Pages

Thursday, September 05, 2019

Vienna v Vrbov v Villawood: To guard against hacking


Risk anything! Care no more for the opinion of others ... Do the hardest thing on earth for you. Act for yourself. Face the truth."
(Journal entry, 14 October 1922)”
― Katherine Mansfield, 
Journal of Katherine Mansfield



IMF tackles tax havens





'24/7 presence:' Building manager who built underground cave amid stolen goods also allegedly hacked apartment security database


The manager of an inner city apartment complex, who allegedly stole hundreds of goods from residents to store in a custom-built living space in the basement, had also allegedly hacked the building's security computer database in November last year.

Vienna feeds the imagination. Sydney and Melbourne? Not so much

The history of the 20th century would have been different if Freud had spun his chair around and said "You look like a troubled young man. Come and have a chat." 
Vienna is a town that feeds the imagination. Can we say the same about Sydney or Melbourne?


Is a deep dive at Bondi or St Kilda more satisfying than a deep dive into the history of western civilisation? Sorry, we’ll just have to be content with positions two and three.

Sydney and Melbourne have been rated below Vienna in a poll about "the world’s most liveable cities". I’m afraid I have to support that poll’s conclusion.

Cheri picked Flashback:

Cherry

A World Apart - Vienna Wind # 1

On 7 July 1980 I became the enemy of the Czechoslovak 
AS ALWAYS, LIFE IN THE 21st CENTURY IMITATES MONTY PYTHON: New York Times: Scientist says she’s received ‘Yoda-like advice’ from shrubbery.





Katharine Murphy, via The Guardian
Just 15% of voters are watching events in Canberra intently — and 15% have no interest at all.



INFRASTRUCTURE DEVIL'S ADVOCATE: The DHS is in the midst of hosting its third annual cyber war games, dubbed Operation Tsunami 2019.


The Hill
August 26, 2019
Voting rights and election security groups on Monday urged two House and Senate committees to hold hearings on the security of voting machines. The groups, which include the National Election Defense Coalition, Electronic Privacy Information Center, R Street Institute and Public Citizen, asked the House Administration Committee and the Senate Rules and Administration Committee in a letter to schedule election security hearings that include testimony from voting machine vendors and election security experts. "The security of our nation’s elections is acutely dependent on the vendors that supply our computerized voting systems," the groups wrote. "The voting system vendors have operated with little oversight and no regulation for decades." "Given the gravity and urgency of this issue, we write to you to urge the committees to hold a hearing on election system security featuring sworn testimony from officers of the voting system vendors to shed more light on their practices which directly impact the security of the nation," they added. The groups cited reports in recent months that certain voting systems rely on outdated Windows 7 operating systems, that one major election machine vendor installed remote access software on its election systems and concerns about a lack of transparency from voting machine vendors.

ADMINISTRATION

The Washington Post
August 30, 2019
Democratic officials moved Friday to block plans to allow caucusgoers to vote by phone in Iowa and Nevada next year because of concerns the technology could be hacked. An advisory from Tom Perez, the chair of the Democratic National Committee, and the co-chairs of the Rules and Bylaws Committee recommended against the virtual caucus or tele-caucus in the two early-voting states. Internal security and technology analysts, working with a panel of outside experts, found that there was no teleconference system that met security standards, according to three Democrats who were not authorized to discuss plans ahead of the recommendation’s release. The recommendation will trigger a meeting of the Rules and Bylaws Committee, which has ultimate say over the plans but is unlikely to deviate from the guidance of its leadership. Rules approved by the DNC last year pressed caucus states to convert to a primary system — which at least nine states have done — or else to take steps to let voters participate without attending an hours-long meeting.

Ars Technica
August 30, 2019
As investigations into a massive, coordinated ransomware attack against local governments in Texas continues, 13 new victims of ransomware attacks have been publicly identified. Most of them are school districts, thought the victims also include an Indiana county, a hospice in California, and a newspaper in Watertown, New York. The ransomware involved in the Texas attacks, which hit 22 local-level government entities, has not yet been identified.  Multiple sources have suggested that the Texas attacker gained access through a managed service provider that the local governments all had in common, but that has not been confirmed by state officials. In the case of this latest batch of attacks, Ryuk ransomware has been identified as the malware used on at least three occasions.

AP
August 29, 2019
A former Amazon software engineer arrested last month on charges she hacked into Capital One bank and more than 30 different companies has been indicted by a federal grand jury on charges she not only broke into the company's computer system, but also stole computing power for her own benefit. Paige Thompson faces wire fraud and computer fraud and abuse charges in the indictment announced Wednesday. She's scheduled to be arraigned Sept. 5. Her lawyer did not immediately respond to an email request for comment. In addition to Capital One, the indictment identifies three other entities that were targets. They include a state agency and a public research university, both outside Washington state, and a telecommunications conglomerate located outside the U.S. Between March and July of this year, Thompson created scanning software that allowed her to identify customers of a cloud computing company that had misconfigured their firewalls, allowing someone to access their servers, according to the indictment.

The New York Times
August 28, 2019
A secret cyberattack against Iran in June wiped out a critical database used by Iran’s paramilitary arm to plot attacks against oil tankers and degraded Tehran’s ability to covertly target shipping traffic in the Persian Gulf, at least temporarily, according to senior American officials. Iran is still trying to recover information destroyed in the June 20 attack and restart some of the computer systems — including military communications networks — taken offline, the officials said. Senior officials discussed the results of the strike in part to quell doubts within the Trump administration about whether the benefits of the operation outweighed the cost — lost intelligence and lost access to a critical network used by the Islamic Revolutionary Guards Corps, Iran’s paramilitary forces. The United States and Iran have long been involved in an undeclared cyberconflict, one carefully calibrated to remain in the gray zone between war and peace. The June 20 strike was a critical attack in that ongoing battle, officials said, and it went forward even after President Trump called off a retaliatory airstrike that day after Iran shot down an American drone.

FCW
August 27, 2019
The Department of Homeland Security is seeking public comment on how to structure information collection activities related to its new vulnerability disclosure program. In a draft notice set to be published in the Federal Register Aug. 28, DHS and the Office of Management and Budget ask for feedback from private industry on how best to structure the form and information for companies or individuals who wish to submit information to the government about newly discovered IT vulnerabilities present on DHS information systems. The program was created pursuant to the SECURE Technologies Act passed into law last year. The DHS form asks security researchers for information on any vulnerable hosts, details on how to reproduce the vulnerability, ideas for remediation and an assessment of potential impacts if left unaddressed. "The form will benefit researchers as it will provide a safe and lawful way for them to practice and discover new skills while discovering the vulnerabilities," the notice reads. "Meanwhile, it will provide the same benefit to the DHS, in addition to enhanced information system security following the vulnerability mitigation."

Nextgov
August 27, 2019
The Trump administration issued a new policy in May regarding how people, devices and bots are credentialed and granted access to federal systems. With the arrival of August comes the first deadline under this new policy: for the General Services Administration to create a catalog of approved identity, credential and access management, or ICAM, products and services for agencies to buy. GSA had three months from the issuance of the policy to develop the catalog, which the agency released Monday. The list includes 14 products and services, all available through different special item numbers, or SINs, on GSA’s IT Schedule 70, or through other GSA services, such as Login.gov for electronic identity management and USAccess for physical access card services. GSA also put out a short questionnaire through Google Forms, asking four questions about the most and least helpful parts of the catalog. The agency plans to incorporate that feedback into a finalized catalog, which will be posted on IDManagement.gov.

The Guardian
August 27, 2019
Florida’s record as a vital swing state made it a target for meddling in the 2016 election when Russians breached two county voting systems and a software vendor and now concerns are being raised about voting security in the state for the 2020 ballot, say election and cyber security experts, federal reports and Democrats. With FBI director Christopher Wray and other intelligence officials predicting more Russian and possibly other foreign interference in the next elections, experts say Florida is again a likely target for Russian hackers, or others bent on disrupting voting, which potentially could alter tallies and create other problems. “Obviously, Florida will be a critical state in 2020 and Florida election officials should assume they will be targeted again,” said Larry Norden, who runs the election reform program at the Brennan Center for Justice. Election security experts are concerned about several potential problem areas, including software that stores sensitive voter registration data, the short timetable for any post-election audits and Florida’s history of voting snafus.

Reuters
August 26, 2019
The U.S. government plans to launch a program in roughly one month that narrowly focuses on protecting voter registration databases and systems ahead of the 2020 presidential election. These systems, which are widely used to validate the eligibility of voters before they cast ballots, were compromised in 2016 by Russian hackers seeking to collect information. Intelligence officials are concerned that foreign hackers in 2020 not only will target the databases but attempt to manipulate, disrupt or destroy the data, according to current and former U.S. officials. “We assess these systems as high risk,” said a senior U.S. official, because they are one of the few pieces of election technology regularly connected to the Internet. The Cybersecurity Infrastructure Security Agency, or CISA, a division of the Homeland Security Department, fears the databases could be targeted by ransomware, a type of virus that has crippled city computer networks across the United States, including recently in Texas, Baltimore and Atlanta. “Recent history has shown that state and county governments and those who support them are targets for ransomware attacks,” said Christopher Krebs, CISA’s director. “That is why we are working alongside election officials and their private sector partners to help protect their databases and respond to possible ransomware attacks.”

NPR
August 26, 2019
The head of the National Security Agency, Army Gen. Paul Nakasone, has a catchphrase: "persistent engagement." This covers a broad spectrum of cyber activities at the nation's largest spy agency. But at its core, it means relentlessly tracking adversaries, and increasingly, taking offensive action against them. "That's the idea of persistent engagement. This idea of enabling and acting," Nakasone recently told NPR. When he took over the agency last year, he said that rivals didn't fear the U.S. in the cyber realm, and he intended to change that. "Technology is ever changing, national security threats are ever changing. And for us to be effective, we need to be as agile, ideally one step ahead of that. We've adapted to that next threat," said Anne Neuberger, a senior NSA official.

Fifth Domain
August 26, 2019
Five years ago, the Army created a cyber branch for its uniformed personnel. Earlier this month, service leaders signed a charter to create the equivalent for civilian employees. Formally known as Career Program 71, cyberspace effects, the new positions will provide a centralized approach for civilian training, education and professional development in the cyber discipline. Each Army civilian position, be it infantry or armor, is aligned to a corresponding uniformed position. “This is really a big deal. What this allows us to do, essentially, [is establish] a formal framework and program that will allow us to recruit, develop, retain those members of our workforce that are specifically conducting cyberspace effects,” Lt. Gen. Stephen Fogarty, the head of Army Cyber Command, said during a signing ceremony at TechNet Augusta, Aug. 20. These civilians will work on the Army cyber mission force teams that feed up to U.S. Cyber Command and conduct offensive and defensive cyberspace missions. Army leaders argued the positions are necessary now because they require specialized training that personnel weren’t getting in intelligence or information warfare.

FCW
August 26, 2019
The increasing tempo of breaches and cyberattacks on critical infrastructure networks is driving privately owned infrastructure providers to share their data with the Department of Homeland Security's cybersecurity agency in increasing numbers, according to one of its top managers. Privately owned critical infrastructure providers, like power, banking and telecommunications companies, had been slow to share their data on cyberattacks a few years ago, according to Brian Harrell assistant director for infrastructure security at DHS' Cybersecurity and Infrastructure Security Agency (CISA), because of competitive concerns. Things have changed, he told an audience in a speech at Auburn University's McCrary Institute for Cyber and Critical Infrastructure Security on Aug. 23. Harrell, along with his boss, CISA Director Christopher Krebs both spoke at the university on consecutive days to engineering students on the importance of cybersecurity and infrastructure.

AP
August 23, 2019
North Carolina election officials on Friday certified bar code ballots for use in elections starting next year despite an outcry that they can't be trusted by voters uncertain their choices are accurately counted. The State Board of Elections voted 3-2 to allow a voting-machine maker to sell equipment that digitizes votes into bar code data, which is then tallied by the company's counting machines. Almost two dozen speakers urged the elections board to reject bar code systems because voters can't read the bar codes to check that they're correct. But Democratic board chairman Damon Circosta sided with two Republicans on the five-member panel, citing the risk of delay after touchscreen-only equipment is disallowed in December. New voting machines in about a quarter of the state's counties need to be replaced as primary elections loom in March. After hackers tried to access U.S. election systems in 2016, a study released last year by the combined National Academies of Science, Engineering and Medicine urged that elections use human-readable paper ballots that people can inspect and recount.


INDUSTRY

Wired
August 30, 2019
Hacking the iPhone has long been considered a rarified endeavor, undertaken by sophisticated nation states against only their most high-value targets. But a discovery by a group of Google researchers has turned that notion on its head: For two years, someone has been using a rich collection of iPhone vulnerabilities with anything but restraint or careful targeting. Instead, they've indiscriminately hacked thousands of iPhones just by getting them to visit a website. On Thursday evening, Google's Project Zero security research team revealed a broad campaign of iPhone hacking. A handful of websites in the wild had assembled five so-called exploit chains, tools that link together security vulnerabilities, allowing a hacker to penetrate each layer of iOS's digital protections. The rare and intricate chains of code exploited a total of 14 security flaws, targeting everything from the browser's "sandbox" isolation mechanism to the core of the operating system known as the kernel, ultimately gaining complete control over the phone.

The Verge
August 30, 2019
Twitter CEO Jack Dorsey’s Twitter account was hacked on Friday afternoon by a group that calls itself the Chuckle Squad. The hackers tweeted racial slurs from Dorsey’s account. Some offensive tweets were up for about 10 minutes, though not long after the hack began, those tweets were being deleted. The hackers also plugged a Discord serve, asking people to join it. (The server invitation link tweeted out by the hackers no longer works.) “Both the server and the server owner were permanently removed from Discord within minutes of this being reported to us,” a Discord representative told The Verge. “Encouraging any kind of hacking is in direct violation of our Terms of Service,” the representative said. “We will continue to monitor and investigate this incident.” The tweets appear to come from Cloudhopper, a company that Twitter previously acquired to help with its SMS service. If you text 404-04 from the phone number linked to your Twitter account, that text will post to Twitter. The source in the tweet will be given as “Cloudhopper.”

ZDNet
August 29, 2019
Hundreds of dental practice offices in the US have had their computers infected with ransomware this week, ZDNet has learned from a source. The incident is another case of a ransomware gang compromising a software provider and using its product to deploy ransomware on customers' systems. In this case, the software providers are The Digital Dental Record and PerCSoft, two Wisconsin-based companies who collaborated on DDS Safe, a medical records retention and backup solution advertised to dental practice offices in the US. Over the last weekend, a hacker group breached the infrastructure behind this software, and used it to deploy the REvil (Sodinokibi) ransomware on computers at hundreds of dentist offices across the US. The security breach came to light on Monday, when dentists returned to work, only to find out they couldn't access any patient information.

Pro Publica
August 27, 2019
On June 24, the mayor and council of Lake City, Florida, gathered in an emergency session to decide how to resolve a ransomware attack that had locked the city's computer files for the preceding fortnight. Following the Pledge of Allegiance, Mayor Stephen Witt led an invocation. "Our heavenly father," Witt said, "we ask for your guidance today, that we do what's best for our city and our community." Witt and the council members also sought guidance from City Manager Joseph Helfenberger. He recommended that the city allow its cyber insurer, Beazley, an underwriter at Lloyd's of London, to pay the ransom of 42 bitcoin, then worth about $460,000. Lake City, which was covered for ransomware under its cyber-insurance policy, would only be responsible for a $10,000 deductible. In exchange for the ransom, the hacker would provide a key to unlock the files. "If this process works, it would save the city substantially in both time and money," Helfenberger told them. Without asking questions or deliberating, the mayor and the council unanimously approved paying the ransom. The six-figure payment, one of several that US cities have handed over to hackers in recent months to retrieve files, made national headlines.

ZDNet
August 27, 2019
Microsoft says that users who enable multi-factor authentication (MFA) for their accounts will end up blocking 99.9% of automated attacks. The recommendation stands not only for Microsoft accounts but also for any other profile, on any other website or online service. If the service provider supports multi-factor authentication, Microsoft recommends using it, regardless if it's something as simple as SMS-based one-time passwords, or advanced biometrics solutions. "Based on our studies, your account is more than 99.9% less likely to be compromised if you use MFA," said Alex Weinert, Group Program Manager for Identity Security and Protection at Microsoft. Weinert said that old advice like "never use a password that has ever been seen in a breach" or "use really long passwords" doesn't really help. He should know. Weinert was one of the Microsoft engineers who worked to ban passwords that became part of public breach lists from Microsoft's Account and Azure AD systems back in 2016. As a result of his work, Microsoft users who were using or tried to use a password that was leaked in a previous data breach were told to change their credentials. But Weinert said that despite blocking leaked credentials or simplistic passwords, hackers continued to compromise Microsoft accounts in the following years.

Gov Info Security
August 26, 2019
Hackers in recent days have been hunting for SSL VPNs manufactured by both Fortinet and Pulse Secure that have yet to be updated to fix serious security flaws, security experts warn. There's been a surge in scanning attempts by attackers to locate and automatically hack these devices, exploiting known flaws that allow them to steal passwords and other sensitive data. With stolen passwords in hand, attackers can potentially gain full, remote access to organizations' networks. The attacks come despite both vendors having released patches several months ago - Pulse Secure in April, Fortinet in May - via firmware updates that included security fixes. Both vendors warned that all customers should install the updates as quickly as possible, given the severity of the flaws. Many organizations, however, apparently have yet to install the updated software, and thus remain at elevated risk from escalating exploit attempts.


INTERNATIONAL

CyberScoop
August 30, 2019
The North Atlantic Treaty Organization’s cyber-operations command center in Belgium still has a ways to go before its offensive playbook is set in stone, a NATO cyber official involved in the matter told CyberScoop. The Cyberspace Operations Centre was established almost exactly one year ago, in Mons, Belgium to help member nations’ obtain real-time intelligence on and respond to cyberthreats from criminal or nation-state backed hackers. The alliance is still working on pooling member nations’ offensive cyber capabilities for those responses, Deputy Director of the Cyberspace Operations Centre Group Captain Neal Dewar told CyberScoop in an interview. The cyber operations center was created in part to fulfill the alliance’s 2016 decision that under NATO’s Article V, a cyberattack on one member nation may result in a group of members coming to its defense, just as if a physical attack had occurred. But because the alliance does not have its own cyberweapons, and because NATO members do not possess the same capabilities, it must pool together its resources, Dewar said.

Gov Info Security
August 30, 2019
An emerging cyber espionage group that apparently started its work in South Africa last year is now focusing on targeting critical control systems for oil and gas companies in the Middle East, according to researchers at two cybersecurity firms. The threat group - called "Lyceum" by Secureworks and "Hexane" by Dragos - also has targeted telecommunications providers in the Middle East, Africa and Central Asia, "potentially as a stepping stone to network-focused man-in-the-middle and related attacks," Dragos reseachers say. Secureworks, a unit of Dell, says that domain registrations indicate that Lyceum, which may have been active as early as April 2018, attacked targets in South Africa in the middle of last year. The group expanded its geographical reach in May when it launched a campaign against oil and gas companies in the Middle East after it had made a "sharp uptick in development and testing of their toolkit against a public multivendor malware scanning service in February." Dragos said organizations in Kuwait appear to be a primary target for the group.

Vice Motherboard
August 28, 2019
French police, with help from an antivirus firm, took control of a server that was used by cybercriminals to spread a worm programmed to mine cryptocurrency from more than 850,000 computers. Once in control of the server, the police remotely removed the malware from those computers. Antivirus firm Avast, which helped France’s National Gendarmerie cybercrime center, announced the operation on Wednesday. Avast said that they found that the command and control server, which was located in France, had a design flaw in its protocol that made it possible to remove the malware without “making the victims execute any extra code,” as the company explained in its lengthy report. This takedown is a good example of how law enforcement agencies are starting to push the boundaries to not only stop malware, but directly help victims remove it from their systems.

BBC
August 27, 2019
Nato Secretary General Jens Stoltenberg says all 29 member countries would respond to a serious cyber-attack on one of them. Writing in Prospect Magazine, he said such an incident would trigger a "collective defence commitment", known as Article 5 of its founding treaty. Article 5 has not been triggered since the 9/11 terror attacks on the US in 2001. Nato's members include the US, Canada and many European countries. "We have designated cyber-space a domain in which Nato will operate and defend itself as effectively as it does in the air, on land, and at sea," he wrote in his article. It's not the first time Mr Stoltenberg has made this claim. As an example of a major cyber-incident, he mentioned the 2017 Wannacry ransomware attack which crippled the NHS in the UK and caused havoc around the world, although this did not trigger Article 5 at the time.


TECHNOLOGY

Fox News
August 30, 2019
Uncle Sam was in plain sight at this year’s iteration of the massive “hacker” gathering known as DEF CON, in effect holding a “we love hacking” sign with the subtlety of a Vegas marquee. The annual tech event, which drew more than 30,000 people to Sin City this year according to organizers, has long been a target for domestic intelligence and law enforcement agencies, according to reported FBI documents. Organizers have told of alleged foreign spies posing as documentary crews and trying to blend in with the DEF CON crowd. But this year’s event saw an increased presence of DC lawmakers, most of whom were extending obvious olive branches, if not pleading for hackers' help. And they seemed to be mostly well-received. "White-hat hackers are absolutely irreplaceable in the technological age," Senator Ron Wyden, D-Oregon, told an audience of hundreds, which erupted into thunderous applause at that and many other moments during his remarks.