Thursday, September 12, 2019

‘No One Is Accountable for This’: Cyber Security

“Freedom is always associated with risk taking, whether it leads to it or comes from it.”
― Nassim Nicholas Taleb, Skin in the Game: The Hidden Asymmetries in Daily Life


“It would be an act of wisdom to depart immediately… but wisdom is itself the product of knowledge; and knowledge, unfortunately, is generally the product of foolish doings. So, to add to my own knowledge and to enhance my wisdom I shall remain another day, to see what occurs.”
― Roger Zelazny, Creatures of Light and Darkness


“If you walk in with the cocky attitude, big chances that you will walk out quickly with out golden ticket. It's ok to have confidence, not so ok to be full of yourself.”
Aireen Pontillo  



The ones who say you can’t are too afraid you will.
~MEdia Dragons with mighty Nikes


R U OK co-founder shares his suicide note and dissects the language of depression

Hoping to spark a conversation that could ultimately save lives, R U OK co-founder Graeme Cowan this week shared a suicide note he wrote in the depths of his depression 15 years ago. The response, he says, has been overwhelming.

Boomers beat Czech Republic to reach first basketball World Cup semi-final

How a prison economy works

Prague-Poem-Tres-Bohemes

Anxiety rising as law firms confirm cyber breaches - The Australian




Gov Info Security

September 6, 2019

Bills now being considered in the Congress would make the Department of Homeland Security's Continuous Diagnostics and Mitigation Program available to all federal agencies and provide services to state and local governments to help them address cybersecurity challenges. The House version of the bill introduced this week, Advancing Cybersecurity Diagnostics and Mitigation Act, is sponsored by John Ratcliffe, R-Texas, and Ro Khanna, D-Calif. Senators John Cornyn, R-Texas, and Maggie Hassan, D-N.H., introduced a similar bill in July. The legislation would codify into law the Department of Homeland Security's Continuous Diagnostics and Mitigation Program and would make it more broadly available to units of government at all levels. When DHS first introduced the program in 2013, some agencies, such as the U.S. Department of Defense, and the intelligence community joined to help develop its capabilities, but the program was not widely deployed across the federal government.


The Hill
September 5, 2019
The leaders of the House Blue Dog Coalition and the House Blue Dog Task Force on National Security on Thursday sent a letter to House and Senate leaders calling for action to prevent foreign interference in U.S. elections and to secure election systems. The House Blue Dog Coalition, a group of 26 moderate Democrats, urged congressional leaders to “put politics aside and pursue bipartisan solutions” to bolster election security ahead of 2020. “We are calling on Congress to take further action to secure our elections, punish Russia for its attempts to meddle in the 2016 and 2018 elections, and deter our adversaries from meddling in future U.S. elections,” the leaders of the Blue Dog Coalition and the Task Force wrote. “The threat to our national security could not be more clear.” The letter was sent to Speaker Nancy Pelosi (D-Calif.), House Majority Leader Steny Hoyer (D-Md.), Minority Leader Kevin McCarthy (R-Calif.), Senate Majority Leader Mitch McConnell (R-Ky.) and Senate Minority Leader Charles Schumer (D-N.Y.). The House has passed two major election security bills earlier this year, both along party lines.


ADMINISTRATION

CyberScoop
September 6, 2019
A key component of the Pentagon’s effort to defend the 2018 midterm elections from foreign interference was its collaboration with the Department of Justice to disrupt operations from overseas, Gen. Paul Nakasone, director of the National Security Agency, said Thursday. It’s the kind of interagency effort American officials are trying to achieve again before the 2020 presidential election. The NSA and U.S. Cyber Command, a unified combatant command at the Pentagon dedicated to running cyber-operations, worked with the FBI’s Foreign Influence Task Force in 2018 as part of an effort to avoid the kind of Russian meddling that occurred in 2016, Nakasone said. The effort to protect the 2018 midterm elections, collectively known as Synthetic Theology, resulted in disrupting the internet access of Russia’s social media troll farm, the Internet Research Agency. The effort represented the first cyber-operations abroad to protect U.S. elections, and it’s helping inform the intelligence community’s approach to the 2020 voting process. Last year also marked the first time NSA and Cyber Command leveraged new authorities to run offensive cyber campaigns abroad following legal approval from the White House and Congress.

Nextgov
September 6, 2019
The Trump administration has appealed a federal court decision granting former and current federal employees standing to sue the government over its inability to protect their personal information, arguing the hackers responsible for the breach want to spy on the more than 20 million impacted individuals, but not commit identity theft. A panel of the U.S. Court of Appeals for the D.C. Circuit erred when it largely sided with two federal employee unions in their lawsuit against the Office of Personnel Management and a federal contractor for their roles in the hacks that led to mass disclosures of personal records, the Justice Department said in an appeal filed late Wednesday. The government is seeking a review by the entire appellate court in hopes it will kill the lawsuit. While the appeals court panel found the plaintiffs faced a plausible risk of future harm following the breach, the Trump administration argued that risk was not substantial. Former and current federal employees caught up in the breach “could” become the victims of identity theft, the court ruled, but the government attorneys said it was “implausible” to assume they would. 

The Oklahoman
September 6, 2019
The FBI is investigating a cybertheft of $4.2 million from the state's pension fund for retired Oklahoma Highway troopers, state agents, park rangers and other law enforcement officers. The Oklahoma Law Enforcement Retirement System (OLERS) posted an announcement online about the investigation Thursday, 10 days after the money went missing. "We are certain the stolen funds will be recovered," the state agency said. "Most importantly, no pension benefits to members or beneficiaries have been impacted or put at risk. All benefits will continue to be paid in a timely fashion as always." The state agency made the announcement only after being contacted by The Oklahoman about the cybercrime. "The total diversion was $4.2 million," OLERS executive director, Duane A. Michael, told The Oklahoman on Thursday. "Of that, we've recovered $477,000."

FCW
September 6, 2019
A senior Department of Homeland Security official said a flagging cybersecurity information sharing program will be getting a facelift to improve quality and facilitate more complex defensive actions. The Automated Indicator Sharing program, which facilitates the sharing of threat indicators between the federal government and private sector, was originally envisioned as a crucial tool to achieve broader visibility around malicious cyber activity and more quickly respond to emerging threats. However, the program has never gained the level of traction with private sector groups that policymakers in Congress and at DHS originally hoped for. In particular, while many companies are happy to receive information from DHS, only a handful were actually sharing information back with the government as of last year, per reporting from Nextgov. Jeanette Manfra, the assistant director for cybersecurity and communications at the Cybersecurity and Infrastructure Security Agency at DHS, said her agency has been able to make significant progress in recent years to increase collaboration with companies and other federal agencies through more analog means -- such as conversation and relationship building. However, when it comes to automated programs like AIS, it's "going to take a lot more work to build trust into the system," she said.

The Denver Post
September 6, 2019
Two weeks before a “malicious threat” crippled Regis University’s information technology services — rendering the Denver campus’s phones, email and internet useless just as summer courses ended and the fall semester began — Bob Bowles was teaching students how to respond to a cyberattack. “Once an incident happens, the first thing you want to do is contain the damage, stop the bleeding,” said Bowles, a cybersecurity professional of more than 20 years who is now the director of Regis’ Center for Information Assurance Studies. “Go into ratification and recovery phase — determining how it happened, patching the weakness and trying to put controls in place.” Bowles and the rest of Regis’s cybersecurity faculty have witnessed their lesson plans come to life since the attack two weeks ago that continues to wreak havoc on campus technology services. Although the academics aren’t on the frontlines fighting the intrusion, leaving that job to IT services and forensic investigators, the educators are taking notes. They plan to use the attack as a case study in their own classrooms and as a lesson for others in the community.

The Atlantic
September 5, 2019
It’s the eve of Election Day 2020, and political reporters have just received an incendiary email. Donald Trump’s campaign has sent out grainy cellphone footage of his Democratic challenger, Joe Biden, at a private meeting with wealthy donors, ridiculing Americans who voted for the president in 2016 and plotting how to trick them into backing him instead. Except Biden never made the remarks and Trump never shared them. A few overeager journalists post the video on Twitter before fully investigating its authenticity, causing the clip to spread on social media faster than the presidential campaigns and the press can expose it as a fraud. U.S. authorities will eventually attribute the deception to North Korean hackers, impersonating the Trump campaign’s domain name and deploying deepfake technology to keep their preferred nuclear-talks counterpart in office. But that won’t happen for weeks, well after Americans have chosen their next leader. Such a hypothetical scenario isn’t implausible. In fact, it’s a type of threat that the email-security firm Agari flagged in a recent report. hree and a half years have passed since John Podesta, the chairman of Hillary Clinton’s presidential campaign, fell for a phishing email—granting Russian hackers, and thereby the world, access to his Gmail account and coming to embody the devastating ways foreign governments can meddle in democratic politics.

Fifth Domain
September 5, 2019
The Army has discovered that one of the keys to success in cyber operations is to embed tool developers and coders alongside operators. The military has long relied upon contractor support for coding and software development. However, in an operational environment that can change in milliseconds, forces need coders that can adjust to these changes in real time. “When we built the mission force initially, it was this idea that we would pool the developers at a very central location. If you’re on a team, you conduct an operation, you would send a problem up, they would work it and they would send it down,” Lt. Gen. Stephen Fogarty, commander of Army Cyber Command, said Sept. 4 at the Billington cybersecurity conference in Washington. “In practice, that just doesn’t work.” Now, these coders, who are uniformed and civilian, will help build operational infrastructure, tools and applications, Fogarty said.

Federal News Network
September 5, 2019
The Defense Department sees its new certification model, which it unveiled to the public this week, as a way to more quickly bring its entire industrial base up to date with best cybersecurity practices. But the Pentagon also sees this new model as a means to set the stage for a broader, more complex journey to better understand the defense supply chain. On Wednesday, DoD released a new draft of the Cybersecurity Maturity Model Certification (CMMC), the Pentagon’s most recent to attempt to create a simpler, more consistent framework for the cyber demands it imposes on its contractors and subcontractors. The department will accept public comment on the certification model through Sept. 25. “Every company within the DoD supply chain — not just the defense industrial base,  but the 300,000 contractors — are going to have to get certified to do work with the Department of Defense,” Katie Arrington, chief information security officer for DoD’s Office of the Assistant Secretary of Defense for Acquisition, said Wednesday at the Intelligence and National Security Summit co-hosted by AFCEA and the Intelligence and National Security Alliance.

AP
September 5, 2019
Texas authorities say they aren't aware of any money paid to hackers who used ransomware to target more than 20 communities last month. The Texas Department of Information Resources said in a statement Thursday that more than half of the local governments hit by ransomware in August have returned to normal operations. The department didn't detail what the remaining governments are doing to recover from the attacks. Federal authorities are still investigating. The statement didn't provide any information about the hackers' demands or explain how the local governments were compromised.

CyberScoop
September 5, 2019
The National Security Agency’s new Cybersecurity Directorate wants to more quickly share threat data in response to private sector criticism that the agency has been slow to provide key information that companies need to protect themselves, the head of the new foreign intelligence and digital defense outfit said Wednesday. The NSA’s impetus for creating the Cybersecurity Directorate, set to launch Oct. 1, was to address complaints that context is lacking in U.S. intelligence community’s threat reports that are issued to private companies. By sharing data such as malicious domain names or IP addresses long after hackers have abandoned them, NSA is not providing the real-time information corporate security teams need to block attacks. Now, the directorate will provide additional context to help sectors like the defense industrial base and election technology providers “prevent and eradicate” intruders, according to Anne Neuberger, director of the NSA’s Cybersecurity Directorate. The goal for the directorate, which was announced in July, is to try to preventing attacks before they start. “Clearly from the government, there’s some insights and information that we should share, particularly the tradecraft of how those entities are doing that, and enable [organizations] to look for that information on their platforms,” she said during an appearance at the Billington Cybersecurity Summit.

Ars Technica
September 5, 2019
As students returned to school across the country over the past two weeks, school districts are facing an unprecedented wave of ransomware attacks. In the past month, dozens of districts nationwide have been affected by ransomware attacks, in some cases taking entire school systems' networks down in the process. All classes were cancelled September 5 at Flagstaff Unified School District schools in Arizona after the discovery of a ransomware attack against the district's servers on Wednesday, September 4. All Internet services were taken down by the school district's information technology team at about 3pm local time on Wednesday, when the ransomware was discovered during what district officials said was routine maintenance. "We have had to break the connection from the Internet to our school sites while we work with Internet security experts to contain and mitigate the issue," FUSD spokesman Zachery Fountain said in a statement to press. No further details on the ransomware were released, and district officials are not sure whether any personal identifying information has been exposed.

FCW
September 5, 2019
The NSA is taking a strong stance against hacking back. If an organization should see evidence of an ongoing cyberattack, it should alert the FBI or Homeland Security, Glenn Gerstell, the National Security Agency's chief counsel, told reporters at the 2019 Intelligence and National Security Summit. "Both are in a position through their interagency task force to summon whatever resources of government are appropriate at that time," he said. At a Sept. 5 panel discussion on hacking back, Gerstell did not directly address concerns that former intelligence officers entering the private sector overseas engaging in hacking-back efforts, but he said "they are free to undertake whatever private-sector activities they want to take" but are "responsible for protecting the secrets of the federal government for their life." Gerstell also touted the NSA's new Cybersecurity Directorate, led by Anne Neuberger, that's set to launch Oct. 1 and will help streamline information sharing.

Gov Info Security
September 5, 2019
The mayor of New Bedford, Massachusetts, took the unusual step this week of holding a press conference to describe a recent ransomware attack and explain why the city decided not to pay the $5.3 million ransom that was demanded. Mayor Jon Mitchell described how the attackers first demanded $5.3 million in ransom, and the city countered with a $400,000 payment that its insurer had agreed to pay. When attackers did not respond to that offer, the city decided to continue moving forward with restoring systems and data through backups, the mayor said. Mitchell said the city decided to negotiate with the attackers to give its IT department enough time to see if it could restore systems on its own. Mitchell revealed that New Bedford was hit with a variation of the Ryuk ransomware strain, which has appeared in other attacks, including some of those that have targeted local and state governments.

Nextgov
September 4, 2019
The Pentagon’s newly minted artificial intelligence center is creating a framework for the military’s cybersecurity data, which will lay the foundation for AI-powered cyber defense tools. The Joint Artificial Intelligence Center is partnering with the National Security Agency, U.S. Cyber Command and dozens of Defense Department cybersecurity vendors to standardize data collection across the Pentagon’s sprawling IT ecosystem, according to Lt. Gen. Jack Shanahan, who leads the JAIC. By creating a consistent process for curating, describing, sharing and storing information, the JAIC intends to create a trove of cyber data that could ultimately be used to train AI to monitor military networks for potential threats, Shanahan said Wednesday at the Billington Cybersecurity Summit. Tech leaders in government and industry have long touted AI’s ability to monitor networks and detect suspicious behavior. But building those tools requires a lot of consistent training data, Shanahan said, and at least in the Defense Department, that data is hard to come by.

FCW
September 4, 2019
The Office of Management and Budget's process for reviewing the cybersecurity postures of federal agencies is "evolving," Federal Chief Information Security Officer Grant Schneider told FCW on the sidelines of the Billington Cybersecurity Summit in Washington, D.C. The reviews, dubbed CyberStat, are meant to function as one-on-one, in-depth analyses between OMB, which sets civilian governmentwide policy under the Federal Information Security Management Act, and federal agencies that may be struggling with compliance to identify root causes of security vulnerabilities and correct course. The number of such reviews jumped as high as 24 per year in 2016 under the Obama administration, but a Government Accountability Office report this year found that reviews have plummeted since then, with just eight being conducted in the past three years and zero so far in 2019. Schneider told FCW that his agency is taking "a hard look" at the current program with the aim of revamping the process ahead of next fiscal year. "What do we want the CyberStat program to look like and achieve," he asked, "and what are those numbers going to be?"

The Atlanta Journal Constitution
September 4, 2019
The 2,271 people eligible to vote in Chattahoochee Hills may feel like they’re stepping back in time whenever they cast a ballot for the City Council or mayor. In much of the rest of the state, electronic voting machines are standard for each and every election. But in Chattahoochee Hills and about 70 other cities, residents vote using paper ballots. In many of those cities, the votes are even tallied by hand. As the debate rages over whether Georgia’s new touchscreen-and-printed-ballot voting system is secure, voters in cities across the state will continue to fill out their ballots with pens this November. They won’t use any modern technology during their municipal elections. State law exempts cities from having to use the uniform voting system mandated for county, state and federal elections.

The Hill
September 3, 2019
Former Federal Communications Commission (FCC) Chairman Tom Wheeler stressed the need to zero in on protecting 5G wireless networks from cyber threats in a new paper published Tuesday by the Brookings Institution. The paper, co-authored by David Simpson, the former chief of the FCC’s Public Safety and Homeland Security Bureau, makes the case for putting “equivalent – if not greater – focus on the security” of 5G networks as there is on the possibilities of the “connected future.” “To build 5G on top of a weak cybersecurity foundation is to build on sand,” Wheeler and Simpson wrote in the paper. “This is not just a matter of the safety of network users, it is a matter of national security.” In an interview with The Hill, Wheeler highlighted the threat to 5G networks posed by the increasing amount of internet-connected devices, many of which may not be secure against cyberattacks.


INDUSTRY

Wired
September 6, 2019
Late Thursday, Google security researchers dropped a bombshell: Someone had launched a sustained attack against iPhone users that compromised their devices almost instantly when they visited certain websites. The campaign forced a fundamental shift in how security professionals think about iOS. And now, after a week of silence, Apple has finally given its side of the story. In a brief statement, Apple confirmed that the attacks had targeted China's oppressed Uyghur Muslim community, as had previously been reported. But the statement also called out multiple points of contention with how Google characterized the attack. "First, the sophisticated attack was narrowly focused, not a broad-based exploit of iPhones 'en masse' as described. The attack affected fewer than a dozen websites that focus on content related to the Uighur community," the statement reads. "Google’s post, issued six months after iOS patches were released, creates the false impression of 'mass exploitation' to 'monitor the private activities of entire populations in real time,' stoking fear among all iPhone users that their devices had been compromised. This was never the case." The company also disputed aspects of Google's timeline, saying that the malicious sites were operational for two months, rather than the roughly two years Google had estimated.

Ars Technica
September 6, 2019
For months, security practitioners have worried about the public release of attack code exploiting BlueKeep, the critical vulnerability in older versions of Microsoft Windows that’s “wormable,” meaning it can spread from computer to computer the way the WannaCry worm did two years ago. On Friday, that dreaded day arrived when the Metasploit framework—an open source tool used by white hat and black hat hackers alike—released just such an exploit into the wild. The module, which was published as a work in progress on Github, doesn’t yet have the polish and reliability of the EternalBlue exploit that was developed by the NSA and later used in WannaCry. “The release of this exploit is a big deal because it will put a reliable exploit in the hands of both security professionals and malicious actors,” Ryan Hanson, principal research consultant at Atredis Partners and a developer who helped work on the release, told Ars. “I'm hoping the exploit will be primarily used by offensive teams to demonstrate the importance of security patches, but we will likely see criminal groups modifying it to deliver ransomware as well.”

E&E News
September 6, 2019
A first-of-its-kind cyberattack on the U.S. grid created blind spots at a grid control center and several small power generation sites in the western United States, according to a document posted yesterday from the North American Electric Reliability Corp. The unprecedented cyber disruption this spring did not cause any blackouts, and none of the signal outages at the "low-impact" control center lasted for longer than five minutes, NERC said in the "Lesson Learned" document posted to the grid regulator's website. But the March 5 event was significant enough to spur the victim utility to report it to the Department of Energy, marking the first disruptive "cyber event" on record for the U.S. power grid. The case offered a stark demonstration of the risks U.S. power utilities face as their critical control networks grow more digitized and interconnected — and more exposed to hackers. "Have as few internet facing devices as possible," NERC urged in its report.

Ars Technica
September 5, 2019
An estimated 600,000 GPS trackers for monitoring the location of kids, seniors, and pets contain vulnerabilities that open users up to a host of creepy attacks, researchers from security firm Avast have found. The $25 to $50 devices are small enough to wear on a necklace or stash in a pocket or car dash compartment. Many also include cameras and microphones. They’re marketed on Amazon and other online stores as inexpensive ways to help keep kids, seniors, and pets safe. Ignoring the ethics of attaching a spying device to the people we love, there’s another reason for skepticism. Vulnerabilities in the T8 Mini GPS Tracker Locator and almost 30 similar model brands from the same manufacturer, Shenzhen i365 Tech, make users vulnerable to eavesdropping, spying, and spoofing attacks that falsify users’ true location. Researchers at Avast Threat Labs found that ID numbers assigned to each device were based on its International Mobile Equipment Identity, or IMEI. Even worse, during manufacturing, devices were assigned precisely the same default password of 123456. The design allowed the researchers to find more than 600,000 devices actively being used in the wild with that password. As if that wasn’t bad enough, the devices transmitted all data in plaintext using commands that were easy to reverse engineer.

Ars Technica
September 5, 2019
Researchers have disclosed a zero-day vulnerability in the Android operating system that gives a major boost to attackers who already have a toe-hold on an affected device. The privilege-escalation flaw is located in the V4L2 driver, which Android and other Linux-based OSes use to capture real-time video. The vulnerability results from a "lack of validating the existence of an object prior to performing operations on the object," researchers with Trend Micro's Zero Day Initiative said in a blog post published Wednesday. Attackers who already have untrusted code running with low privileges on a device can exploit the bug to access privileged parts of the Android kernel. The severity score is rated a 7.8 out of a possible 10 points. Modern OSes have become increasingly hard to compromise in recent years thanks to exploitation mitigations that prevent untrusted code from interacting with hard drives, kernels, and other sensitive resources. Hackers have responded by chaining two or more exploits together. A buffer overflow, for instance, may allow an attacker to load malicious code into memory, and a privilege-escalation flaw gives the code the privileges it needs to install a persistent payload.

The New York Times
September 4, 2019
Facebook, Google, Twitter and Microsoft met with government officials in Silicon Valley on Wednesday to discuss and coordinate on how best to help secure the 2020 American election, kicking off what is likely to be a marathon effort to prevent the kind of foreign interference that roiled the 2016 election. The daylong meeting, held at Facebook’s headquarters in Menlo Park, Calif., included security teams from the tech companies, as well as members of the F.B.I., the Office of the Director of National Intelligence and the Department of Homeland Security. The agenda was to build up discussions and strategic collaboration ahead of the November 2020 state, federal and presidential elections, according to Facebook. Tech company representatives and government officials talked about potential threats, as well as how to better share information and detect threats, the social network said. Chief executives from the companies did not attend, said a person briefed on the meeting, who declined to be identified for confidentiality reasons. “Improving election security and countering information operations are complex challenges that no organization can solve alone,” Nathaniel Gleicher, head of Facebook cybersecurity policy, said in a statement. “Today’s meeting builds on our continuing commitment to work with industry and government partners, as well as with civil society and security experts, to better understand emerging threats and prepare for future elections.”

Reuters
September 4, 2019
Cybersecurity firm Palo Alto Networks said it expects to grow sales at a double-digit pace over the next three years and forecast robust free cash flow, sending its shares up 8% in volatile after-hours trading on Wednesday. Palo Alto's upbeat forecast came as it reported better-than-expected fourth-quarter revenue and profit, helped by strong demand for its cloud security products. The company said the increasing popularity of its cloud security tool Prisma Access had boosted confidence it can achieve a 20% compounded annual growth rate for billings and revenue over the three-year period. Palo Alto competes in a tough market dominated by traditional firewall provider Cisco Systems Inc, Check Point Software Technologies and Juniper Networks Inc.

Wired
September 3, 2019
A lot can go wrong with corporate network security, but hopefully at a minimum people know not to plug strange USB sticks into network computers. But it turns out that an attacker could exploit flaws in a type of remote management device to plug in all the "virtual" thumb drives they want. And the same type of attack can turn pretty much any USB device into a virtual trojan horse. In new findings presented at the Open Source Firmware Conference in Silicon Valley on Tuesday, though, researchers from the security firm Eclypsium are detailing vulnerabilities in a number of Supermicro baseboard management controllers. Those are special processors installed on server motherboards to give system administrators hardware-level management powers from afar. That comes in handy when admins need to do things like load old software onto a server from a CD or upgrade an operating system from an image on an external hard drive. BMCs facilitate that without the need to physically plug anything into the server itself. The server will just think that a device is directly connected. The researchers found, though, that the BMCs on Supermicro X9, X10, and X11 platforms contain flaws that can be exploited to weaponize this legitimate function.


INTERNATIONAL

ZDNet
September 6, 2019
The federal government wants an updated strategy to cover the current cyber threat climate, publishing a discussion paper that seeks to gain a better understanding of the magnitude of the threats faced by Australian businesses and families, saying that as the threat evolves, so too must government's response. The Australian government in April 2016 launched the country's current cybersecurity strategy, handing over AU$230 million to the cause. "Despite making strong progress against the goals set in 2016, the threat environment has changed significantly and we need to adapt our approach to improve the security of business and the community," Minister for Home Affairs Peter Dutton is attributed as saying in the discussion paper's foreword. "Australia must position itself as a world leader in cyber threat detection, prevention and response. This means government and industry will need to work closer together than ever before."

Gov Info Security
September 6, 2019
A hacking group known as APT5 - believed to be affiliated with the Chinese government - has been targeting serious flaws in Pulse Secure and Fortinet SSL VPNs for more than six weeks, security experts warn. The attack alert comes in the wake of security researchers warning of a surge in scans looking for the security vulnerabilities. Successfully exploiting the flaws could enable attackers to steal data on user accounts and passwords from SSL VPNs without having to first authenticate, thus giving them full, remote access to enterprise networks. Cyber threat intelligence analyst Troy Mursch, who tweets as @bad_packets, says attackers in recent weeks have been probing for the existence of vulnerabilities in both types of SSL VPNs. He says the greatest concentration of vulnerable Pulse Secure systems are in the United States.

Reuters
September 5, 2019
Hackers working for the Chinese government have broken into telecoms networks to track Uighur travelers in Central and Southeast Asia, two intelligence officials and two security consultants who investigated the attacks told Reuters. The hacks are part of a wider cyber-espionage campaign targeting “high-value individuals” such as diplomats and foreign military personnel, the sources said. But China has also prioritized tracking the movements of ethnic Uighurs, a minority mostly Muslim group considered a security threat by Beijing. China is facing growing international criticism over its treatment of Uighurs in Xinjiang. Members of the group have been subject to mass detentions in what China calls “vocational training” centers and widespread state surveillance. Beijing’s alleged cyberspace attacks against Uighurs show how it is able to pursue those policies beyond its physical borders.

CyberScoop
September 5, 2019
A Chinese hacking group that has been using tools linked with the National Security Agency might have obtained at least one without breaching NSA systems, according to researchers at cybersecurity company Check Point. The Chinese hacking group APT3, which somehow had in its possession an NSA-linked tool in advance of public leaks in 2016 and 2017, appears to have acquired it by analyzing network traffic on a system that was potentially targeted by the NSA, Check Point says. The theory is that after observing the exploit in the wild, APT3 incorporated it into its own arsenal of attacks with some tweaks, the researchers say. “Check Point learned that the Chinese group was monitoring in-house machines that were compromised by the NSA, capturing the traffic of the attack and was leveraging it to reverse engineer the software vulnerabilities,” the researchers write. Check Point acknowledges that it “can’t prove this beyond any doubt.” The company says it does not know for sure that network traffic was used as a reference to build a Chinese exploit based on the NSA-linked tool, but it points to clues in the Windows Server Message Block (SMB) packets in the APT3 version of the tool. The Chinese possession of NSA-linked tools in advance of the 2016 and 2017 leaks — for which a mysterious group known as the Shadow Brokers takes the credit — was originally reported by Symantec. But it remained unclear how the Chinese had come into possession of the exploits.

CyberScoop
September 3, 2019
hinese telecommunication giant Huawei has accused U.S. authorities of using cyberattacks to interrupt its business and deploying police to harass employees, allegations that coincide with a growing investigation into the company’s international conduct. Huawei leveled the charges in a press release Tuesday, offering little evidence to substantiate its claims but denying it stole trade secrets from Rui Oliveira, a Portuguese inventor who accused Huawei of stealing his smartphone camera technology. U.S. prosecutors are probing Huawei for multiple instances of alleged intellectual property theft, according to the Wall Street Journal, while the firm also has become a focal point in the ongoing trade war between the U.S. and China. “For the past several months, the U.S. government has been leveraging its political and diplomatic influence to lobby other government to ban Huawei equipment,” the company said Tuesday. “Furthermore, it has been using every tool at its disposal — including both judicial and administrative powers, as well as a host of other unscrupulous means — to disrupt the normal business operations of Huawei and its partners.”

Yahoo News
September 2, 2019
For years, an enduring mystery has surrounded the Stuxnet virus attack that targeted Iran’s nuclear program: How did the U.S. and Israel get their malware onto computer systems at the highly secured uranium-enrichment plant? The first-of-its-kind virus, designed to sabotage Iran’s nuclear program, effectively launched the era of digital warfare and was unleashed some time in 2007, after Iran began installing its first batch of centrifuges at a controversial enrichment plant near the village of Natanz. The courier behind that intrusion, whose existence and role has not been previously reported, was an inside mole recruited by Dutch intelligence agents at the behest of the CIA and the Israeli intelligence agency, the Mossad, according to sources who spoke with Yahoo News. An Iranian engineer recruited by the Dutch intelligence agency AIVD provided critical data that helped the U.S. developers target their code to the systems at Natanz, according to four intelligence sources. That mole then provided much-needed inside access when it came time to slip Stuxnet onto those systems using a USB flash drive.

AP
September 2, 2019
The U.S. and Poland signed an agreement Monday to cooperate on new 5G technology as concerns grow about Chinese telecommunications giant Huawei. Vice President Mike Pence and Polish Prime Minister Mateusz Morawiecki signed the deal in Warsaw, where Pence is filling in for President Donald Trump, who scrapped his trip at the last minute because of Hurricane Dorian. The signing comes during a global battle between the U.S. and Huawei, the world's biggest maker of network infrastructure equipment, over network security and fears of Chinese access. The U.S.-Poland agreement states: "Protecting these next generation communications networks from disruption or manipulation and ensuring the privacy and individual liberties of the citizens of the United States, Poland, and other countries is of vital importance." Both countries pledged to endorse the principles developed by cybersecurity officials from dozens of countries at a summit in Prague this year to counter threats and ensure the safety of the next generation of mobile networks. Pence, speaking at a news conference with Polish President Andrzej Duda, said he hoped the declaration would set a "vital example for the rest of Europe on the broader question of 5G."

Reuters
September 1, 2019
North Korea denied on Sunday allegations that it had obtained $2 billion through cyberattacks on banks and cryptocurrency exchanges, and accused the United States for spreading rumors. A United Nations report seen by Reuters last month said North Korea had used "widespread and increasingly sophisticated" cyberattacks to steal from banks and cryptocurrency exchanges, amassing $2 billion which it used to fund weapons of mass destruction programs. "The United States and other hostile forces are now spreading ill-hearted rumors," North Korea's state-run KCNA news agency reported, citing a statement from the spokesperson for the National Coordination Committee of the DPRK for Anti-Money Laundering and Countering the Financing of Terrorism.

Bloomberg
August 31, 2019
Hong Kong appeared to be the target of a large digital attack in recent days, with a popular online forum used by protesters saying its servers were hit on Saturday. Digital Attack Map, which provides information on daily cyber attacks around the world, showed the financial hub at the center of distributed denial of service, or DDoS, attacks. LIHKG, a forum used by demonstrators to organize mass rallies in Hong Kong, said its servers were hit maliciously by a large DDoS attack in a way that had never seen before. While some of LIHKG’s services were interrupted, it was fully restored hours later, according to a post on Twitter. This is the second large cyber attack to hit apps used this summer by protesters to organize during unrest in Hong Kong. In June, messaging service Telegram said it had been hit by a powerful attack coming out of China. The protesters’ use of messaging apps and chat rooms has allowed them to quickly change and implement plans, frustrating government efforts to control them.


TECHNOLOGY

Ars Technica
September 5, 2019
An Internet Society-supported initiative, the Mutually Agreed Norms for Routing Security (MANRS), has tried to coax Internet service providers into minding their manners—particularly when it comes to how they use the Border Gateway Protocol (BGP), the occasionally abused communications method that drives much of how Internet traffic is routed. On August 13, the MANRS initiative launched the MANRS Observatory, a new Web tool that provides insight into just how well networks comply with routing security standards. The observatory provides a semblance of transparency into a part of the Internet invisible to most users. Last year, there were more than 12,000 routing outages or attacks, according to the Internet Society, including the use of BGP to hijack or misdirect traffic and internal BGP "leaks" from poorly configured routers. Deliberate BGP attacks can be used to steal data or redirect requests to hostile "spoofed" websites, as some state actors have been known to do. The MANRS initiative promotes technical collaboration among network providers to reduce the most common types of threats to routing security.

The New York Times
September 5, 2019
When hackers took over the Twitter account of Twitter’s chief executive, Jack Dorsey, last week, they used an increasingly common and hard-to-stop technique that can give them complete access to a wide array of the most sensitive digital accounts, including social media, email and financial accounts. Called SIM swapping, it allows hackers to take control of a victim’s phone number. In recent months, SIM swapping has been used to hijack the online personas of politicians, celebrities and notables like Mr. Dorsey, to steal money all over the world and to simply harass regular people. Victims, no matter how prominent or technically sophisticated, have been unable to protect themselves, even after they have been hit again and again. “I’ve been looking at the criminal underground for a long time, and SIM swapping bothers me more than anything I’ve seen,” said Allison Nixon, the director of research at the security firm Flashpoint. “It requires no skill, and there is literally nothing the average person can do to stop it.”