Friday, November 29, 2019

Why Data Is Not the New Oil


When someone is mean to me, I just make them a victim in my next book.”
― Mary Higgins Clark



The man scouring the dark web for Silicon Valley



MPs tested on 'phishing' to protect Parliament's computer network





Robocall Scams Exist Because They Work—One Woman’s Story Shows How (Wall Street Journal) – “The FBI agent sounded official on the phone. He gave Nina Belis his badge number and a story about how her identity had been compromised. She gave him her life’s savings. For most Americans, robocalls are an annoyance. For Ms. Belis, an oncology nurse in her 60s, a law-enforcement


Why Data Is Not the New Oil - Truth on the Market – “…People who analogize data to oil or gold may merely be trying to convey that data is as valuable in the 21st century as those commodities were in the 20th century (though, as argued, a dubious proposition). If the comparison stopped there, it would be relatively harmless. But there is a real risk that policymakers might take the analogy literally and regulate data in the same way they regulate commodities…A better—though imperfect—analogy, as author Bernard Marr suggests, would be renewable energy. The sources of renewable energy are all around us—solar, wind, hydroelectric—and there is more available than we could ever use. We just need the right incentives and technology to capture it. The same is true for data. We leave our digital fingerprints everywhere—we just need to dust for them…”

Internet Companies Prepare to Fight the ‘Deepfake’ Future The New York Times – Researchers are creating tools to find A.I.-generated fake videos before they become impossible to detect. Some experts fear it is a losing battle…”For internet companies like Google, finding the tools to spot deepfakes has gained urgency. If someone wants to spread a fake video far and wide, Google’s YouTube or Facebook’s social media platforms would be great places to do it…”


BITCOIN PARADISE


Less Paradise, more scandal. A new court case alleges that cryptocurrency exchange Bitfinex and its sister company Tether manipulated the crypto market. The lawsuit centers around a connection found in the Paradise Papers. Our documents reveal two executives of Bitfinex were also the beneficial owners of Tether.
 




Nextgov
November 21, 2019
Foreign adversaries are increasingly turning to cyberattacks to disrupt the U.S. economy, steal trade secrets and undermine the political process, and Congress is teaming with government and industry experts to fight back. Lawmakers in May stood up the Cyberspace Solarium Commission, a 16-person panel charged with reviewing U.S. cyber strategy and recommending policy changes to improve the country’s response to digital threats. The group, whose members include lawmakers, high-ranking national security officials and a smattering of industry experts, is expected to release its findings around the end of the year.

FCW
November 20, 2019
Expert witnesses warned Congress that the U.S. government has largely failed to address known security shortfalls leading up to 2020 and future elections. Much of the election security debate in Washington since 2016 has focused on improving baseline protections for voting machines, but witnesses at a Nov. 19 House Homeland Security Committee hearing noted that similar deficiencies also exist when it comes to protecting political campaigns from compromise by foreign intelligence services and preventing foreign and domestic disinformation. In his opening statement, Georgetown University professor Matthew Blaze noted that the current generation of voting machines used in U.S. elections were never designed to combat attacks or threats from adversarial foreign governments with the resources to penetrate the global supply chain or obtain software source code before it's even shipped to election officials. "The intelligence services of even small nations can marshal far greater financial, technical and operational resources than would be available to even highly sophisticated criminal conspiracies," Blaze said.

Gov Info Security
November 20, 2019
A bipartisan group of eight U.S. senators is urging National Security Adviser Robert O'Brien to appoint a special coordinator to oversee the rollout of 5G cellular networks. The coordinator would address security issues and coordinate the efforts of federal agencies. The Monday letter from senators who serve on the intelligence, foreign relations, armed services and government affairs committees states that because of the different approaches by the federal agencies involved, there's no coherent national 5G strategy. "Without a national strategy, facilitated by a common understanding of the geopolitical and technical impact of 5G and future telecommunications advancements, we expect each agency will continue to operate within its own mandate, rather than identifying national authority and policy deficiencies that do not neatly fall into a single department or agency," the letter states.

Nextgov
November 20, 2019
The Senate Energy and Natural Resources Committee on Tuesday advanced legislation that would devote hundreds of millions of dollars to securing the nation’s power grid. The Protecting Resources on the Electric Grid with Cybersecurity Technology, or PROTECT, Act, would create a federal grant program to help small utilities companies strengthen the cyber protections on their infrastructure and more actively participate in information sharing efforts. Spearheaded by the Energy Department, the program would also offer participants technical assistance in detecting, responding to and recovering from cyberattacks. The bill would provide $250 million to fund the program from 2020 to 2024. It would also stand up a commission to study and recommend strategies to incentivize public utilities to invest in cybersecurity and enter information sharing agreements. The legislation, sponsored by Sens. Lisa Murkowski, R-Alaska, Joe Manchin, D-W.V., James Risch, R-Idaho, Maria Cantwell, D-Wash., and Angus King, I-Maine, passed the committee by voice vote. “Our electric grid is increasingly exposed to potentially devastating cyber and physical attacks,” Manchin said during the markup. “The PROTECT Act would create key incentives to expand utilization of advanced cybersecurity tools amongst our power generators to increase our security posture.”

The Hill
November 19, 2019
A group of three Senate Democrats is urging the Department of Homeland Security’s (DHS) cyber agency to help fund cybersecurity threat information-sharing centers involved in election security efforts. In a letter sent on Monday to Christopher Krebs, the director of DHS’s Cybersecurity and Infrastructure Security Agency, Senate Minority Leader Charles Schumer (D-N.Y.), and Sens. Maggie Hassan (D-N.H.) and Gary Peters (D-Mich.) expressed concerns around the funding level for two information-sharing groups. Specifically, the senators noted that DHS’s proposed fiscal 2020 budget covers only around 70 percent of the estimated $15 million it would take for the Center for Internet Security to run both the Multi-State Information Sharing and Analysis Center (MS-ISAC) and the Elections Infrastructure Information Sharing and Analysis Center (EI-ISAC). “Recently, across the nation our cities and states have suffered from debilitating ransomware attacks that are carried out to extort public funds,” the senators wrote. “Local governments – including small towns, counties, and school districts - simply do not have the budgets, the personnel, or the expertise necessary to deploy sophisticated tools in order to defend themselves against this evolving threat environment.”

The New York Times
November 18, 2019
Rudolph W. Giuliani, the former New York mayor at the center of the impeachment investigation into the conduct of Ukraine policy, makes a living selling cybersecurity advice through his companies. President Trump even named him the administration’s first informal “cybersecurity adviser.” But inside the National Security Council, officials expressed wonderment that Mr. Giuliani was running his “irregular channel” of Ukraine diplomacy over open cell lines and communications apps in Ukraine that the Russians have deeply penetrated. In his testimony to the House impeachment inquiry, Tim Morrison, who is leaving as the National Security Council’s head of Europe and Russia, recalled expressing astonishment to William B. Taylor Jr., who was sitting in as the chief American diplomat in Ukraine, that the leaders of the “irregular channel” seemed to have little concern about revealing their conversations to Moscow. “He and I discussed a lack of, shall we say, OPSEC, that much of Rudy’s discussions were happening over an unclassified cellphone or, perhaps as bad, WhatsApp messages, and therefore you can only imagine who else knew about them,” Mr. Morrison testified. OPSEC is the government’s shorthand for operational security.

The Hill
November 18, 2019
2020 presidential candidate Sen. Amy Klobuchar (D-Minn.) on Monday published a strategy for how she would secure elections against cyber and disinformation threats if elected president, the same day she joined a group of Senate Democrats in pushing for election security funding. In her plan, Klobuchar, who is a longtime advocate in the Senate for election security efforts, zeroed in on improving the transparency of political ads on social media, combating disinformation, and promoting cybersecurity. Key parts of the strategy include Klobuchar’s intention to issue an executive order that would bolster government-wide cybersecurity efforts, and launch a “cabinet-level taskforce” that would coordinate across federal agencies and with state and local governments to better address cyber threats to elections. Klobuchar would also require states to use paper ballots as a way to prevent cyber tampering with the vote, and set “strong cybersecurity standards” for voting infrastructure.


ADMINISTRATION

FCW
November 22, 2019
The Department of Homeland Security has announced a partnership with election nonprofit VotingWorks to pilot new open-source post-election auditing software in several states ahead of the 2020 U.S. elections. The software, Arlo, was developed by VotingWorks as a free, open-source tool to help states conduct post-election audits to verify voting results. DHS said that election officials from Pennsylvania, Michigan, Missouri, Virginia, Ohio and Georgia have already signed on to the pilot and that earlier iterations of Arlo have already been deployed by several states in off-year elections held this month. "At a time when we know foreign actors are attempting to interfere and cast doubt on our democratic processes, it's incredibly important elections are secure, resilient, and transparent," Cybersecurity and Infrastructure Security Agency Director Christopher Krebs said in a statement. "For years, we have promoted the value of auditability in election security, it was a natural extension to support this open source auditing tool for use by election officials and vendors, alike."

CyberScoop
November 21, 2019
State-sponsored cyberattacks against just one victim nation at a time could soon provoke a global response, if a growing number of officials around the world have their way. As the Pentagon has experimented with new authorities allowing U.S. Cyber Command to be more offensive in cyberspace, key officials have suggested there is a groundswell of support for multi-nation countermeasures in the digital age. Thomas Wingfield, the incoming deputy assistant secretary of Defense for cyber policy, told CyberScoop that alliances could be a more successful way to deter hackers and strike back when they infiltrate sensitive networks. “I think that’s a more effective way to solve the problem, and I think that is the general [direction] of international law,” said Wingfield, who is still employed at National Defense University. “But I would also say we’re not there yet and states are in the process of moving international law in that direction.”

FCW
November 21, 2019
Jeanette Manfra, the longstanding and well-respected leader who helped stand up the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security, is leaving at the end of the year. "After 12 years at DHS, I'll be leaving CISA at the end of this year. This is not an easy decision, as it's been one of my greatest honors to work alongside such a remarkable team on this incredibly important mission," Manfra wrote on Twitter. "Together, not only did we establish CISA, the nation's first civilian cybersecurity agency, but we have also made great strides towards protecting our country from cyber threats." Manfra is one of the most senior and tenured leaders at CISA and its predecessor agency, the National Protection and Programs Directorate. Prior to her post as assistant secretary/director at CISA and NPPD, she also served stints as senior counselor to the secretary of Homeland Security on cybersecurity matters and director of critical infrastructure cybersecurity on the National Security Council.

Ars Technica
November 21, 2019
In October, the Federal Bureau of Investigation issued a warning of increased targeting by ransomware operators of "big game"—targets with deep pockets and critical data that were more likely to pay ransoms to restore their systems. The past week has shown that warning was for good reason. On November 18, a ransomware attack caused Louisiana's Office of Technology Services to shut down parts of its network, including the systems of several major state agencies. These included the governor's office, the Department of Health (including Medicare systems), the Department of Children and Family Services, the Department of Motor Vehicles, and the Department of Transportation. Louisiana Governor John Bel Edwards activated the state's cybersecurity response team. While some services have been brought back online—in some cases, within hours—others are still in the process of being restored. Most of the interrupted services were caused by "our aggressive actions to combat the attack," according to Louisiana Commissioner of Administration Jay Dardenne. "We are confident we did not have any lost data, and we appreciate the public's patience as we continue to bring services online over the next few days."

Reuters
November 21, 2019
Cleveland Federal Reserve President Loretta Mester said on Thursday that financial firms and regulators should be more agile and share information to better combat cybersecurity threats. Financial firms should be stress-tested to evaluate their ability to handle a cyber attack, Mester recommended during a conference on financial stability hosted by the Cleveland Fed. "Such a test could help evaluate the financial system's plans for data and core systems recovery and its reliance on third parties to implement that plan," she said. As part of the testing, firms should have a plan for how they will ensure data is protected and make sure it has not been altered. Regulators could consider using simulations to test how firms would recover from an attack, based on tactics used during real attacks, Mester said. The examinations could also look at firms' ability to resume business after an attack that corrupts data and affects multiple institutions, modeling an approach used by the Bank of England.

FCW
November 20, 2019
The Office of Management and Budget has released updated guidance to federal civilian agencies on complying with the Federal Information Security Management Act, outlining timelines and deliverables for reporting security incidents, information sharing and vulnerability scans of federal systems and websites. The memo specifies that annual reports from each agency to Congress are due no later than March 2, 2020, and outlines a host of new deadlines. Chief Financial Officer Act agency CIOs are expected to update the metrics they use for evaluating the security of their systems and identifying high-value assets on a quarterly basis, while non-CFO Act agencies must do the same twice a year. Under FISMA, civilian agencies are required to report security incidents to the Cybersecurity and Infrastructure Security Agency at the Department of Homeland Security, including the attack vector used, impact category and other attributes.

Nextgov
November 19, 2019
An overabundance of cybersecurity leaders across federal agencies is hindering the government’s ability to adapt to the changing digital landscape, according to a top Homeland Security Department official. Agencies must be able to act swiftly to keep their tech ecosystems secure against a constantly evolving array of digital threats, but excessive bureaucracy within the federal cyber community is impeding that quick action, according to Mark Bristow, director of the hunt and incident response team within Homeland Security’s National Cybersecurity and Communications Integration Center. Though it’s critical to have different groups weigh in on cybersecurity policies, he said, today there are too many cooks in the kitchen to execute a coherent, unified strategy. “We have too many [chief information security officers] in the government,” Bristow said Tuesday at the Cyber Summit hosted by Nextgov and Defense One. “I understand why they’re there ... but it really gets in the way of setting strategic vision. You have all these people who have slightly conflicting guidance and opinions ... and what happens is you start to get organizational stagnation because you can’t make any decisions, and therefore you can’t make any progress.” And according to Bristow, adversaries are already exploiting that stagnation. “They know that this is how this works, they count on it with their tactics and techniques,” he said. “We need to flip our operational paradigm in a way that frustrates the adversary."


INDUSTRY

CyberScoop
November 22, 2019
Twitter says it will allow users to remove their phone numbers from the secure login process, a move that has triggered widespread praise from the security community. Users can now use a one-time code, an app or a physical security key to as a second factor of authentication into their account. Before Thursday, Twitter customers trying to login in a secure way only could enter their username and password, then ask the site to send them an SMS message to verify their identity. The company also forced users who did use a third-party authentication app to use their phone number to sign up. Facebook announced in May 2018 it would stop requiring phone numbers for multi-factor authentication. Now, amid a growing body of evidence hackers can subvert text-based authentication, Twitter is expanding its options.

Ars Technica
November 21, 2019
Google will pay up to $1.5 million for the most severe hacks of its Pixel line of Android phones, a more than seven-fold increase over the previous top Android reward, the company said. Effective immediately, Google will pay $1 million for a “full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices,” the company said in a post published on Thursday. The company will also pay $500,000 for exploits that exfiltrate data out of a Pixel or bypass its lock screen. Google will offer a 50 percent bonus to any of its rewards if the exploit works on specific developer preview versions of Android. That means a critical Titan M hack on a developer preview could fetch $1.5 million, and a data exfiltration or lockcscreen bypass on a developer preview could earn $750,000, and so on. Previously, rewards for the most severe Android exploits topped out at $200,000 if they involved the trusted execution environment—an independent OS within Android for handling payments, multi-factor authentication, and other sensitive functions—and $150,000 if they involved compromise only on the Android kernel.

Gov Info Security
November 21, 2019
Target has filed a lawsuit against its long-time insurer, ACE American Insurance Co., in an attempt to recoup money it spent to replace payment cards as part of settlements over the retailer's massive 2013 data breach. The lawsuit, filed Nov. 15 in U.S. District Court in Minnesota, claims the insurer owes Target approximately $74 million for coverage of its costs for replacing payment cards. The Target breach resulted in the compromise of payment card details for 41 million customers and the exposure of contact information for more than 60 million. The security incident sparked several lawsuits as well as federal and state investigations. In May 2016, Target settled a class action lawsuit brought by several banks that issued new payment cards to the retailer's customers, according to the retailer's lawsuit. Target says it paid $138 million to settle these claims and cover attorneys' fees.

CyberScoop
November 20, 2019
As a court weighs the proposed class action settlement stemming from Equifax’s 2017 data breach, an independent legal watchdog is saying the agreement fails to treat victims equally. The nonprofit Center for Class Action Fairness, which advocates on behalf of consumers involved in class action suits, said in a court filing Tuesday the Equifax settlement — which proponents value at $700 million — “flunks” federal requirements for fairness and adequacy. This is the same agreement that Equifax said would include up to $425 million for customers who were affected by the data breach, which compromised information about 147 million Americans. After suggesting individual customers could be paid up to $125 under certain conditions or accept free credit monitoring, Equifax introduced new requirements forcing Americans to prove they had credit monitoring in place at the time of the breach, otherwise they would be paid nothing. The terms of the deal could result in Americans receiving just cents, rather than the $125 they would expect, legal observers have warned.

Ars Technica
November 19, 2019
In a post yesterday to the Microsoft Tech Community blog, Microsoft Windows Core Networking team members Tommy Jensen, Ivan Pashov, and Gabriel Montenegro announced that Microsoft is planning to adopt support for encrypted Domain Name System queries in order to "close one of the last remaining plain-text domain name transmissions in common web traffic." That support will first take the form of integration with DNS over HTTPS (DoH), a standard proposed by the Internet Engineering Task Force and supported by Mozilla, Google, and Cloudflare, among others. "As a platform, Windows Core Networking seeks to enable users to use whatever protocols they need, so we’re open to having other options such as DNS over TLS (DoT) in the future," wrote Jensen, Pashov, and Montenegro. "For now, we're prioritizing DoH support as the most likely to provide immediate value to everyone. For example, DoH allows us to reuse our existing HTTPS infrastructure." But Microsoft is being careful about how it deploys this compatibility given the current political fight over DoH being waged by Internet service providers concerned that they'll lose a lucrative source of customer behavior data.

BBC
November 19, 2019
Thousands of Disney customers say they have been hacked after signing up to its online streaming service. Since Disney+ went live, attackers have stolen thousands of customers' accounts and put them up for sale on the dark web, according to a report. People waited on telephone and online chat lines for hours, and many still say that Disney has yet to sort their problems. But the firm says it does not believe its systems have been compromised. "Disney takes the privacy and security of our users' data very seriously and there is no indication of a security breach on Disney+," a spokesman said. The statement indicates that members' details have been stolen by other means. That could involve spyware on users' devices or the re-use of login details stolen from elsewhere. Disney's answer to Netflix, Disney+ is an online platform where fans can view its movies, short films and TV shows, including the Marvel and Star Wars franchises.

Financial Times
November 19, 2019
Data breaches can be expensive — just ask Marriott. The hotel group said last November that hackers had been accessing its database since 2014, compromising up to 339m guest records. Since then it has incurred $100m costs relating to the hack and that is before a potential £99m fine levied under EU rules. However, the effect has been cushioned by insurance policies, which have paid out $102m to the company. Cyber cover is one of the fastest growing parts of the insurance industry. High profile data breaches and ransomware attacks — such as the WannaCry and NotPetya attacks in 2017 — have convinced companies they need protection. “NotPetya was a huge trigger for buying outside the US as [companies] saw what business interruption really looks like,” says Sarah Stephens, the cyber, media and technology practice leader at insurance broker Marsh JLT Specialty.

Gov Info Security
November 19, 2019
Department store giant Macy's says hackers successfully infiltrated its e-commerce site and stole customer data, including financial information. A data breach notification from Macy's, dated Nov. 14, says that the company received an alert about "a suspicious connection between macys.com and another website" on Oct. 15, which led it to immediately launch an investigation. "We quickly contacted federal law enforcement and brought in a leading-class forensics firm to assist in our investigation," says Cincinnati-based Macy's, which reported 2018 sales of $25 billion. The company operates about 680 department stores under the Macy's and Bloomingdale's brands, while also running a further 190 specialty stores under such names as Bloomingdale's The Outlet and Macy's Backstage, across 43 states, as well as Puerto Rico, Guam and Washington.

CNBC
November 16, 2019
More than 6,500 government officials and big players in the energy sector came together this week to conduct a simulated cyberattack on the electrical grid. The event is called GridEx, and takes place every two years. It imagines the U.S. under attack from a foreign country, through the power grid. It’s a scenario that planners say is unlikely, a black swan event, but one that could have devastating impacts if it came to fruition. Those ripple effects could go far beyond leaving homes without heat or citizens without smartphones, bringing down big portions of the telecommunications, media and finance sectors. This is why, organizers said, they aimed to gather as many stakeholders as they could to run through how they would respond. Gridex organizers based the potential attack scenario on real events and intelligence, said Karen Evans, a cybersecurity specialist at the Department of Energy, on Thursday. Countries like Russia, China and Iran have either attacked foreign grids or conducted reconnaissance on the U.S. grid, according to U.S. intelligence agencies.


INTERNATIONAL

Wired
November 21, 2019
The Russian state-sponsored hackers known as Sandworm have launched some of the most aggressive and disruptive cyberattacks in history: intrusions that planted malware inside US electric utilities in 2014, operations that triggered blackouts in Ukraine—not once, but twice—and ultimately NotPetya, the most costly cyberattack ever. But according to Google, several of Sandworm's quieter operations have gone unnoticed in recent years. At the CyberwarCon conference in Arlington, Virginia today, Google security researchers Neel Mehta and Billy Leonard described a series of new details about Sandworm's activities since 2017 that ranged from its role in targeting the French election to its attempt to disrupt the last Winter Olympics to—perhaps the most unlikely new example of Sandworm's tactics—attempting to infect large numbers of Android phones with rogue apps. They even tried to compromise Android developers, in an attempt to taint their legitimate apps with malware.

Fifth Domain
November 20, 2019
NATO has declared cyberspace a domain of warfare it must operate in and called on the integration of cyber alongside operations. However, as a defensive alliance, it has declared it won’t seek offensive cyber capabilities itself, instead relying on the capabilities of voluntary member states. This approach, while not insurmountable, poses significant challenges to operations, experts claim. “The idea of sovereign cyber effects provided voluntarily by allies is good. But … that will not fall under the command and control of the actual NATO commander,” David Bailey, senior national security law advisor for Army Cyber Command, said Nov. 19 at the 2019 International Conference on Cyber Conflict U.S. (CyCon U.S.) in Arlington. “It will still fall under the command and control of the country that contributes. In my mind, it’s going to be difficult to achieve that level of coordination that we’re used to in military operations, even in a NATO context.” Sovereign cyber effects provided voluntarily by allies is the concept NATO is looking to implement. Cyber and NATO experts have explained that if a cyber effect is needed for a particular operation, those with the capability, capacity, authority and access will volunteer to provide it on behalf of the alliance. Several experts have said members states that are both willing and capable of offensive operations number about a half dozen.

Wired
November 20, 2019
Iranian hackers have carried out some of the most disruptive acts of digital sabotage of the last decade, wiping entire computer networks in waves of cyberattacks across the Middle East and occasionally even the US. But now one of Iran's most active hacker groups appears to have shifted focus. Rather than just standard IT networks, they're targeting the physical control systems used in electric utilities, manufacturing, and oil refineries. At the CyberwarCon conference in Arlington, Virginia, on Thursday, Microsoft security researcher Ned Moran plans to present new findings from the company's threat intelligence group that show a shift in the activity of the Iranian hacker group APT33, also known by the names Holmium, Refined Kitten, or Elfin. Microsoft has watched the group carry out so-called password-spraying attacks over the past year that try just a few common passwords across user accounts at tens of thousands of organizations. That's generally considered a crude and indiscriminate form of hacking. But over the last two months, Microsoft says APT33 has significantly narrowed its password spraying to around 2,000 organizations per month, while increasing the number of accounts targeted at each of those organizations almost tenfold on average.

Reuters
November 19, 2019
Britain’s opposition Labour Party was using a $20-a-month “basic security” service to protect its website when hackers attempted to force it offline last week and temporarily slowed down online campaigning, according to internal emails seen by Reuters. Such entry-level protection is not recommended for large organizations at high risk of cyberattacks, but the messages show Labour has since decided against upgrading to an increased security package on grounds of cost. Labour and Britain’s governing Conservative Party were hit by back-to-back cyberattacks last week, just days into an election campaign security officials have warned could be disrupted by foreign hackers. Labour uses the services of cybersecurity firm Cloudflare to help protect its website from attacks, party emails show, but only the level the company recommends for “professional websites, blogs, and portfolios requiring basic security.”

AP
November 19, 2019
Deployed inside the sprawling communist-era army command headquarters in Montenegro’s capital, an elite team of U.S. military cyber experts are plotting strategy in a fight against potential Russian and other cyberattacks ahead of the 2020 American and Montenegrin elections. With its pristine rocky mountains, lush green forests and deep blue seas, the tiny Balkan state seems an unlikely location for waging global cyber warfare. But after the newest NATO nation was targeted by Russia-linked hackers and following a Moscow-backed coup attempt in Montenegro in 2016, the U.S. military dispatched their cyber experts to the Adriatic Sea nation. Montenegro is in the Balkans, a strategic area where Russia has been seeking to restore its historic influence. The country of just over 600,000 people joined NATO in 2017, defying strong opposition from Moscow. It has proven to be a key Western ally in the volatile region that went through a devastating war in the 1990s’. Montenegrin Defense Minister Predrag Boskovic — careful not to mention Russia — said preventing cyberattacks and disinformation campaigns is key to protecting the Balkans from returning to the chaos of the war years in the 1990s, when tens of thousands of people died during the breakup of the former Yugoslavia.

CyberScoop
November 18, 2019
A cybercrime-focused resolution backed by Russia passed Monday in the United Nations, despite calls from the U.S. that the measure would further hamper efforts to root out crime on the internet. The resolution, which passed 88-58 with 34 abstentions, aims to establish a group to examine cybercrime and set up a convention to prevent it. However, human rights groups have argued that the resolution is actually an effort by the Kremlin to expand its model of state-backed internet control. In particular, the resolution calls for a check on the “use of information and communications technologies for criminal purposes.” Which activities it aims to curb exactly is unclear. Thirty-six rights groups argue in a letter that the resolution is so vague that it could lead to the criminalization of ordinary online activities that journalists, human rights groups, and other members of civil society rely on, such as using encrypted chat applications. The resolution could also “give wide-ranging power to governments to block websites deemed critical of the authorities, or even entire networks, applications and services that facilitate online exchange of and access to information,” the coalition of organizations, which includes the Electronic Frontier Foundation, writes in its appeal.

Gov Info Security
November 18, 2019
The Australian Parliament's computer network was compromised in January after politicians browsed a legitimate website that was compromised. Sen. Scott Ryan, president of the Senate, revealed the style of attack, which hadn't been discussed before, on Thursday during a hearing of the Finance and Public Administration Legislation Committee. A transcript of the hearing is posted on Parliament's website. "While I do not propose to discuss operational security matters in detail, I can state that a small number of users visited a legitimate external website that had been compromised," Ryan says. "This caused malware to be injected into the Parliamentary Computing Network." In February, Prime Minister Scott Morrison said a "sophisticated state actor." widely speculated to be China, was likely behind a breach of Parliament's network. In September, Reuters reported that Australia's intelligence agencies concluded that China was behind the attack against Parliament, along with attacks against three political parties ahead of May's general election. The Australian Signals Intelligence Organization concluded that China's Ministry of State Security was involved. The conclusion was recommended to be kept secret to avoid disrupting trade relations with China, Reuters reported. China disputed the finding.


TECHNOLOGY

ZDNet
November 20, 2019
A cybercrime group is enslaving Linux servers running vulnerable Webmin apps into a new botnet that security researchers are currently tracking under the name of Roboto. The botnet's appearance dates back to this summer and is linked to the disclosure of a major security flaw in a web app installed on more than 215,000 servers -- which is the perfect cannon fodder to build a botnet on top. Back in August, the team behind Webmin, a web-based remote management app for Linux systems, disclosed and patched a vulnerability that allowed attackers to run malicious code with root privileges and take over older Webmin versions. Because of the security flaw's easy exploitation and the vast number of vulnerable systems, attacks against Webmin installs began days after the vulnerability was disclosed.

Ars Technica
November 19, 2019
The official site for the Monero digital coin was hacked to deliver currency-stealing malware to users who were downloading wallet software, officials with GetMonero.org said on Tuesday. The supply-chain attack came to light on Monday when a site user reported that the cryptographic hash for a command-line interface wallet downloaded from the site didn't match the hash listed on the page. Over the next several hours, users discovered that the miss-matching hash wasn't the result of an error. Instead, it was an attack designed to infect GetMonero users with malware. Site officials later confirmed that finding. "It's strongly recommended to anyone who downloaded the CLI wallet from this website between Monday 18th 2:30 AM UTC and 4:30 PM UTC, to check the hashes of their binaries," GetMonero officials wrote. "If they don't match the official ones, delete the files and download them again. Do not run the compromised binaries for any reason."