Wednesday, November 20, 2019

Freedom on the Net 2019 The Crisis of Social Media

It’s our fault. They’re our kids. We let it happen.  
Gee, when I was editor of my college newspaper
 I loved it when people took offense. 
It proved I had got their attention.

Sydney cloaked in bushfire smoke for second time in three days
 - Sydney Morning Herald
Ken Starr on Gordon Sondland’s impeachment hearing testimony:
 ‘One of those bombshell days’ - NEWS.com.au




RICHARD FERNANDEZ: The Media Are Missing the Biggest Story Since the Fall of the Soviet Union. “Bloomberg editors have noticed that the world is on fire. There are demonstrations and unrest in Lebanon, Chile, Spain, Iraq, Sudan, Russia, Uganda, Peru, Hong Kong, Zimbabwe, Venezuela and others. That ‘other’ is Iran, where the Internet has been shut down and rampaging protesters are burning down the Central Bank. Hong Kong at least deserves a separate mention.”

Hong Kong protests: university campus stand-off between radicals and riot squad shows no sign of ending as thousands hit streets in bid to relieve police siege SCMP

Beijing’s tactics are driving spiral of violence in Hong Kong Australian Financial Review
* * *
Embarrassing mistake: Chinese magazine ‘accidentally’ reveals new top secret weapon NY Herald


What Would Happen If the Internet Went Down … Forever? - 

Popular Mechanics – “…So how long could society carry on without the internet? However implausible, it’s nonetheless a scenario that futurists, economists, and IT workers spend considerable time contemplating. “Eliminating all internet communications, even if only for a few days, would inflict huge economic costs,” says Thomas Hazlett, who served as chief economist of the Federal Communications Commission in the early 1990s. “Look at the economic damage wrought by the 9/11 attacks that closed Wall Street trading and cut off international flights in a large part of the world for about a week. Those losses are calculated to be over $120 billion

Freedom on the Net 2019 The Crisis of Social Media

Freedom House – “Governments around the world are increasingly using social media to manipulate elections and monitor their citizens, tilting the technology toward digital authoritarianism. As a result of these trends, global internet freedom declined for the ninth consecutive year, according to Freedom on the Net 2019, the latest edition of the annual country-by-country assessment of internet freedom, released today by Freedom House. Adding to the problem of meddling by foreign regimes, a new menace to democracy has risen from within, as populist leaders and their armies of online supporters seek to distort politics at home. Domestic election interference marred the online landscape in 26 of the 30 countries studied that held national votes over the past year. Disinformation was the most commonly used tactic. Authorities in some countries blocked websites or cut off access to the internet in a desperate bid to cling to power.

“Many governments are finding that on social media, propaganda works better than censorship,” said Mike Abramowitz, president of Freedom House. “Authoritarians and populists around the globe are exploiting both human nature and computer algorithms to conquer the ballot box, running roughshod over rules designed to ensure free and fair elections.” Governments from across the democratic spectrum are indiscriminately monitoring citizens’ online behavior to identify perceived threats—and in some cases to silence opposition. Freedom House has found evidence of advanced social media surveillance programs in at least 40 of the 65 countries analyzed..”
  
via Nick Leiserson
 


CyberScoop

November 15, 2019

After years of getting pummeled by critics for not embracing ethical hacking, the country’s biggest voting equipment vendors took a big step in that direction in September. They asked the cybersecurity community for ideas on how to set up a process through which researchers could flag software flaws for vendors to fix. Companies that specialize in coordinated vulnerability disclosure (CVD) programs like Bugcrowd and Synack responded to the request for information. But the usual suspects weren’t the only entities to submit ideas. A Democratic presidential candidate and one of the most outspoken voices in the Senate on election security also chimed in. In a four-page letter to the industry association establishing the CVD program, Sen. Amy Klobuchar, D-Minn., advised the voting-gear vendors to ditch their reservations about working with unvetted researchers, pay close attention to their supply chains, and set a timeline for getting software bugs fixed.




The Hill

November 14, 2019
The House Science, Space and Technology Committee on Thursday unanimously approved legislation intended to secure voting technology against cyberattacks. The Election Technology Research Act would authorize the National Institute of Standards and Technology and the National Science Foundation to conduct research on ways to secure voting technology. The legislation would also establish a Center of Excellence in Election Systems that would test the security and accessibility of voting machines and research methods to certify voting system technology. The bill is sponsored by Reps. Anthony Gonzalez (R-Ohio) and Mikie Sherrill (D-N.J.), along with committee Chairwoman Eddie Bernice Johnson (D-Texas) and ranking member Frank Lucas (R-Okla.). All four sponsors enthusiastically praised the bill during the committee markup on Thursday, with Johnson saying that “transparent, fair, and secure elections are the bedrock of our democracy,” and that attacks in 2016 on online voter registration databases “have increased Americans’ concerns about the integrity of our elections.”

Nextgov
November 13, 2019
An attempted hack of the mobile voting application used by West Virginia during the 2018 midterm elections has already spawned an FBI review, but now a prominent U.S. senator is urging a full cybersecurity audit of the technology. Sen. Ron Wyden, an Oregon Democrat, wrote to the Department of Defense and National Security Agency last week to ask the agencies to conduct a full review of Voatz, the company behind the technology. Voatz developed the mobile voting app to provide a way for overseas service members to cast ballots. The company said 144 West Virginians living in 31 different countries used the app to vote in the 2018 elections. Wyden is concerned with the security risks of using the technology to cast ballots online and said Voatz has not been sufficiently transparent about its efforts to vet and safeguard the voting app. “While Voatz claims to have hired independent experts to audit the company, its servers and its app, it has yet to publish or release the results of those audits or any other cybersecurity assessments,” Wyden wrote in the Nov. 7 letter. “In fact, Voatz won’t even identify its auditors. This level of secrecy hardly inspires confidence.” Spokespeople from both the NSA and DOD said they are in receipt of the letter, but declined to comment further.

The Hill
November 11, 2019
Rep. Pete King’s (R-N.Y.) planned retirement after the 2020 elections is the latest in a string of House departures that look likely to deal a blow to Republican cybersecurity expertise on Capitol Hill. King said on Monday he would not seek reelection after 14 terms in the House, including serving previously as chairman of the House Homeland Security Committee and as a member of the House Intelligence Committee. Those two panels have a focus on cyber issues, such as election security and other cyber threats from foreign countries, and the departure of a longtime member such as King could make it more difficult for Congress to address growing cyber threats in the future.   His resignation comes on the heels of announcements by almost two dozen other House Republicans that they will not run for reelection, with several of these members having become key players in the cybersecurity debate on Capitol Hill, including Rep. Will Hurd (R-Texas).


ADMINISTRATION

Gov Info Security
November 15, 2019
Several recent advisories from federal regulators concerning newly identified vulnerabilities in certain medical devices serve as the latest reminders of the risk management challenges involved. The alerts point to the need for healthcare organizations to stay current on newly identified medical device flaws and take steps to remediate risks, including prompt software patching and segmenting devices on networks. A series of recent advisories from the Department of Homeland Security's U.S. Computer Emergency Response Team, or CERT, deals with products from Philips and Medtronic that have vulnerabilities - including weak encryption, improper authentication, and hard-coded credentials - that can potentially put the equipment at risk for unauthorized access or cyberattacks. Both manufacturers say there has been no evidence these vulnerabilities have been exploited, resulting in security incidents or patient harm.

Nextgov
November 14, 2019
The Homeland Security Department’s signature cybersecurity program is helping agencies discover scores of devices they didn’t know existed within their IT infrastructure, according to the program’s chief. Launched in 2013, the Continuous Diagnostics and Mitigation program offers agencies a full suite of cyber tools, dashboards and services meant to give them a bird’s-eye view of their digital ecosystem. The program, run by the Cybersecurity and Infrastructure Security Agency, is meant to help officials better defend against cyberattacks by increasing visibility into the users, devices, systems and traffic across an agency’s network. Already, the effort is helping the government shed light its shadow IT, the numerous devices that operate across agencies’ networks without oversight from their IT shops. When conducting audits of their digital ecosystems, agencies uncovered 75% more assets using automated tools provided through CDM than they did using traditional manual reporting, according to Program Manager Kevin Cox. In other words, before using CDM tools, agencies only knew about four of every seven devices that connected to their networks. “If you don’t know what all of your assets are, you can’t protect your network,” he said Thursday during a speech at the CDM Summit hosted by FCW. “You don’t understand what your attack surface is [or] what the adversary is attacking. So that [75% increase] is significant in terms of just getting better visibility for the agencies to know what they need to protect and where they have data.”

CyberScoop
November 14, 2019
Misconceptions from the private sector about the risks of sharing data with the government are still a hurdle when it comes to cyberthreat exchange programs, a Department of Homeland Security official said Thursday. “I don’t think there are any risks to [sharing cyberthreat information] with the federal government; I think that there are potentially some perceived risks,” said Rick Driggers, an official at DHS’s Cybersecurity and Information Security Agency (CISA). “I’ve heard that there are a lot of private-sector companies that don’t necessarily want to give information to the federal government,” Driggers said at the Workforce Summit produced by FedScoop. “And I totally get that.” Concerns from private-sector organizations about sharing data with the government include that companies could expose themselves to litigation or reveal sensitive corporate information.  That is despite a 2015 federal law that gives firms legal cover to share that data.

Fifth Domain
November 14, 2019
There is currently not a whole-of-government approach to the Department of Defense’s “defend forward” strategy and, according to Brandon Valeriano, a senior adviser to the Cyber Solarium Commission and the chair of armed politics at the Marine Corps University, there needs to be. The policy, which says DoD can operate on foreign networks to stop attacks before they happen, needs engagement from other government agencies in order to be successful. “The defend forward strategy, properly implemented, wouldn’t just be DoD,” Valeriano said Nov. 12 at Fifth Domain’s annual CyberCon conference. “It would include everything.” Valeriano said that the major players in government cybersecurity — the Departments of Homeland Security, Justice, State and Defense, as well as the intelligence community — aren’t properly communicating. “Not everyone is on the same page and that’s been the most disappointing thing I’ve found looking at cyber policy," said Valeriano. The defend forward strategy is meant to change adversary behavior in cyberspace, but Valeriano said that the DoD hasn’t established how it can measures the before and after of adversary behavior. Valeriano also said that there is not a “clear conception of metrics" to measure the success of the new strategy.

FCW
November 14, 2019
Aaron Weis, the Navy's newly appointed CIO, expects the Defense Department's new unified cybersecurity certification to help bring government's tech standard closer to industry's. "There's not a single silver bullet," Weis said during a panel talk at AFCEA DC's Navy luncheon Nov. 13. "But I think you can lead by well-placed examples. You can lean on the Tier 1 providers, lean on the Tier 2s, Tier 3s to look at things culturally. And there are a number of ways that [the Navy] can go out and really put a pin on where things need to change. The DOD's planned Cybersecurity Maturity Model Certification (CMMC) program could help and has the "right perspective," Weis said. "I'm a believer in that model. CMMC is basically saying that -- it's asking individual Tier 2 or Tier 3 suppliers to go accredit themselves and then get that accreditation validated by a third party. And that is exactly how it happens in other industries," he said.

Gov Info Security
November 14, 2019
A pair of Massachusetts men allegedly ran a years-long scheme that used SIM swapping and other hacking techniques to target executives in order to steal more than $550,000 worth of cryptocurrency, the U.S. Justice Department announced Thursday. Most of the 10 executives who were targeted worked for blockchain companies or cryptocurrency exchanges or published guides and advice about virtual currencies and digital wallets, according to the U.S. Attorney's Office for the District of Massachusetts, which is overseeing the case. The reason that these types of victims were targeted, according to the indictment, is they "likely had significant amounts of cryptocurrency," prosecutors say. Many of the victims had significant social media followings, they note. According to the unsealed indictment, Eric Meiggs, 21, and Declan Harrington, 20, hacked into and took over the social media and email accounts of several of these victims and also threatened their families in an attempt to extort more virtual currency. Meiggs and Harrington, who were arrested Thursday, each face charges of conspiracy, wire fraud, computer fraud and abuse and aggravated identity theft, according to the indictment.

Nextgov
November 13, 2019
The Homeland Security Department is looking for feedback on a program that lets critical infrastructure operators see how their cyber defenses stack up against one another. The vulnerability assessment program, run by the Cybersecurity and Infrastructure Security Agency, also helps participants spot specific weaknesses in their digital infrastructure and develop strategies to close those gaps. After launching the initiative roughly a year ago, CISA wants to know whether industry finds it effective and how it might be improved. The agency will post a request for comment on the program to the Federal Register on Thursday. The program is voluntary and available to organizations across all 16 critical infrastructure sectors. According to the post, the initiative costs the government roughly $2.2 million per year. To assess participants’ security posture, CISA personnel collect “basic, high-level information” on their physical and cyber defenses. They then analyze the data to create two different scores, one that measures the strength of the group’s defenses and another that rates its resiliency under attack.

AP
November 13, 2019
Georgia election officials have opened an investigation into two prominent critics of the state’s new touchscreen voting machines, secretary of state Brad Raffensperger’s office confirmed Wednesday. Those critics called the investigation an attempt to intimidate detractors of the new machines. Marilyn Marks, executive director of the nonprofit Coalition for Good Governance, and Richard DeMillo, a cybersecurity expert and Georgia Tech professor, are accused of “interfering with voters by being in unauthorized areas” of voting locations while observing pilot elections conducted on the new machines on Nov. 5. Raffensperger spokesman Walter Jones says the investigation was launched after complaints from “poll workers and voters” and that Marks and DeMillo were “in an area of the polling place where only voters and election officials are allowed to be.” Marks responded, “I have absolutely no idea what this could be about other than just an effort to try to discredit us, because much of what we observed was not pretty.”

Nextgov
November 12, 2019
The government can make significant progress in securing its IT supply chain by following a few basic procurement practices, but most agencies have yet to adopt them, according to federal security experts. While government leaders have recently given a lot of attention to the supply chain security threats posed by foreign vendors, officials must devote equal energy to reforming their acquisition policies so they put those warnings to good use, experts said. Those efforts require an in-depth understanding of both the government’s IT infrastructure and the countless firms in its vendor pool, they said, but today that remains a challenge for most agencies. “Supply chain [security] is where we were with cyber[security] maybe 15, 20 years ago,” Michele Iversen, director of risk assessment and operational integration at the Defense Department, said Tuesday during a panel at Fifth Domain’s CyberCon event. “We really don’t really have the visibility that we need to know where the threats are and what’s actually happening.” While it’s relatively easy to stay away from high-profile companies like Kaspersky Lab and Huawei, there are hundreds of thousands of firms that do business with the government, and still more that support those vendors. Each of those firms could pose a range of potential risks—from espionage threats to poor software development practices—and procurement officials don’t always know who to trust, panelists said.

Nextgov
November 12, 2019
With less than a year until the 2020 presidential election, a new report calls on Congress to bolster the authority of the agency that serves as the nation’s elections clearinghouse and devote more funding and resources to it. The Brennan Center for Justice, a nonpartisan law and public policy institute, released a report on Tuesday that proposes a new framework for protecting election systems. Its recommendations focus on the oversight and internal operations of the Election Assistance Commission, the understaffed and underfunded federal agency responsible for promoting election administration best practices and voting machine security standards. “The federal government regulates colored pencils, which are subject to mandatory standards promulgated by the Consumer Product Safety Commission, more strictly than it does America’s election infrastructure,” said the report. Although the Homeland Security Department designated election systems as critical infrastructure in 2017 following revelations of Russian interference in the 2016 presidential election, election systems don’t receive the same type of oversight as other sectors with the critical infrastructure classification. “While voting systems are subject to some functional requirements under a voluntary federal testing and certification regime, the vendors themselves are largely free from federal oversight,” the report said. “Under our proposal, the EAC would extend its existing certification regime from voting systems to include all vendors that manufacture or service key parts of the nation’s election infrastructure.”


INDUSTRY

Wired
November 15, 2019
When you buy an Android smartphone, it’s rarely pure Android. Manufacturers squeeze in their own apps or give it a fresh coat of interface. Carriers do it too. The resulting stew of preinstalled software and vanilla Android sometimes turns out to be rancid, putting flaws and vulnerabilities on the phone before you even take it out of the box. For proof of how bad it is, look no further than the 146 vulnerabilities—across 29 Android smartphone makers—that have just been simultaneously revealed. Yes, that’s 146, all discovered by security firm Kryptowire and detailed one by one in a new gargantuan disclosure. Most of the implicated companies operate primarily in Asia, but the list includes global heavyweights like Samsung and Asus as well. While the bugs vary in severity and scope—and in some cases, the manufacturers dispute that they’re a threat at all—they illustrate an endemic problem for Android, one that Google has acknowledged.

Axios
November 14, 2019
Over a two-week period, the computer networks at more than half of the Fortune 500 left a remote access protocol dangerously exposed to the internet, something many experts warn should never happen, according to new research by the security firm Expanse and 451 research. According to Coveware, more than 60% of ransomware is installed via a Windows remote access feature called Remote Desktop Protocol (RDP). It's a protocol that's fine in secure environments but once exposed to the open internet can, at its best, allow attackers to disrupt access and, at its worst, be vulnerable to hacking itself. The Expanse/451 study found that 53.4% of Fortune 500 companies had an RDP exposure over a two-week period scanning for open RDP ports.

ZDNet
November 14, 2019
Both Microsoft and the Linux kernel teams have added ways to disable support for Intel Transactional Synchronization Extensions (TSX). TSX is the Intel technology that opens the company's CPUs to attacks via the Zombieload v2 vulnerability. Zombieload v2 is the codename of a vulnerability that allows malware or a malicious threat actor to extract information processed inside a CPU, information to which they normally shouldn't be able to access due to the security walls present inside modern-day CPUs. This new vulnerability was disclosed earlier this week. Intel said it would release microcode (CPU firmware) updates -- available on the company's Support & Downloads center. But, the reality of a real-world production environment is that performance matters. Past microcode updates for other attacks, such as Meltdown, Spectre, Foreshadow, Fallout, and Zombieload v1, have been known to introduce performance hits of up to 40%.

CyberScoop
November 13, 2019
Every two years, power-grid authorities throw the kitchen sink of digital and physical mayhem at electric utilities and government organizations across North America. It is one of the biggest tests of the utilities’ ability to withstand wave upon wave of hypothetical attacks — and they are not necessarily supposed to pass the test. The GridEx simulation, which begins Wednesday, is “purposely designed to overwhelm even the most prepared organizations” so they can improve their resiliency, said Matt Duncan an official at the North American Electric Reliability Corp., which runs the drill. Exercise participants won’t need any reminders that, in the last four years, malicious hackers have cut power for hundreds of thousands of people in Ukraine and caused a petrochemical plant to shut down in Saudi Arabia. GridEx is one way that U.S. critical-infrastructure companies work to prevent such disruptive attacks from hitting them.

Ars Technica
November 13, 2019
The US Federal Trade Commission has sued an IT provider for failing to detect 20 hacking intrusions over a 22-month period, allowing the hacker to access the data for 1 million consumers. The provider only discovered the breach when the hacker maxed out the provider’s storage system. Utah-based InfoTrax Systems was first breached in May 2014, when a hacker exploited vulnerabilities in the company’s network that gave remote control over its server, FTC lawyers alleged in a complaint. According to the complaint, the hacker used that control to access the system undetected 17 times over the next 21 months. Then on March 2, 2016, the intruder accessed personal information for about 1 million consumers. The data included full names, social security numbers, physical addresses, email addresses, phone numbers, and usernames and passwords for accounts on the InfoTrax service. The intruder accessed the site later that day and again on March 6, stealing 4,100 usernames, passwords stored in clear-text, and hundreds of names, addresses, Social Security numbers, and data for payment cards. The complaint said InfoTrax employees did not discover the breach until March 7, 2016, when they received alerts that one of the company's servers had reached its maximum storage capacity.

Gov Info Security
November 12, 2019
A new ransomware-as-a-service model dubbed "Buran" that targets vulnerabilities in certain devices running Windows is offered at a deep discount to help the malware spread faster, according to McAfee researchers. Buran, which has been active since at least May, has evolved from an older strain of ransomware called VegaLocker, according to a new report from McAfee researchers Alexandre Mundo and Marc Rivero Lopez. The unidentified gang behind Buran has been spreading their ransomware-as-a-service model through Russian criminal forums, offering such features as offline crypto-locking capabilities, flexible functionality and 24/7 customer support, the researchers note. The biggest differentiator for Buran, however, is the price, the researchers says. While Buran's file encryption function operates in a similar manner to other ransomware, such as REVil and GandCrab, the MacAfee researchers note that the creators of Buran only demand a 25 percent share of ransoms collected. This is a significant discount from the typical 30 percent to 40 percent demanded by other malware developers, the researchers note.

CyberScoop
November 11, 2019
A database in Apple’s MacOS stores encrypted email messages in a plain text format, according to a researcher who says he reported the problem to the company months ago. Bob Gendler, a Mac expert and an IT specialist at the National Institute of Standards and Technology, published a Medium post on Nov. 6 detailing how, if a customer sends encrypted emails via Apple Mail, an outsider could access some of the text. The bug is specific, and likely only affects a fraction of macOS users: Hackers would need to access specific Apple system files from a victim who sent an encrypted message from Apple Mail through a macOS without FileVault encryption. Gendler classified the issue as an “inadvertent information exposure.”

Bloomberg
November 11, 2019
A pair of security researchers has discovered two vulnerabilities in ATMs widely used across the U.S. that could allow a determined criminal to steal cash and customer data. Brenda So and Trey Keown, of New York-based Red Balloon Security Inc., found the flaws in machines manufactured by Nautilus Hyosung America Inc., the largest provider of ATMs in the U.S. By gaining access to the same network as the target ATM, the researchers were able to obtain full control of the machine and bypass its security measures. They also discovered master keys to the ATMs for sale on Amazon.com -- something other researchers have previously pointed out. In a joint statement Monday, Red Balloon and Nautilus Hyosung said they had no evidence anyone has ever taken advantage of the vulnerabilities. The researchers said the flaws only affected retail versions of Nautilus ATMs, not ones used in financial institutions. According to an estimate by Red Balloon, more than 80,000 machines are vulnerable. Nautilus has more than 150,000 installed ATMs in the U.S., according to the statement.

The New York Times
November 9, 2019
Bela Bhatia, a human rights lawyer in the Indian state of Chhattisgarh, is accustomed to surveillance. She works in a region prone to both guerrilla violence and government reprisals, and the authorities do not like many of her clients. Still, Ms. Bhatia said she was shocked to learn her phone had been infected with invasive spyware delivered through missed video calls on WhatsApp, a messaging service that is used by about 400 million people in India, WhatsApp’s biggest market. “You are carrying the spy in the pocket with you everywhere you go,” she said. “It is much more than one had imagined that the Indian state could do.” Ms. Bhatia is one of more than a hundred Indians who learned in recent months that every keystroke, call and GPS location on their phones had probably been recorded by the surveillance software, which is sold by the NSO Group, an Israeli firm. NSO says its technology is licensed only to governments for combating terrorism and fighting crime. It also promises it won’t sell to governments with records of human rights abuses. But the revelations from India over the last two weeks show that even countries with decent scores on global human rights indexes will use NSO technology to track journalists, critics and dissidents, digital rights activists said.


INTERNATIONAL

CBC
November 15, 2019
The Nunavut government is slowly returning to normal nearly two weeks after its computer systems were paralyzed by a cyber attack. Dean Wells, the territory's chief information officer, says departments are beginning to come back online. Government employee paycheques are expected to be delivered Friday as normal. All Nunavut government computers were paralyzed on Nov. 2 when a ransomware virus entered the system. It encrypted individual files on various servers and workstations and locked out regular users. The government says it refused to pay the ransom and offices were forced to rely on fax machines, paper forms and telephone calls while the system was repaired.

BBC
November 15, 2019
News that India's biggest nuclear plant - the Kudankulam facility in the southern state of Tamil Nadu - had been subject to a cyber-attack made headlines across the country last month. It sparked conversations about whether the country was "cyber-ready" and many questioned whether it would be able defend critical infrastructure from malicious digital attacks. But there is a much bigger issue that affects millions of Indians - debit card hacks and other forms of financial fraud. Just last month, India's central bank asked banks to investigate a warning by the Singapore-based cyber-security firm Group-IB that the details of 1.2m debit cards were available online. And last year hackers were able to siphon off 900m rupees ($12m; £9.7m) from Cosmos bank in the western city of Pune through a malware attack on one of its data suppliers. "India's financial systems are extremely vulnerable, because we still rely on international banking networks like Swift to make transactions. International gateways are open vectors of attack for India," Arun Sukumar, head of the cyber initiative at the Observer Research Foundation think tank, told the BBC. And a report by cyber-security company Symantec said India was among the top three countries in the world for phishing and malware attacks.

CyberScoop
November 14, 2019
An Iranian government-linked hacking group has in the last year been using small clusters of hijacked computers to infect a handful of targets that include a U.S. national security firm and a university, researchers said Thursday. The Iranian group, dubbed APT33, is using the botnets — groups of computers commandeered by attackers — in “extremely targeted malware campaigns against organizations in the Middle East, the U.S., and Asia,” cybersecurity company Trend Micro said. Botnets are often comprised of a large number of machines. But in this case, the Iranian hackers are using just a dozen computers per botnet to deliver their malware and get persistence access on a network, according to the researchers. The Iranian hackers also set up their own virtual private network with “exit nodes” that change frequently, Trend Micro said. The researchers say they have been tracking those VPN nodes for over a year, but the group has likely used them for longer.

Reuters
November 13, 2019
As trade talks between Washington and Beijing intensified earlier this year, suspected Chinese hackers broke into an industry group for U.S. manufacturers that has helped shape President Donald Trump’s trade policies, according to two people familiar with the matter. The National Association of Manufacturers (NAM) was hacked over the summer and hired a cybersecurity firm, which concluded the attack came from China, the two sources said. The security firm, which the sources did not name, made the assessment based on the usage of tools and techniques previously associated with known Chinese hacking groups, they said. The hack of an internal computer network at a powerful Washington industry group illustrates how China has tried to gain an advantage in the trade war between the world’s two biggest economies. It is unclear what data was stolen. NAM hired the outside cybersecurity firm to respond to the breach and stop the intrusion. Spokeswoman Erin Streeter said that given NAM’s high profile, “we know we are a target for cyber-attacks. We identified suspicious activity relating to certain company systems and investigated the matter.”

Gov Info Security
November 13, 2019
The U.S. Justice Department Tuesday unsealed an indictment charging Russian national Aleksey Burkov with running an underground site called "Cardplanet" that acted as a clearinghouse for stolen payment card data. Burkov arrived in the U.S. Tuesday after being extradited by Israel. Between 2009 and 2013, the Cardplanet site trafficked in more than 150,000 stolen credit and debit cards, mainly issued through U.S. banks and financial institutions, according to the federal indictment. Prosecutors estimate that more than $20 million in fraudulent purchases were made using those cards. Burkov, 29, faces multiple charges, including wire fraud, access device fraud, conspiracy to commit wire fraud, access device fraud, computer intrusions, identity theft and money laundering. If convicted on all counts, he could face up to 80 years in prison.

Financial Times
November 12, 2019
The Labour party was hit by two cyber attacks in as many days as hackers targeted the UK opposition’s computer systems, highlighting concerns that the upcoming general election could be vulnerable to cyber interference. The party said in a statement on Tuesday that it had suffered a “sophisticated and large-scale” attack on its digital platforms on Monday. Hours later a party official confirmed it had been targeted in a second attack. The party said after the first attack it was confident its security systems had prevented any data breach but added it had reported the attack to the UK’s National Cyber Security Centre, part of the UK’s communications intelligence service GCHQ. “We have ongoing security processes in place to protect our platforms, so users may be experiencing some differences,” a Labour party spokesperson said after news of the second attack was reported by Reuters. “We are dealing with this quickly and efficiently.”

Reuters
November 11, 2019
A ransomware attack hit computer servers and halted administrative work on Monday at Mexican state oil firm Pemex, according to employees and internal emails, in hackers' latest bid to wring ransom from a major company. Hackers have increasingly targeted companies with malicious programs that can cripple systems overseeing everything from supply chains to payments to manufacturing, removing them only after receiving substantial payments. An internal email seen by Reuters said Pemex was targeted by "Ryuk," a strain of ransomware that experts say typically targets companies with annual revenue between $500 million and $1 billion. "We are taking measures at the national level to fight RYUK ransomware, which is affecting various Pemex servers in the country," a company official said in an email on Sunday.


TECHNOLOGY

The New York Times
November 12, 2019
Last May, when Intel released a patch for a group of security vulnerabilities researchers had found in the company’s computer processors, Intel implied that all the problems were solved. But that wasn’t entirely true, according to Dutch researchers at Vrije Universiteit Amsterdam who discovered the vulnerabilities and first reported them to the tech giant in September 2018. The software patch meant to fix the processor problem addressed only some of the issues the researchers had found. It would be another six months before a second patch, publicly disclosed by the company on Tuesday, would fix all of the vulnerabilities Intel indicated were fixed in May, the researchers said in a recent interview. The public message from Intel was “everything is fixed,” said Cristiano Giuffrida, a professor of computer science at Vrije Universiteit Amsterdam and one of the researchers who reported the vulnerabilities. “And we knew that was not accurate.”