts, that will be tested are
increasingly popular with a variety of hacking groups. “A lot of these
techniques are going to be implemented in similar ways from different
adversaries,” said Frank Duff, Mitre’s lead for evaluations that use the
organization’s ATT&CK framework. “PowerShell monitoring is that next thing
that everyone recognizes is absolutely necessary,” he added. Mitre’s last round
of testing focused on advanced persistent threats, mimicking the tactics of
APT3, a China-based group known for using internet-browser exploits. But the
techniques of APT29, best known for being one of two Russian outfits to breach
the Democratic National Committee before the 2016 U.S. election, will be a
stiffer test, according to Duff.
The
Washington Post
April 30,
2019
In recent
months, U.S. national security officials have been preparing for Russian
interference in the 2020 presidential race by tracking cyber threats, sharing
intelligence about foreign disinformation efforts with social media companies
and helping state election officials protect their systems against foreign
manipulation. But these actions are strikingly at odds with statements from
President Trump, who has rebuffed warnings from his senior aides about Russia
and sought to play down that country’s potential to influence American
politics. The president’s rhetoric and lack of focus on election security has
made it tougher for government officials to implement a more comprehensive
approach to preserving the integrity of the electoral process, current and
former officials said. Officials insist that they have made progress since 2016
in hardening defenses. And top security officials, including the director of
national intelligence, say the president has given them “full support” in their
efforts to counter malign activities. But some analysts worry that by not
sending a clear, public signal that he understands the threat foreign
interference poses, Trump is inviting more of it.
SC
Magazine
April 30,
2019
The
Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency
(CISA) today issued a list of the 55 areas of the nation’s critical
infrastructure that it believes must be protected from cyberattacks. The
National Critical Functions list was created by CISA’s National Risk Management
Center and contains functions used or supported by the government and the
private sector “that are of such vital importance to the United States that
their disruption, corruption or dysfunction would have a debilitating effect on
security, national economic security, national public health or safety, or any
combination thereof,” CISA said. The list was developed with the help of all 16
critical infrastructure sectors; all Sector-Specific Agencies; and the State,
Local, Tribal, and Territorial (SLTT) Government Coordinating Council. “Identifying
these National Critical Functions has been a collaborative process between
public and private sector partners and marks a significant step forward in the
way we think about and manage risk,” said CISA Director Christopher Krebs.
FCW
The
Department of Homeland Security released a new Binding Operational Directive
April 29 that cuts down on the time federal agencies have to patch critical IT
vulnerabilities in half, from 30 days to 15. The order compels all civilian federal
agencies to regularly review weekly cyber hygiene reports delivered by DHS that
identify both critical and high vulnerabilities and patch them within 15 and 30
calendar days of being detected, not when agencies are first informed about
them. According to the directive, CISA is exploring a way to send real-time
alerts to agencies when a vulnerability is discovered so they don't have to
wait for the weekly hygiene reports to start patching. If agencies fail to
patch within those timeframes, DHS will essentially write a remediation plan
for them and begin addressing the problem with top IT officials at the agency.
INDUSTRY
Computer
Weekly
May 3, 2019
Norwegian
aluminium giant Norsk Hydro is urging partners to be cautious in the wake of a
damaging ransomware attack in March as financial impact estimates come in above
initial estimates. Initial estimates put the financial impact of Norsk Hydro’s
ransomware attack in March at around $41m, but latest estimates put the cost at
between $45.6m and $51.3m. The company has issued a warning to partners that
malicious actors could contact them pretending to represent the aluminium
producer. “This may be an attempt to spread the virus further or deceive our
customers, suppliers or other partners,” the company said in a warning on its
website. “We therefore ask our partners to show extra caution when receiving
emails from Hydro during this period. For instance, please note that Hydro is
not under any circumstances asking our partners to change bank accounts. Anyone
who is in doubt about the credibility of an email from Hydro should call the sender
to verify,” the warning said. The Norwegian National Security Authority (NSM),
which was alerted to the attack, identified the ransomware involved as
LockerGoga, which was linked to an attack on French engineering consultancy
Altran Technologies in January.
CyberScoop
May 3, 2019
or years,
software, not hardware, has dominated the cybersecurity industry’s efforts to
develop a coordinated way of disclosing technology flaws. Software bugs are
reported in much greater numbers, and there are far fewer researchers who
specialize in hardware security. But hardware was thrust into the limelight in
January 2018, when Spectre and Meltdown, two vulnerabilities that affected
virtually all modern computer chips, were made public. The flaws could have
allowed hackers to infiltrate a computer’s memory and steal sensitive data, or
trick applications into spilling information without a user’s knowledge. While
there’s no evidence either has been exploited, the revelation that they exist,
and the complex patching process that followed, sparked industry-wide awareness
about serious security flaws that might come embedded in otherwise trusted
technology. Now, more than a year later, the vendors, researchers, and
manufacturers involved are still trying to cut down on the time it takes to get
hardware-related patches deployed.
CNBC
May 2, 2019
Electrical
grid operations in two huge U.S. population areas — Los Angeles County in
California, and Salt Lake County in Utah — were interrupted by a
distributed-denial-of-service attack in March, according to the Department of
Energy’s Electric Emergency and Disturbance Report for March. The attack did
not disrupt electrical delivery or cause any outages, the Department of Energy
confirmed, but caused “interruptions” in “electrical system operations.” In
this case, “operations” does not refer to electrical delivery to consumers, but
could cover any computer systems used within the utilities, including those
that run office functions or operational software. Although the attack did not
interrupt service, denial-of-service attacks are easily preventable, and most
large organizations no longer consider them major threats. The fact that it
succeeded calls into question whether the utilities are prepared for a far more
sophisticated attack, as the U.S. government has warned about.
Gov Info
Security
May 1, 2019
Citrix says
the data breach it first disclosed in early March appears to have persisted for
six months before being discovered. The company believes it has now expelled
any hackers from its network. The technology giant, which is based in Fort
Lauderdale, Florida, was alerted to the suspected intrusion on March 6 by the
FBI and then launched an investigation, which is ongoing. Citrix on Monday
submitted a data breach notification to the California attorney general's
office, as TechCrunch first reported. Such notifications are required by law in
all 50 states for many types of breaches that result in residents' personal
details being exposed.
Ars Technica
April 30,
2019
Attackers
have been actively exploiting a critical zero-day vulnerability in the widely
used Oracle WebLogic server to install ransomware, with no clicking or other
interaction necessary on the part of end users, researchers from Cisco Talos
said on Tuesday. The vulnerability and working exploit code first became public
two weeks ago on the Chinese National Vulnerability Database, according to
researchers from the security educational group SANS ISC, who warned that the
vulnerability was under active attack. The vulnerability is easy to exploit and
gives attackers the ability to execute code of their choice on cloud servers.
Because of their power, bandwidth, and use in high-security cloud environments,
these servers are considered high-value targets. The disclosure prompted Oracle
to release an emergency patch on Friday.
BBC
April 30,
2019
Vodafone
has denied a report saying issues found in equipment supplied to it by Huawei
in Italy in 2011 and 2012 could have allowed unauthorised access to its
fixed-line network there. A Bloomberg report said that Vodafone spotted
security flaws in software that could have given Huawei unauthorised access to
Italian homes and businesses. The US refuses to use Huawei equipment for
security reasons. However, reports suggest the UK may let the firm help build
its 5G network. This is despite the US wanting the UK and its other allies in
the "Five Eyes" intelligence grouping - Canada, Australia and New
Zealand - to exclude the company. In a statement, Vodafone said: "The
issues in Italy identified in the Bloomberg story were all resolved and date
back to 2011 and 2012. The 'backdoor' that Bloomberg refers to is Telnet, which
is a protocol that is commonly used by many vendors in the industry for
performing diagnostic functions. It would not have been accessible from the
internet.”
Vice
Motherboard
April 30,
2019
Hackers
have broken into an internet infrastructure firm that provides services to
dozens of the world’s largest and most valuable companies, including Oracle,
Volkswagen, Airbus, and many more as part of an extortion attempt, Motherboard
has learned. The attackers have also released data from all of those companies,
according to a website seemingly set up by the hackers to distribute the stolen
material. Citycomp, the impacted Germany-based firm, provides servers, storage,
and other computer equipment to large companies, according to the company’s
website. Michael Bartsch, executive director of Deutor Cyber Security
Solutions, a firm Citycomp said was authorized to speak about the case,
confirmed the breach to Motherboard in an email Tuesday. “Citycomp has been
hacked and blackmailed and the attack is ongoing,” Bartsch wrote. “We have to
be careful as the whole case is under police investigation and the attacker is
trying all tricks.”
The
Washington Post
April 30,
2019
The auto
industry is downplaying the immediate risk of car-hacking after a report about
a cyber-intruder’s use of GPS trackers that allowed him to monitor the location
of thousands of vehicles in commercial fleets and even turn off their engines.
“Hacking is not like you see it on TV,” said Gloria Bergquist, a spokeswoman
for the Alliance of Automobile Makers. But she said automakers take the threat
seriously and are focusing more on shielding vehicles’ computer systems from
possible intruders. “Vehicles are highly complex with multiple layers of
security, and remote access is exceedingly difficult by design,” Bergquist said
in an email. “New cars being launched now have an exponential increase in
cybersecurity. Automakers are collaborating in all areas possible, including
hardware, software and knowledge sharing with suppliers, government and the
research community.” Motherboard reported last week that the hacker —
identified only by the handle L&M — cracked more than 7,000 iTrack accounts
and more than 20,000 Protrack accounts that some companies use to manage their
commercial fleets through GPS signals.
Business
Insider
April 30,
2019
The CEOs of
some of the top financial institutions in America are increasingly worried
about the risk of a cybersecurity attack on the nation's financial system.
Speaking at the Milken Global Institute, David Hunt, CEO of Prudential Global
Investment Management, was the latest executive to highlight the risk.
"The next crisis is going to come from a different place," Hunt said.
"I think it's going to come from technology and cyber. If I were looking
for the thing that worries me the most, it would be an actual attack on the
infrastructure of the financial markets that really bursts into it and creates
a shutdown of the major pipes we use to do business." Several other Wall
Street institutions have also warned of the risks of a cyberattack. In his 2019
annual letter to shareholders, JPMorgan CEO Jamie Dimon said cybersecurity
"may very well be the biggest threat to the US financial system."
Gov Info
Security
April 29,
2019
Nearly 2
million internet of things devices, including security cameras, baby monitors
and "smart" doorbells, are vulnerable to being compromised due to a
flaw in their built-in peer-to-peer software, a security researcher warns. Paul
Marrapese, an independent security researcher from San Jose, California, has
published research warning that peer-to-peer software developed by Chinese firm
Shenzhen Yunni Technology that's used in millions of IoT devices around the
world has a vulnerability that could allow an attacker to eavesdrop on
conversations or press household items into service as nodes in a botnet. The
Shenzhen Yunni software, called iLnkP2P, is designed to enable a user to
connect to IoT devices from anywhere by using a smartphone app. The iLnkP2P
functionality is built into a range of products from companies that include
HiChip, TENVIS, SV3C, VStarcam, Wanscam, NEO Coolcam, Sricam, Eye Sight, and
HVCAM.
ZDNet
April 29,
2019
The extent
of the cyberattack was so bad that it just didn't seem possible that something
so destructive could have happened so quickly. "I remember that morning –
laptops were sporadically restarting and it didn't appear to be a cyberattack
at the time but very quickly the true impact became apparent," said Lewis
Woodcock, head of cybersecurity compliance at Moller-Maersk, the world's largest
container shipping firm. "The severity for me was really taken in when
walking through the offices and seeing banks and banks of screens, all black.
There was a moment of disbelief, initially, at the sheer ferocity and the speed
and scale of the attack and the impact it had." Speaking in a keynote
session at CYBER UK 19 – a cybersecurity conference hosted by the UK's National
Cyber Security Centre (NCSC) – Woodcock was reliving the events of 27 June 2017
when the shipping and logistics giant Maersk was an unintended victim of
NotPetya ransomware. The company was one of the most badly hit of those caught
in the crossfire of NotPetya, with almost 50,000 infected endpoints and
thousands of applications and servers across 600 sites in 130 countries. While
Maersk did lose revenue, it pulled through thanks to what Woodcock described as
"a whole company effort to recover" which was aided by input from
partners, vendors and customers.
Vice Motherboard
April 27,
2019
Docker, a
company that makes software tools for programmers and developers, said on
Friday that hackers had accessed one of its Docker Hub databases and could have
stolen sensitive data from around 190,000 accounts. Experts Motherboard spoke
to said that, in a worst-case scenario, the hackers would have been able to
access proprietary source code from some of those accounts. Specifically,
Docker allows developers to run software packages known as “containers.” It is
used by some of the largest tech companies in the world, though it is not yet
publicly known what information was accessed and which companies’ accounts were
affected. Docker disclosed the breach in an email to customers and users of
Docker Hub, its cloud-based service that’s used by several companies and
thousands of developers all over the world. In the email, obtained by
Motherboard, Docker said that the stolen data includes “usernames and hashed
passwords for a small percentage of these users, as well as Github and
Bitbucket tokens for Docker autobuilds.”
INTERNATIONAL
AP
May 3, 2019
Cybersecurity
officials from dozens of countries drew up a blueprint on Friday to counter
threats and ensure the safety of next generation mobile networks that their
nations are set to start deploying. Officials hammered out a set of non-binding
proposals published at the end of a two-day meeting organized by the Czech
government to discuss the security of new 5G networks. The meeting comes amid a
simmering global battle between the U.S. and China's Huawei, the world's
biggest maker of network infrastructure equipment. The U.S. has been lobbying
allies to ban Huawei from 5G networks over concerns China's government could
force the company to give it access to data for cyberespionage. Huawei has
denied the allegations. Officials called for a cooperative approach to
security, saying that they didn't want to target specific countries or
companies.
Wired
May 3, 2019
A software
supply chain attack represents one of the most insidious forms of hacking. By
breaking into a developer's network and hiding malicious code within apps and
software updates that users trust, supply chain hijackers can smuggle their
malware onto hundreds of thousands—or millions—of computers in a single
operation, without the slightest sign of foul play. Now what appears to be a
single group of hackers has managed that trick repeatedly, going on a
devastating supply chain hacking spree—and becoming more advanced and stealthy
as they go. Over the past three years, supply chain attacks that exploited the
software distribution channels of at least six different companies have now all
been tied to a single group of likely Chinese-speaking hackers. They're known as
Barium, or sometimes ShadowHammer, ShadowPad, or Wicked Panda, depending on
which security firm you ask. More than perhaps any other known hacker team,
Barium appears to use supply chain attacks as their core tool. Their attacks
all follow a similar pattern: Seed out infections to a massive collection of
victims, then sort through them to find espionage targets.
CyberScoop
May 3, 2019
China’s
cyber-theft and cyber-espionage operations are accelerating to the point that
they can “degrade core U.S. operational and technological advantages,”
according to a congressionally mandated assessment of the Chinese military the
Pentagon issued Friday. Last year, for example, Chinese intelligence officers
were indicted for allegedly conspiring to steal technological information on
turbofan engines. China’s efforts to steal sensitive U.S. military-grade
equipment more broadly targeted aviation and antisubmarine warfare technologies
last year. “The threat and the challenge is persistent. The Chinese remain very
aggressive in their use of cyber,” Assistant Secretary of Defense Randall G.
Schriver said Friday during a press briefing on the report. China’s efforts to
boost its technological prowess go beyond thefts and intrusions, the Pentagon
said. Beijing also leverages its intelligence services and Chinese nationals’
access to technologies to try building up its military capabilities while
checking adversaries’, the report notes.
The Sydney Morning Herald
May 3, 2019
Former
prime minister Malcolm Turnbull's handpicked cybersecurity tsar Alastair
MacGibbon is quitting his role and has declared cyber attacks "the
greatest existential threat we face". Mr. MacGibbon has been the face of
cybersecurity for federal authorities for the past three years, handling the
public response to the cyberattack on the national census in 2016 and the
hacking earlier this year of the Parliament and the major political parties.
The announcement of Mr. MacGibbon's resignation from the role of national cyber
security adviser comes just two weeks before the federal election, but he
stressed he was not stepping down because of any possible change of government.
While saying he didn't downplay the seriousness of threats such as terrorism or
long-term challenges such as climate change, Mr. MacGibbon said the sheer scale
and rising likelihood of major cyber attacks made them the most pressing threat
a country like Australia faces. "Should a successful, major cyber attack
occur, it can cripple a society," he said.
The New York Times
May 2, 2019
Trade negotiations between the United States and China are entering the
final stage, but a deal is expected to fall short of addressing several key
Trump administration goals, including combating Chinese cybertheft and state
subsidies at various levels of the Chinese government, officials from a leading
American business group said on Thursday. President Trump has repeatedly
insisted that a United States-China trade deal will address what he says is a
pattern of China illegally gaining access to American computer networks. He has
also said it will end economic practices like subsidies that the United States
says gives China an unfair competitive edge. But Chinese negotiators have
pushed back against discussing cybertheft in the context of the negotiations,
arguing for the issue to be dealt with in a different forum, Myron Brilliant,
the executive vice president and head of international affairs at the U.S.
Chamber of Commerce, said on Thursday in a call with reporters.
ZDNet
May 1, 2019
For the
past three years, a mysterious hacker has been selling Windows zero-days to at
least three cyber-espionage groups, as well as cyber-crime gangs, researchers
from Kaspersky Lab have told ZDNet. The hacker's activity reinforces recent
assessments that some government-backed cyber-espionage groups --also known as
APTs (advanced persistent threats)-- will regularly buy zero-day exploits from
third-party entities, besides developing their own in-house tools. APT groups
believed to be operating out of Russia and the Middle East have often been
spotted using zero-days developed by real-world companies that act as sellers
of surveillance software and exploit brokers for government agencies. However,
Kaspersky's recent revelations show that APT groups won't shy away from dipping
their toes in the underground hacking scene to acquire exploits initially
developed by lone hackers for cyber-crime groups, if ever necessary.
CyberScoop
May 1, 2019
Russia and
China have intensified their offensive cyber-espionage efforts in the
Netherlands, the Dutch domestic intelligence service (AIVD) announced this week
in its annual report of 2018. While Chinese cyber spies have sought to steal
intellectual property from Dutch targets, the AIVD noted, Russian hackers and
propagandists have worked for years to advance the Kremlin’s geopolitical
interests by harassing watchdog and government agencies in the Netherlands.
These efforts come amid broader foreign influence and offensive cyber campaigns
from Russia, China, and Iran that also target the U.S., which the Office of the
Director of National Intelligence said are increasing. Russia has focused on
everything from spreading disinformation on the downing of Malaysia Airlines
Flight 17 — just as Dutch-led investigators pinpointed the attack on Russia —
to attempting to hack into the chemical weapons watchdog, the Organization for
the Prohibition of Chemical Weapons in 2018, as Russia was under fire for a
chemical weapons attack in England.
Foreign Policy
May 1, 2019
The hacker
realized that he was being watched. The spy software he was attempting to run
against the Ukrainian government had infected the wrong machine, and now an
analyst working for an American security company was picking apart the
program—known as RatVermin—trying to understand how it worked. The hacker,
likely working on behalf of the Luhansk People’s Republic, a breakaway region
of Eastern Ukraine, first tried to run a ransomware program dubbed Hidden Tear
to scramble the contents of the computer it had mistakenly infected. The program
would have made the computer useless to the analyst and flashed a sardonic
message: “Files have been encrypted with hidden tear. Send me some bitcoins or
kebab. And I also hate night clubs, desserts, being drunk.” But the analyst
blocked the program from executing, and then, for a few hours on March 20,
2018, the two engaged in the digital equivalent of hand-to-hand combat. The
hacker tried to delete the software being used by the analyst to understand
RatVermin, a custom-made all-purpose spy tool. The analyst simply reset the
machine and booted RatVermin back up, this time with a question displayed on
the screen: Why had the hacker tried to run ransomware on the computer? The
hacker replied with a one-word question: “Mad ?”
Infosecurity Magazine
April 30,
2019
The UK
government has announced the appointment of a new cybersecurity ambassador to
promote the nation’s expertise in the sector to potential export markets. Henry
Pearson joins the Department for International Trade (DIT) from previous stints
as adviser for GCHQ’s National Cyber Security Centre (NCSC), the Ministry of
Defence, and BAE Applied Intelligence’s Detica. He’ll be tasked with working
closely with UK cybersecurity businesses looking to sign overseas deals with
governments and central banks. According to the DIT, his work will mainly be
focused on the Gulf and south-east Asia. “The UK’s reputation for cyber
expertise is recognized worldwide and my department is committed to ensuring
the UK fulfils its global potential, with cyber exports projected to be worth
£2.6bn by 2021,” said international trade secretary Liam Fox, in a statement.
TECHNOLOGY
The Atlantic
April 30,
2019
One day
last June, Doug Boss pulled into a police-station parking lot to meet a
stranger from Craigslist. His purpose: to buy used insulin pumps. Boss has type
1 diabetes, and he relies on a small pump attached to his body to deliver
continuous doses of insulin that keep him alive. To be clear, he didn’t need to
buy used medical equipment on Craigslist. Boss, who is 55 and works in IT in
Texas, has health insurance. He even has a new, in-warranty pump sitting at
home. But he was thrilled to find on Craigslist a coveted old model that was
made by the medical-device company Medtronic and discontinued years ago. What
makes these outdated Medtronic pumps so desirable is, ironically, a security
flaw. Boss was looking for a pump or two he could hack.
via Nick
Leiserson