Pages

Friday, August 02, 2019

Surrender immediately: The quiet scheme saving thousands from ransomware


Resistance keeps you stuck. Surrender immediately opens you to the greater intelligence that is vaster than the human mind, and it can then express itself through you. So through surrender often you find circumstances changing.”

  ~Eckhart Tolle



Author George Hodgman Dead At 60 In Apparent Suicide


“[He was] a well-regarded book and magazine editor who had his own moment as a literarycause célèbre in 2015 when he published Bettyville, a memoir about caring for his aging mother that also delved into his growing up gay in a Midwestern town.” – The New York Times





'Nor Cast One Longing Lingering Look Behind'




Msgr. Ronald Knox begins his essay “Birmingham Revisited,” collected in Literary Distractions (1958), like this:

“It is alleged by a friend of my family that I used to suffer from insomnia at the age of four; and that when she asked me how I managed to occupy my time at night I answered ‘I lie awake and think of the past.’”

Knox, a Roman Catholic priest and son of an Anglican bishop, is one of the last century’s unacknowledged masters of English prose. Like Max Beerbohm, Knox calibrates his words until they attain the precise edge of irony he seeks. The passage above arouses in this reader pensive amusement with a hint of sadness. The notion of a four-year-old even having a past to contemplate is funny – and poignant. We’ve all known boys and girls who carry the gravitas of old men and women. They seem to inhabit two ages and have access to precocious wisdom.

Nige has been visiting cemeteries and reading Thomas Gray, the poet I thought of when reading Knox’s essay. Knock“Elegy Written in a Country Churchyard” if you wish; call it sentimental, pious or sententious, but the poem has touched millions of people, most of whom have not been poets or critics but thoughtful, private, non-aligned readers who value music and consolation. This stanza recalls the four-year-old Knox:     

“For who to dumb Forgetfulness a prey,
This pleasing anxious being e’er resigned,
Left the warm precincts of the cheerful day,
Nor cast one longing lingering look behind?”

Nige speaks for generations of Gray’s readers: “[Y]ou wonder how many poets of the twentieth century had such appeal, convincing the reader that his lines reflect the things the reader has always him(her)self felt – Kipling of course, and later Betjeman, none of the modernists except maybe sometimes Eliot . . . maybe sometimes Auden and Yeats, even Larkin once in a while? But the century produced nothing with such strong and enduring appeal as Gray’s Elegy. Or did it?”



AP
July 26, 2019
Robert Mueller warned that Russian interference is still happening “as we sit here.” State election officials are anxious and underfunded, some running systems with outdated software and scrounging for replacement parts off e-Bay. And on Thursday a report from the Senate Intelligence committee concluded all 50 states were targeted in 2016 and ahead of the 2018 election “top election vulnerabilities remained.” But there’s no help coming from Congress. It’s a risky calculation heading into 2020, when the stakes will be high for an election that could see record turnout as President Donald Trump runs for a second term. Primary voting is six months away. Senate Majority Leader Mitch McConnell on Thursday blocked a House-passed bill that would authorize $775 million to beef up state election systems. GOP leaders made the case that the Trump administration has already made great strides in protecting the vote and they say no more funding is needed.

The New York Times
July 25, 2019
The Senate Intelligence Committee concluded Thursday that election systems in all 50 states were targeted by Russia in 2016, an effort more far-reaching than previously acknowledged and one largely undetected by the states and federal officials at the time. But while the bipartisan report’s warning that the United States remains vulnerable in the next election is clear, its findings were so heavily redacted at the insistence of American intelligence agencies that even some key recommendations for 2020 were blacked out. The report — the first volume of several to be released from the committee’s investigation into Russia’s 2016 election interference — came 24 hours after the former special counsel Robert S. Mueller III warned that Russia was moving again to interfere “as we sit here.” While details of many of the hackings directed by Russian intelligence, particularly in Illinois and Arizona, are well known, the committee described “an unprecedented level of activity against state election infrastructure” intended largely to search for vulnerabilities in the security of the election systems.

The Hill
July 25, 2019
House Homeland Security Committee Chairman Bennie Thompson (D-Miss.) and Rep. Debbie Wasserman Schultz (D-Fla.) sent a letter to President Trump this week questioning his administration's efforts to secure elections. The letter was sent Wednesday in light of comments made by former special counsel Robert Mueller while testifying in front of two House committees. Mueller said that the Russians will likely try to interfere in the 2020 U.S. elections, and are doing so “as we sit here.” Thompson and Wasserman Schultz questioned Trump on his actions taken in regard to election security, in particular pointing out that he has not requested or received a briefing from federal officials about election security efforts. They also questioned why Trump has not designated a White House official to coordinate “interagency efforts” to secure elections against foreign interference. “It is your responsibility, as Commander in Chief, to address the threat of cyber-attacks, influence operations, disinformation campaigns, and other activities that undermine the security and integrity of U.S. democratic institutions,” Thompson and Wasserman Schultz wrote. “We implore you to treat this issue with seriousness and with the utmost sense of urgency and concern that it demands.”

FCW
July 24, 2019
The House quietly passed legislation on July 23 that would expand cybersecurity research and development partnerships between several federal agencies and the government of Israel. The bill, introduced in March by Reps. Ted Deutch (D-Fla.) and Joe Wilson (R-S.C.), covers a broad set of cooperative issues between the two countries but contains several provisions related to cybersecurity. Most notably, it would create a new grant program at the Department of Homeland Security to support cybersecurity R&D as well as the demonstration and commercialization of cybersecurity technology with the Israeli government. Applicants would be eligible for funding under the program if their project represents a joint venture between a U.S.-based third-party organization and an Israeli one, including the U.S. and Israeli governments, and addresses “a requirement in the area of cybersecurity research or … technology, as determined by the secretary.

The Washington Post
July 22, 2019
House Intelligence Committee Chairman Adam B. Schiff (D-Calif.) said Saturday that he and his contacts at top intelligence agencies were unaware of Russian attempts to hack Senate candidates until the issue came up publicly at a conference last year. Speaking to NBC journalist Kristen Welker at the Aspen Security Forum — an annual Colorado gathering of government officials, industry experts and reporters — Schiff recalled his surprise when a Microsoft representative said at last year’s forum that three Senate campaigns had been attacked by what seemed like the same Russian group that interfered in the 2016 presidential election. “That should not be the first time the Intelligence chair is hearing that,” Schiff said at the Aspen conference. The hacking attempts were also news to the National Security Agency and CIA officials he talked to later, the lawmaker said. “And that told me, as a matter of quality control, that something is broken here,” Schiff added.

Nextgov
July 22, 2019
As our planes, trains and automobiles become increasingly connected in cyberspace, a pair of lawmakers want to make sure manufacturers are doing everything they can to secure the vehicles against unwanted digital intrusions. Sens. Ed Markey, D-Mass., and Richard Blumenthal, D-Conn., last week introduced a pair of bills that would require the government to regulate the security of the numerous IT systems onboard cars and commercial planes. The proposals come months after Washington D.C.-area lawmakers recommended banning the Washington Metropolitan Area Transit Authority from buying train cars from a Chinese manufacturer, citing potential espionage threats. Though the two bills call on manufacturers to follow best practices like isolating critical systems and frequent penetration testing, they avoid codifying any specific security measures, giving regulators the flexibility to update standards as the threat landscape evolves. “Evolving transportation technologies offer enormous potential to improve safety, help protect the environment and entertain passengers,” Markey said in a statement. “But these same technologies could pose massive cybersecurity and privacy vulnerabilities if appropriate safeguards are not in place. The [legislation] will make sure our drive[r]s and fliers are all able to travel safely in the internet era.”

Fifth Domain
July 21, 2019
After stonewalling congressional committees for nearly a year, the Trump administration has apparently finally agreed to share documents related to a new processes for approving cyber operations outside U.S. networks. “On a bipartisan basis some of us sent a letter to the Trump administration demanding that they share with, at least some of the leadership on the Armed Services Committees, the rules of engagement for certain cyber contingencies,” Rep. Mac Thornberry, R-Texas, ranking member of the House Armed Services Committee, said at the Aspen Security Forum July 20. “The Obama folks did give us that information, the Trump people changed it, but then they were reluctant to show us. We had to go all the way to the White House counsel, but he has come back and said, ‘OK, we will follow that precedent.’” Congress, as part of its oversight role, has been asking to see the documents for National Security Presidential Memorandum 13, which repealed Obama-era processes for approving cyber operations through the interagency.


ADMINISTRATION

CyberScoop
July 26, 2019
A British cybersecurity researcher best known for halting the spread of the global WannaCry ransomware outbreak two years ago will avoid prison for creating banking malware that surfaced in 2014. A federal judge in the Eastern District of Wisconsin on Friday sentenced 25-year-old Marcus Hutchins to time served and one year of supervised release.  The decision brings to a dramatic close a legal saga that has absorbed the cybersecurity community for years. Hutchins, also known by the Twitter handle “MalwareTech,” had faced up to a decade in prison after pleading guilty in April to two counts related to writing and distributing the Kronos banking trojan, and another piece of malware known as UPAS Kit. Hutchins created Kronos as a black hat hacker, a life he disavowed before the WannaCry ransomware virus infected more than 200,000 computers in roughly 150 countries in May 2017. Hutchins, working as a security researcher at the time, found a so-called kill switch in the WannaCry code which stopped the malware’s spread.

Ars Technica
July 26, 2019
This Wednesday, Louisiana Governor John Bel Edwards declared a state of emergency in response to ransomware attacks on three public school districts. There's no word so far on which ransomware variant has hit the school districts or what the exact extent of damages is. Eddie Jones, principal of Florien High School (a school in one of the three affected districts), told KSLA News that his technology supervisor received an alert on his phone at 4am Sunday about unusually high bandwidth usage. Shortly afterward, investigators discovered ransomware on the school servers. Jones says "anything and everything housed solely on the School District's servers" was lost, including 17 years of his own personal documents. The Sabine and Morehouse district ransomware attacks this week follow an attack on the Monroe City school district last week. Morehouse parish claims not to have been affected to the extent of the other two parishes, and it states that "all major systems, including payroll, are operational."

FCW
Contractors routinely fail to secure the Defense Department's unclassified information from cyberthreats when it's housed on their systems and networks, according to a new report from the department's watchdog agency. The DOD inspector general released a report July 25 after reviewing how DOD information is protected on contractor's networks and systems. The IG found that contractors were not consistently adhering to DOD's cybersecurity standards, which are based on controls created by the National Institute of Standards and Technology. Specifically, contractors failed to use multifactor authentication, enforce strong password use, identify and mitigate vulnerabilities or document and track cybersecurity incidents. Administrators also improperly assigned access privileges that did not align with users' responsibilities, the report stated.

CNN
July 26, 2019
Two days after Louisiana officials declared a state of emergency following a massive cyber attack, authorities from New York conducted a "digital fire drill" to see how critical infrastructure would hold up during a security breach. The tabletop exercise, hosted by IBM at its training facility in Boston on Friday, puts leaders from law enforcement, telecommunications, energy and many other sectors to the test. The idea was to create a makeshift scenario where a cyber attack shuts down key infrastructure, causing anywhere from a loss of power to mass casualties. The test could expose blind spots for first responders and reiterate the need for leaders at the local level to meet and exchange information, a critical lesson learned in the wake of the 9/11 terror attacks, officials said. "It's like a digital fire drill," said Kenn Kern, chief information officer for the Manhattan District Attorney's Office. "How are we going to respond right now."

AP
July 26, 2019
In a federal court filing, lawyers for election integrity advocates accuse Georgia election officials of intentionally destroying evidence that could show unauthorized access to the state election system and potential manipulation of election results. Election integrity advocates and individual Georgia voters sued election officials in 2017 alleging that the touchscreen voting machines Georgia has used since 2002 are unsecure and vulnerable to hacking. In a court filing Thursday, they said state officials began destroying evidence within days of the suit's filing and continued to do so as the case moved forward. "The evidence strongly suggests that the State's amateurish protection of critical election infrastructure placed Georgia's election system at risk, and the State Defendants now appear to be desperate to cover-up the effects of their misfeasance — to the point of destroying evidence," the filing says. A spokeswoman for the secretary of state's office, which oversees elections, denied the allegations.

Nextgov
July 26, 2019
The Energy Department failed to enact proper cybersecurity controls at one of its radioactive waste management facilities, leaving the site potentially vulnerable to digital attacks, according to an internal watchdog. The agency inspector general found the site’s digital security fell short of the standards outlined in the Federal Information Security Management Act, the government’s primary cybersecurity regulation. The unnamed facility lacked proper physical and logical access controls, and officials also failed to properly monitor networks, manage vulnerabilities and develop a contingency plan, according to the IG. “The integrity, confidentiality and availability of systems and data managed by the site may be impacted by the vulnerabilities identified during our review,” auditors wrote in a summary of their findings. The public version of the report included few details on specific vulnerabilities. Auditors attributed the vulnerabilities to shoddy oversight, calling out the site’s cybersecurity officials for not ensuring FISMA requirements were fully implemented. Department leaders also never created specific performance metrics to incentivize the site’s primary contractor to follow robust cybersecurity practices, they said.

CyberScoop
Maybe the only thing more complicated than the Methbot advertising fraud scheme was the plan that ultimately shut it all down. Last year, the FBI led a takedown operation that, with help from the bot detection firm White Ops and more than a dozen other companies, resulted in the arrest of three accused fraudsters in three different countries, as well as the seizure of more than 50 web servers and numerous bank accounts. The law operation, detailed Wednesday by FBI officials at the International Conference on Cyber Security, targeted the Methbot/3ve fraud scheme. The ad-fraud ring defrauded digital advertisers and web publishers out of more than $30 million by charging marketers for access to internet users who didn’t actually exist, according to the U.S. Department of Justice. Advertising fraud, already a billion-dollar problem, is set to cost the ad industry $44 billion by 2022. The investigation, which lasted more than a year and a half, resulted in the arrests of three suspects who were apprehended in Bulgaria, Malaysia and Estonia. Five other suspects have been indicted while managing to avoid capture. Identifying the suspects only turned out to be the first hurdle, though, for FBI agents who ultimately spent six months plotting out how to bring the ringleaders into custody without compromising evidence or tipping off other suspects that police were on the way.

CyberScoop
When soldiers are preparing to deploy, they head to the Army’s National Training Center at Fort Irwin in California. There, they can replicate an entire campaign during a two-week rotation against a world class force. But in the cyber world, no such training environment exists. That means cyber forces train in ad hoc cyber ranges and are limited by the number of teams that can dial in. Moreover, there is no space to rehearse for an upcoming mission. The Persistent Cyber Training Environment (PCTE), managed by the Army, seeks to change all of that. PCTE is an online client in which members of U.S. Cyber Command’s cyber mission force can log on from anywhere in the world for training, either of individuals or of groups, and to rehearse missions. In June, the program underwent its biggest test to date, working with cyber warriors from across several time zones during an exercise created by the Navy, to get the system ready for primetime.

The New York Times
July 23, 2019
Attorney General William P. Barr said on Tuesday that technology companies should stop using advanced encryption and other security measures that effectively turn devices into “law-free zones” that keep out law enforcement officials conducting criminal investigations. “As we use encryption to improve cybersecurity, we must ensure that we retain society’s ability to gain lawful access to data and communications when needed to respond to criminal activity,” Mr. Barr said in his keynote address at the International Conference on Cybersecurity at Fordham University Law School in Manhattan. The Justice Department has long pushed technology companies to help the government gain access to information on electronic devices, a conflict that last peaked in 2016, when investigators obtained a court order that required Apple to help the F.B.I. unlock an iPhone recovered after the mass shooting in San Bernardino, Calif., in December 2015. Tensions eased after the F.B.I. found a way to get into the phone without Apple, but the case reinvigorated the debate over tech freedom, security and encryption.

CyberScoop
July 23, 2019
The National Security Agency is creating a Cybersecurity Directorate to better protect the country against cyberthreats from foreign adversaries, NSA Director Gen. Paul Nakasone said Tuesday. Anne Neuberger will be the intelligence agency’s first director for cybersecurity. The directorate is slated to be operational Oct. 1 of this year, an NSA spokesperson told CyberScoop. The move is intended to allow the NSA  — which is part of the Department of Defense — to better provide information gleaned from signals intelligence to agencies and the private sector in order to protect national critical infrastructure, the spokesperson said. Nakasone made the announcement in New York at the International Conference on Cyber Security. “It’s a major organization that unifies our foreign intelligence and our cyberdefense mission, and it’s charged with preventing and eradicating threats to national security systems and the defense industrial base,” the spokesperson said.

Nextgov
July 22, 2019
States and local election offices need much more financial support from the federal government to create reliably secure election systems that can withstand attempts at interference from foreign governments, according to a new report. After Russian hackers sought to interfere with the 2016 election, Congress in 2018 approved $380 million for states to help them improve election security. States are expected to spend most of the money ahead of the 2020 balloting, but the report from the Brennan Center for Justice cautions that each state faces particular challenges that won’t be resolved before the next big election. The report, which was also sponsored by the Alliance for Securing Democracy, R Street Institute and University of Pittsburgh Institute for Cyber Law, Policy and Security, examined six states, finding that all had taken steps to shore up vulnerabilities. But in each state, big problems that come with big price tags remain, such as old voting equipment that is more vulnerable to hacking, aging voter registration systems and states failing to provide sufficient cybersecurity assistance to local governments.


INDUSTRY

Gov Info Security
July 26, 2019
A massive botnet attack earlier this year utilized more than 400,000 connected devices over the course of 13 days, according to researchers at the security firm Imperva. The attack, which occurred between March and April at one of the firm's clients in the "entertainment industry," targeted an online streaming application, Imperva says in a blog. At one point, the botnet produced more than 292,000 requests per minute, the researchers say. This particular botnet, and the distributed denial-of-service attack associated with it, mirrored some of the same activity seen with the Mirai botnet, which first appeared in 2016. For example, it used some of the same open ports as Mirai malware infected, according to the blog. "It was the largest Layer 7 DDoS attack Imperva has ever seen," researcher Vitaly Simonovich notes in the blog.

ZDNet
July 25, 2019
A US cyber-security company is selling a weaponized BlueKeep exploit as part of a penetration testing utility. BlueKeep, also known as CVE-2019-0708, is a vulnerability in the Remote Desktop Protocol (RDP) service included in older versions of the Windows operating system. Microsoft released patches for BlueKeep on May 14, and described it as a "wormable" vulnerability that could self-propagate in a similar manner how the EternalBlue helped propagate the WannaCry ransomware outbreak. The vulnerability was considered incredibly dangerous. Microsoft has repeatedly told users to apply patches, and even the US National Security Agency (NSA), the US Department of Homeland Security, Germany's BSI cyber-security agency, the Australian Cyber Security Centre, and the UK's National Cyber Security Centre have issued security alerts urging users and companies to patch older versions of Windows. For the last two months, security researchers have been holding their collective breadth that malware authors don't discover a way to weaponize BlueKeep.

Reuters
July 24, 2019
German blue-chip companies BASF, Siemens, Henkel along with a host of others said on Wednesday they had been victims of cyber attacks, confirming a German media report which said the likely culprit was a state-backed Chinese group. Public broadcaster ARD said the hackers used a type of malware called Winnti, which allows attackers to remotely access a victim’s computer network. ARD said an analysis of the malware code showed which companies were targeted by a group likely working for the Chinese government. Alongside the German firms named, companies including drug maker Roche, hotels group Marriott, airline Lion Air, conglomerate Sumitomo, and chemicals group Shin-Etsu were also targeted by the hackers, ARD reported. Industrial conglomerate Siemens, shampoo maker Henkel and Swiss pharma group Roche confirmed that they were affected by “Winnti”, while BASF and Covestro also confirmed that they have been attacked. All said that no sensitive information was lost, while none of the companies commented on whether the attacks had been launched by Chinese hackers.

CyberScoop
July 24, 2019
The hackers who breached corporate VPN service provider Citrix last year used an unsophisticated technique that throws commonly used, weak passwords at a system until one works, the company’s investigators has confirmed. The “password spraying” ploy allowed the hackers to steal business files from a Citrix network drive along with a drive linked with its consulting practice, Citrix President David Henshall wrote in a blog post last week. The attackers had access to the drives for a “limited number of days,” between October 2018 and March 2019, he said. Henshall did not say who carried out the hack or what their ultimate objective was. VPN providers could be an enticing target for any set of hackers looking for a foothold in a corporation’s network. “The cybercriminals also may have accessed the individual virtual drives and company email accounts of a very limited number of compromised users and launched without further exploitation a limited number of internal applications,” Henshall added.

TechCrunch
July 23, 2019
Researchers have found several security flaws in popular corporate VPNs which they say can be used to silently break into company networks and steal business secrets. Devcore researchers Orange Tsai and Meh Chang, who shared their findings with TechCrunch ahead of their upcoming Black Hat talk, said the flaws found in the three corporate VPN providers — Palo Alto Networks, Pulse Secure and Fortinet — are “easy” to remotely exploit. These VPNs — or virtual private networks — aren’t your traditional consumer VPN apps designed to mask where you are and hide your identity, but are used by staff who work remotely to access resources on a company’s network. Typically employees must enter their corporate username and password, and often a two-factor code. By connecting over an HTTPS (SSL) connection, these providers create a secure tunnel between the user’s computer and the corporate network. But Tsai and Chang say the bugs they found allow anyone to covertly burrow into a company’s network without needing a working username or password.

The New York Times
July 22, 2019
The credit bureau Equifax will pay about $650 million — and perhaps much more — to resolve most claims stemming from a 2017 data breach that exposed sensitive information on more than 147 million consumers and demonstrated how little control Americans have over their personal data. The settlement is vast in its scope, resolving investigations by two federal agencies and 48 state attorneys general and covering every American consumer whose data was stolen — or just under half the population of the United States. It does not just compensate victims who lost money: People who suffered through the hassles of bank phone trees and credit-card customer service lines can bill Equifax $25 an hour for their time. A federal judge gave the agreement preliminary approval on Monday, and once finalized, it will be the largest settlement of a data breach case in terms of dollar amount and number of victims, surpassing the $115 million the health care company Anthem paid to settle claims from 79 million people who had their personal information stolen in 2015.


INTERNATIONAL

Financial Times
July 26, 2019
One of the world’s most secure email services has been caught up in a sophisticated cyber attack aimed at investigative journalists and other experts who are probing Russian intelligence activities. Those targeted have used Swiss-based ProtonMail to share sensitive information related to their probes of Moscow’s military intelligence directorate, the GRU. Its agents have been accused of complicity in the downing of MH17 over Ukraine in 2014, and the attempted assassination of Sergei Skripal and his daughter last year in Britain. ProtonMail, which bills itself as the world’s most secure email platform, because of its cutting edge cryptography and protections against attack, became aware of the attempt to compromise its users on Wednesday. The company, founded in 2014 by a team of former scientists from the European particle research laboratory Cern, has been in touch with Swiss authorities to help shut down the web domains used to try to dupe its clients and has taken action to block phishing emails.

Gov Info Security
July 26, 2019
Portions of the South Africa capital of Johannesburg were left in the dark for a part of Thursday, after an unknown ransomware variant knocked out the local electrical utility's network, databases and applications, according to city officials and local media reports. By Friday morning, City Power, which provides electricity for Johannesburg and is owned by the city, had restored power and most services for affected residents. The utility was still in the process of recovering its various IT systems and networks on Friday, according to the local officials. While the ransomware attack knocked out City Power's website and other applications for most of Thursday, the utility did manage to post a series of tweets to keep residents up-to-date on developments and the recovery effort. What exact variant of ransomware hit City Power on Thursday is not clear, and the utility did not say if the attackers asked for ransom or if officials paid to restore service. While the attack crippled the utility's IT systems, Johannesburg's official Twitter account stressed that no customer data was stolen or breached during the incident.

The New York Times
July 25, 2019
President Jair Bolsonaro’s cellphones were among hundreds targeted by hackers this year, he said Thursday, as part of an elaborate scheme that has roiled the political establishment and called into question the fairness of high-profile corruption prosecutions. The revelation came days after law enforcement officials took four people into custody as part of their investigation into the hacking of confidential material stored on the cellphones of Brazilian cabinet members, prosecutors and lawmakers. Mr. Bolsonaro called the hacking “a serious attack against Brazil and its institutions,” but said he personally had little to fear. “I never handled sensitive or national security matters over a cellphone,” he said. On Thursday, Brazilian newspapers reported that one of the suspects, Walter Delgatti Neto, told investigators that he had leaked correspondence between prosecutors and a prominent judge to The Intercept, an online news site, which published several articles based on the material.

Ars Technica
July 24, 2019
Researchers have discovered some of the most advanced and full-featured mobile surveillanceware ever seen. Dubbed Monokle and used in the wild since at least March 2016, the Android-based application was developed by a Russian defense contractor that was sanctioned in 2016 for helping that country’s Main Intelligence Directorate meddle in the 2016 US presidential election. Monokle uses several novel tools, including the ability to modify the Android trusted-certificate store and a command-and-control network that can communicate over Internet TCP ports, email, text messages, or phone calls. The result: Monokle provides a host of surveillance capabilities that work even when an Internet connection is unavailable.

CyberScoop
July 23, 2019
European authorities are testing out the idea that not every cybercrime investigation has to end with a hacker in handcuffs. Police in the U.K. and the Netherlands have created a legal intervention campaign for first-time offenders accused of committing cybercrimes, officials explained Tuesday at the International Conference on Cybersecurity at Fordham University. The effort, called “Hack_Right,” is aimed at people between 12 and 23 years old who may be skirting the law from behind their keyboard and not even realize it. The experiment, which began last year, already has involved interactions with more than 400 young people in the U.K., the officials said. “We do this … to get out and find them and get them into computing clubs before we have to investigate someone and lock them up,” said Gregory Francis, acting national prevent lead at the National Cyber Crime Unit of the National Crime Agency. “[Cybercrime] is not a law enforcement problem. It’s a societal problem.”

Gov Info Security
July 22, 2019
A recent spate of attacks targeting domain name system protocols and registrars, including several incidents that researchers believe have ties to nation-state espionage, is prompting the U.S. and U.K. governments to issues warnings and policy updates to improve security. The recent alerts and updates issued by the U.S. General Services Administration, which has responsibility for .gov domains, and the U.K. National Cyber Security Center over the last two weeks come at a time when security experts warn that the aging DNS protocol cannot keep up with modern threats and tools designed to hijack internet traffic. On Wednesday, the GSA plans to start alerting officials who oversee .gov domains when changes are made to those sites' DNS registrar. Meanwhile, British officials have issued a new warning about attacks targeting DNS - the second time this year it has issued such an alert.

BBC
July 20, 2019
The Metropolitan Police's website has been hit by hackers who posted a series of bizarre messages. A series of tweets were sent from the force's verified account, which has more than a million followers, including one about rapper Digga D. A stream of unusual emails were also sent from the force's press bureau at about 23:30 BST on Friday. Scotland Yard confirmed its website had "been subject to unauthorized access". Following the incident, US President Donald Trump renewed his attack on Mayor of London Sadiq Khan, in a tweet quoting right-wing commentator Katie Hopkins. Ms. Hopkins said "they have lost control of London streets" and "apparently they lost control of their twitter account too", while Mr Trump added: "With the incompetent Mayor of London, you will never have safe streets!". The Mayor's office has declined to comment on Mr Trump's tweet.


TECHNOLOGY

BBC
July 26, 2019
A free scheme to prevent cyber-attack victims paying ransom to hackers claims to have saved more than 200,000 victims at least $108m (£86m). The No More Ransom project offers advice and software to recover computer files encrypted in ransomware attacks. Founded by Europol, police in the Netherlands, and McAfee, it now has more than 150 global partners. With 14 new tools introduced in 2019 alone, Europol says it can now decrypt 109 different types of infection. "When we take a close look at ransomware, we see how easy a device can be infected in a matter of seconds," says Steven Wilson, head of Europol's European Cybercrime Centre (EC3).

Wired
July 21, 2019
When you think of malware, it's understandable if your mind first goes to elite hackers launching sophisticated dragnets. But unless you're being targeted by a nation-state or advanced crime syndicate, you're unlikely to encounter these ultratechnical threats yourself. Run-of-the-mill, profit-generating malware, on the other hand, is rampant. And the type you're most likely to encounter is adware. In your daily life you probably don't think much about adware, software that illicitly sneaks ads into your apps and browsers as a way of generating bogus revenue. Remember pop-up ads? It's like that, but with special software running on your device, instead of rogue web scripts, throwing up the ads. Advertisers often pay out based on impressions, or the number of people who load their ads. So scammers have realized that the more ads they can foist upon you, the more money they pocket.

via