Master plus master equals masterpiece …
The Crack Squad of Librarians Who Track Down Half-Forgotten Books - Atlas Obscura – Reuniting stumped readers with the books from the edges of their memories. “The carpet was khaki, the lights yellow, the walls a dishwater beige. The basement computer lab in Midtown Manhattan didn’t have much ambience. But 20 librarians from the New York Public Library were seated in the room—and they were there to crack mysteries. Their tools were a whiteboard, a marker, a series of screens, and a metal bell of the sort you’d find on a hotel-lobby desk. Whenever it dinged, it meant a case had been closed. Before we each had a little, flickering encyclopedia in our hands, we had librarians, and they’re still experts at finding the answers to tricky questions. Through the Ask NYPL portal, a decades-old phone and text service, the staff has triaged everything from queries about the Pope’s sex life to what it means if you dream about being chased by elephants. The library staff are ace researchers with a massive trove at their fingertips. A sense of mystery in their work comes when people approach them with vague questions and patchy details—particularly when they’re looking for books, but they don’t remember the authors or titles. A few years ago, staffers in the New York Public Library’s reader services division drafted a blog post about how to track down a book when its title eludes you. This post spurred a follow-up, in which reader services librarian Gwen Glazer recommended library resources and a number of other strategies (among them are Goodreads groups, a sprawling Reddit thread called whatsthatbook, an indie bookseller in Ohio who is happy to poke around for a $4 fee). Thanks to Google—“how to find a book”—many stumped people seem to land on that post, and they have often written about their enduring puzzles in the comments section. The messages now number in the thousands. Glazer says she often arrives at work to see another 10 title requests…” via (Cold River: The Cold Truth of Freedom: Jozef Imrich ...)
A waste incinerator plant is being proposed for Matraville, which could involve thousands of tonnes of rubbish being burned to help power the Orora paper mill. The proposal is a joint venture between Orora and waste management firm Suez. ... Despite thousands of tonnes of waste ...
The community in Western Sydney is celebrating the Independent Planning Commission’s (IPC) decision made on July 19 to dump The Next Generation’s application for a waste-to-energy incinerator at Eastern Creek that would have affected air quality throughout Sydney.
Fifth
Domain
September
13, 2019
Recruiting
more cyber professionals is the key to improving the Army’s cyber capabilities,
Ryan McCarthy, the White House nominee to become the next service secretary,
told senators in a Sept. 12 hearing. While the Army’s cyber capabilities got
short shrift in the two hour hearing before the Senate Armed Services
Committee, McCarthy, who is serving as the acting secretary, provided insight
into his views on the subject under questioning from Sen. Marsha Blackburn,
R-Tenn. Central to the Army’s efforts to improve its cyber capabilities is
convincing skilled people to work with the Army instead of working in the
private sector, he explained. “It’s people,” he said. “We have to recruit more
cyber experts. It’s a very difficult skill set to recruit, and even harder to
retain.” The Army has had some success in convincing cyber experts to stay
involved as they transition to the private sector through total force
solutions. Additionally, Army Futures Command has built connections with
academic institutions to develop capabilities and recruit a workforce.
The Hill
September
12, 2019
Lawmakers
on both sides of the aisle are mulling how to address the spate of ransomware
attacks that have brought some state and local governments to their knees over
the past few months. The ransomware attacks, which involve an individual or
group encrypting a computer system and demanding money to allow the user to
regain access, have crippled districts, libraries and municipal governments. In
the past week, attacks on the school district in Flagstaff, Ariz., forced the
cancellation of classes for two days. And in Florida’s Wakulla County, an
attack left school employees unable to securely send emails. There have also
been ransomware attacks on school districts in Oklahoma, Virginia and New York.
In Louisiana, Gov. John Bel Edwards (D) declared a state of emergency after
multiple school districts were hit with by ransomware attacks in July. Despite
the widespread attacks and pending legislation, lawmakers have yet to coalesce
around a unified strategy for countering the threats. “It’s a top priority of
the committee, and we’ll continue oversight, we’ll continue looking at the
issue. I can’t tell you anything specific we are going to do, though,” said
Sen. Ron Johnson (R-Wis.), chairman of the Senate Homeland Security and
Governmental Affairs Committee. Sen. Gary Peters (Mich.), the top Democrat on
the committee, told The Hill on Wednesday that ransomware poses an “epidemic
problem."
FCW
September
11, 2019
Much of the
cybersecurity policy debate in Washington, D.C., tends to focus on the IT
systems, networks and devices used by agencies, organizations and consumers.
However, the underlying architecture that powers such tools is also increasingly
under threat, as a number of high-profile attacks against internet
infrastructure in recent years have demonstrated. That architecture is sprawled
across the globe in the form of underground and undersea cables, local and
regional bandwidth networks and internet exchange points. No single entity owns
or manages more than a fraction and in general, individuals, companies and
governments all rely on the same foundation to access the Internet.
Additionally, those foundations were largely built up over decades for speed
and ease of communication, not security. In a Sept. 10 hearing, House Armed
Services Committee Chair Jim Langevin (D-R.I.) warned that even as government
agencies like the Departments of Homeland Security, Defense, Commerce and
others have moved to establish clearly defined roles in the cyber policy
ecosystem, no one entity is responsible for overseeing the underlying
infrastructure that powers the World Wide Web.
The Hill
September
9, 2019
Three
former secretaries of the Department of Homeland Security (DHS) on Monday
testified that cybersecurity threats to elections and other critical
infrastructure are major issues that could impact the security of the nation.
Former DHS Secretaries Michael Chertoff, Janet Napolitano and Jeh Johnson all
discussed the severity of cyber threats to the U.S. while testifying in New
York City during a field hearing at the National September 11 Memorial Museum
held by the Senate Homeland Security and Governmental Affairs Committee.
Napolitano, who served as secretary under former President Obama from 2009
through 2013, listed cybersecurity as one of the top three threats DHS “can and
must confront,” pointing to vulnerabilities in election infrastructure, utility
grids and other critical infrastructure as putting the country at risk. “Our
adversaries and international criminal organizations have become more
determined and more brazen in their efforts to attack us and to steal from us,”
Napolitano said. “We need a whole of government and a whole of public and
private sector response to this threat, and it needs to happen immediately.
ADMINISTRATION
AP
September
13, 2019
Three North
Korean hacking groups suspected of perpetrating cyberattacks around the world
were placed on a U.S. sanctions list on Friday, drawing attention to the
isolated nation's illegal efforts to fund its nuclear and ballistic missile
programs. The Treasury Department said the so-called Lazarus Group, Bluenoroff
and Andariel are controlled by the North Korean government. It said Lazarus
Group was behind the devastating WannaCry ransomware, which froze 300,000
computers across 150 countries in 2017, and the destructive cyberattack against
Sony Pictures Entertainment in 2014. The U.S. government's action makes it
easier to seize any assets the hacking groups may have within the jurisdiction
of American financial institutions, though they are likely to be limited if
they exist at all. It may also have been intended to send a message and bring
North Korea's behavior into the light, said John Hultquist, director of
intelligence analysis at cybersecurity firm FireEye. "(T)hat's important
because this isn't about two governments, this is about North Korea and the
private financial sectors of countries all around the world," Hultquist
said. "It's important to put a flag on it and get this information out
there, even if it will come to no avail."
WNYT
September
13, 2019
On Friday
officials with the City of Albany spoke about the amount spent in response to
the ransomware attack that took place in March. A FOIL request submitted to the
city was answered on Friday. Earlier this month NewsChannel 13 inquired about
the amount of funds used to cover overtime for employees working to re-enter
lost data, hardware and software system upgrades, credit monitoring services
for city employees and professional cybersecurity services. Those costs total a
little over $161,000. However, at an event Albany Mayor Kathy Sheehan said
they've spent well over $300,000 in response to the attack. NewsChannel
13 asked city hall for a complete breakdown of those costs, but did not hear
back on Friday. The city still hasn’t said how much ransomware hackers were
demanding when they locked up all their systems in late March. The FBI and
other cybersecurity experts generally advise against paying the ransom. Though
cybersecurity experts that spoke with NewsChannel 13 in March said ransomware
hackers typically do restore the system after receiving money from the
indivivual, business or municipality.
FCW
September 12,
2019
The White
House released a new Trusted Internet Connection policy Sept. 12 to bring the
rules governing how federal agencies connect to the internet in line with
current cloud and managed services technology. The new policy "includes
pathways to take advantage of modern technology and capabilities and software
that wasn't even imagined with that original policy was written," Federal
CIO Suzette Kent said at a FedScoop event. The TIC policy, she said, was the
final major technology policy rewrite of rules that were more than five years
old. Under the new guidance, agencies are expected to have updates to their
network policies completed within one year. The traditional TIC policy was
designed to reduce and consolidate agency connections to the internet and
manage connections emanating from a single building or office. As a practical
matter, this policy set up a series of checks and blocks that introduce
latencies that work against the speed and scale of cloud. The new policy adds
three new uses cases to the traditional TIC. The cloud use case supports
managed services in infrastructure, software, email and platform. A use case to
support agency branch offices is designed to accommodate the use of
Software-Defined Wide Area Network technology. The third is designed to support
telework and advances how individual users outside a network perimeter connect
to their agency's network and cloud.
Nextgov
September
11, 2019
The
Homeland Security Department is standing up a new committee—the Transatlantic
Aviation Industry Roundtable—to engage all relevant flight stakeholders and
address critical security issues that threaten the open skies, according to a
document published in the Federal Register Wednesday. “An effective committee
must be able to have ongoing, immediate, and multi-directional communication
and coordination under highly exigent circumstances,” agency officials wrote in
the document. “In furtherance of DHS' mission to protect the homeland, the
public interest requires the establishment of the TAIR.” In consultation with
the Secretary of State for the Home Office of the United Kingdom of Great
Britain and Northern Ireland, Homeland Security is establishing the committee
to serve as a forum for the agency and its relevant English counterparts to
boost their coordination. Members of the group, who will be appointed by the
agency’s secretary and serve applicable terms, will collaborate on a wide
variety of issues targeting the transatlantic flight landscape, including
global security improvements, information sharing, insider threats,
cybersecurity and enhancements to security technologies, among others.
FCW
September
11, 2019
Contractors
will soon have to get cyber certified to do business with the Defense
Department. But there's early concern that the Cybersecurity Maturity Model
Certification framework would block DOD's efforts to leverage startups.
Alexander Major and Franklin Turner, partners and co-leads for government
contracts at McCarter & English LLP, told FCW that the rules could have a
negative impact on small businesses and startups. "Until we see the whole
scope of who it's going to apply to and why it's going to apply to them, it
could impact a lot of small companies," Major said. And because this
standard, as it is now presented, would broadly include any company in the DOD
supply chain, that opens up more companies that would have to comply -- or risk
losing business.
The
Baltimore Sun
September
11, 2019
Baltimore’s
auditor said Wednesday that the city’s information technology department lost
performance data when hackers locked city files in May — the first disclosure
of data being destroyed in the attack. Auditor Josh Pasch told the mayor and
other top city officials at a meeting of the city’s spending board that without
the data, his team has been unable to check some claims the department made
about its performance. The data was stored locally and not backed up. “Our
recommendation to BCIT for this was to go ahead and revisit and implement a
backup system,” Pasch told the board. Hackers struck in May, encrypting files
using ransomware and demanding payment for the decryption keys. The encryption
used in such attacks is typically unbreakable, meaning that files not saved in
another location can be lost for good. Democratic Mayor Bernard C. “Jack” Young
refused to pay the ransom and teams set about rebuilding the city’s computer
systems. It’s not clear how much data might have been permanently lost as a
result of the attack.
Nextgov
September
9, 2019
As of Tuesday,
government agencies—civilian and defense—have an official, final rule
prohibiting them from using cybersecurity products provided by or using
software made by Russia-based Kaspersky Lab. The federal agencies that lead the
Federal Acquisition Regulation Council—the Defense Department, General Services
Administration and NASA—will publish a final rule Tuesday to the Federal
Register outlining how agencies should abide by a provision in the 2018
National Defense Authorization Act restricting the use of Kaspersky products.
Legislators enacted the law in response to concerns from the U.S. intelligence
community that Kaspersky executives—some of whom are former Russian
intelligence officers—have close ties to Russian government officials. U.S.
officials also expressed concern that Russian law would compel the company to
share sensitive cybersecurity information on U.S. agencies gleaned through
their platform with the Russian government. Agencies were already under mandate
from the Homeland Security Department to remove all Kaspersky products from
their systems by October 2017, but the acquisition rule extends that to
contractors providing services to federal agencies.
Ars
Technica
September 9,
2019
Scraping a
public website without the approval of the website's owner isn't a violation of
the Computer Fraud and Abuse Act, an appeals court ruled on Monday. The ruling
comes in a legal battle that pits Microsoft-owned LinkedIn against a small
data-analytics company called hiQ Labs. HiQ scrapes data from the public
profiles of LinkedIn users, then uses the data to help companies better
understand their own workforces. After tolerating hiQ's scraping activities for
several years, LinkedIn sent the company a cease-and-desist letter in 2017
demanding that hiQ stop harvesting data from LinkedIn profiles. Among other
things, LinkedIn argued that hiQ was violating the Computer Fraud and Abuse
Act, America's main anti-hacking law. This posed an existential threat to hiQ
because the LinkedIn website is hiQ's main source of data about clients'
employees. So hiQ sued LinkedIn, seeking not only a declaration that its
scraping activities were not hacking but also an order banning LinkedIn from
interfering. A trial court sided with hiQ in 2017. On Monday, the 9th Circuit
Appeals Court agreed with the lower court, holding that the Computer Fraud and
Abuse Act simply doesn't apply to information that's available to the general
public.
Nextgov
September 9,
2019
Though the
Education Department solidified its plans to honor the nation’s top cyber
educators through the recently-mandated Presidential Cybersecurity Education
Award in May 2020, the Office of Management and Budget will need to provide an
urgent clearance to help the agency ensure everything rolls out on time,
according to a request for comments set to be published in the Federal Register
Tuesday. “The department is requesting OMB approval of the emergency
information collection by September 25, 2019,” insiders wrote in the document.
“A regular clearance process is also hereby being initiated.” The president
issued an executive order in May aiming to grow and strengthen the nation’s
cyber workforce. The order encompassed a variety of new initiatives including a
President’s Cup competition, the institution of a federal rotational program
and multiple awards for government employees and teachers alike. The specific
educational award listed in this request for comments aims to honor “one
elementary and one secondary school educator per year who best instill skills,
knowledge, and passion with respect to cybersecurity and cybersecurity related
subjects.” In the document, Education said certain “conditions” catalyzed its
need for emergency clearance.
The agency
aims to announce the award to the public in early October, in recognition of
National Cybersecurity Awareness Month, but it cannot accept nominations until
a System of Records Notice is published in the register. Education expects the
notice to be published by or before December and it hopes to accept nominations
until the end of Jan. 2020.
CyberScoop
September
8, 2019
U.S. Cyber
Command’s largest-ever upload to VirusTotal exposes malware linked with North
Korean government hackers, according to security researchers. Several of the
malware samples have been tied to hackers from the so-called Lazarus Group,
which the U.S. government has linked with the North Korean government.
Specifically, the samples look to be what’s known as “HOPLIGHT,” a trojan that
has been used to gather information on victims’ operating systems and uses a
public SSL certificate for secure communications with attackers. Cyber Command
uploaded 11 malware samples in all. FireEye Managing Principal Threat Analyst
Andrew Thompson said the upload signals to North Korea‘s government that it
can’t remain anonymous in cyberspace. “Will this deter intelligence activities?
Of course not. That’s foolish. What it does do is articulate [North Koreans]
aren’t operating free from attribution, which limits the range of activities
they should see as being of acceptable risk. That is one of the reasons
attribution matters,” Thompson tweeted, adding the post could possibly change
North Korean behavior. “The signal to [North Korea] that their activities are
attributable does matter. The significance is [North Korea] can’t just do
whatever they want to do with anonymity. That’s behavior shaping.”
INDUSTRY
Ars Technica
September
12, 2019
Hackers are
actively exploiting a critical weakness found in most mobile phones to
surreptitiously track the location of users and possibly carry out other
nefarious actions, researchers warned on Thursday. The so-called Simjacker
exploits work across a wide range of mobile devices, regardless of the hardware
or software they rely on, researchers with telecom security firm AdaptiveMobile
Security said in a post. The attacks work by exploiting an interface intended
to be used solely by cell carriers so they can communicate directly with the
SIM cards inside subscribers’ phones. The carriers can use the interface to
provide specialized services such as using the data stored on the SIM to
provide account balances. Simjacker abuses the interface by sending commands
that track the location and obtain the IMEI identification code of phones. They
might also cause phones to make calls, send text messages, or perform a range
of other commands.
ZDNet
September
12, 2019
Google is
urging Chromebook users to update devices to fix a critical vulnerability in an
experimental Chrome OS feature that handles two-factor authentication
procedures. The vulnerability impacts the Chrome OS feature known as the
"built-in security key." The feature works by allowing users to use a
Chromebook device similar to a hardware-based USB/NFC/Bluetooth security key.
The feature can be used when registering or logging into a website. Users can
press the Chromebook power button, which will send a cryptographic token to the
website, similar to how a classic hardware key would normally work. The
difference is that the user is using his Chromebook as proof of ownership and
identity, instead of a small USB, NFC, or Bluetooth-based key. But earlier this
year, Google engineers discovered a vulnerability in the firmware of H1 chips, which
are used to process the cryptographic operations part of the "built-in
security key" feature. Google found that the chip's firmware was
mishandling some operations, and accidentally cutting the length of some
cryptographic signatures, making them easier to break.
Gov Info
Security
September
12, 2019
Two years
after WannaCry wreaked havoc via unpatched SMB_v1 and three years after Mirai
infected internet of things devices en masse via default credentials, attackers
continue to target the same flaws, security experts warn. Attackers built the
wormable crypto-locking WannaCry malware to exploit Windows systems running an
unpatched version of SMB_v1 that were vulnerable to an exploit code named
EternalBlue. Mirai, meanwhile, targeted the large numbers of IoT devices that
ship with default - or sometimes hard coded - usernames and passwords. Those
include routers, security cameras and digital video recorders, among other
devices. Hackers who gained remote access to these devices often turned them
into internet-connected launching pads for further attacks. Unfortunately,
attacks targeting SMB_v1 and IoT devices are alive, well and escalating,
researchers at Helsinki, Finland-based cybersecurity firm F-Secure warn in a
new report. F-Secure says its network of honeypots - decoy servers that allow
researchers to see what attackers are targeting and how - has recorded a 250
percent surge in attack traffic in the first half of this year, compared with
the second half of 2018.
CyberScoop
September
11, 2019
Internet
services and cybersecurity provider Cloudflare has acknowledged it may have
violated U.S. sanctions by doing business with terrorist groups and
international drug traffickers, an admission that comes as the San Francisco
company prepares to go public as soon as this week. Cloudflare voluntarily
disclosed the possible economic and trade sanction violations to the U.S.
Department of Treasury in its S-1 filing, amended to stipulate that Cloudflare
technology was “used by, or for the benefit of, certain individuals or
entities” named on the Office of Foreign Assets Control’s list of Specially
Designated Nationals, as the Wall Street Journal first reported. The filing
does not name specific parties, saying only that the group includes “entities
identified in OFAC’s counter-terrorism and counter-narcotics trafficking
sanctions programs, or affiliated with governments currently subject to comprehensive
U.S. sanctions.” A small number of those entities also made payments to
Cloudflare.
ZDNet
September
11, 2019
Google has
announced plans to officially test the new DNS-over-HTTPS (DoH) protocol inside
Google Chrome starting with v78, scheduled for release in late October this
year. The DNS-over-HTTPS protocol works by sending DNS requests to special
DoH-compatible DNS resolvers. The benefit comes from the fact that DNS requests
are sent via port 443, as encrypted HTTPS traffic, rather than cleartext, via
port 53. This hides DoH requests in the unending stream of HTTPS traffic that
moves across the web at any moment of the day and prevents third-party
observers from tracking users' browsing histories by recording and looking at
their unencrypted DNS data. The news that Google is looking into testing DoH in
Chrome comes just as Mozilla announced plans over the weekend to gradually
enable DoH by default for a small subset of users in the US later this month.
If Mozilla's plan goes as expected, the browser maker hopes to have the feature
enabled by default for all US users by next year.
Gov Info
Security
September
11, 2019
As part of
its September Patch Tuesday security update, Microsoft issued software fixes
for two vulnerabilities in several versions of Windows that it says are being
exploited by attackers in the wild. These two zero-day vulnerabilities are
considered elevation of privilege flaws that could allow an attacker to run
malicious code by using administrative privileges within an infected Windows
device, according to the Microsoft advisory. The two vulnerabilities were among
nearly 80 vulnerabilities for which Microsoft issued patches on Tuesday. Some
17 vulnerabilities were listed as critical. One of the zero-day vulnerabilities
that's already being exploited - referred to as CVE-2019-1214 - is found in
older versions of Windows and affects the operating system's Common Log File
System Driver. If exploited, it can enable an attacker to gain administrative
privileges within an infected Windows devices, according to an analysis by
TrendMicro's Zero Day Initiative. The second vulnerability that's being
exploited - CVE-2019-1215 - affects the ws2ifsl.sys, or Winsock service, which
is found in older and newer versions of Windows, according to the TrendMicro
analysis. An attacker can use this flaw to escalate privileges from user to
administrator within an infected devices to spread malicious code.
The San
Francisco Chronicle
September
11, 2019
Cybersecurity
company Symantec is cutting 152 jobs at its Mountain View headquarters and 18
in San Francisco, along with 36 in Culver City (Los Angeles County), a
California filing revealed, giving a sense of planned job cuts’ local impact.
The tech company, with more than 11,000 employees worldwide, serves more than
50 million people with Norton antivirus software and LifeLock identity theft
protection, but agreed last month to sell its enterprise division, which
protects larger businesses, to chipmaker Broadcom of San Jose. On August 8, the
same day it revealed the enterprise deal, Symantec warned of job cuts, saying
it would reduce employment by 7% through next March. Employees were notified of
the layoffs that day, according to a company filing, with their employment
ending October 15. The company said it planned to downsize, vacate or close
certain facilities and data centers.
Ars
Technica
September
10, 2019
In late
2011, Intel introduced a performance enhancement to its line of server
processors that allowed network cards and other peripherals to connect directly
to a CPU's last-level cache, rather than following the standard (and
significantly longer) path through the server's main memory. By avoiding system
memory, Intel's DDIO—short for Data-Direct I/O—increased input/output bandwidth
and reduced latency and power consumption. Now, researchers are warning that,
in certain scenarios, attackers can abuse DDIO to obtain keystrokes and
possibly other types of sensitive data that flow through the memory of
vulnerable servers. The most serious form of attack can take place in data
centers and cloud environments that have both DDIO and remote direct memory
access enabled to allow servers to exchange data. A server leased by a
malicious hacker could abuse the vulnerability to attack other customers. To
prove their point, the researchers devised an attack that allows a server to
steal keystrokes typed into the protected SSH (or secure shell session)
established between another server and an application server.
Reuters
September
10, 2019
The
Israeli-based NSO Group said on Tuesday it would abide by U.N. guidelines to
prevent rights abuses, following accusations by cyber experts that its software
was used in a number of government surveillance scandals. Human rights group
Amnesty International, which has asked Israel's government to revoke NSO's
export license, was sceptical that NSO's new policies would make a difference.
NSO is best known as a supplier of surveillance tools to governments and law
enforcers, and says its products tackle and prevent serious crimes and support
search and rescue operations after natural disasters. But its cellphone hacking
software, Pegasus, has been linked to political surveillance in Mexico, the
United Arab Emirates and Saudi Arabia, according to University of Toronto's
Citizen Lab, which researches digital surveillance, security, privacy and
accountability. Shalev Hulio, co-founder and chief executive of NSO, said:
"NSO's products provide governments with the tools to help stop the
world's worst terror attacks and most dangerous criminals. But (we) also
understand that misuse could represent human rights violations." NSO said
it would from now on systematically apply U.N. procedures set in 2011 to
identify risks that its technology could harm human rights, and then prevent or
mitigate them.
Gov Info
Security
September
9, 2019
The
Wikimedia Foundation, which oversees the popular online encyclopedia, is
investigating a distributed denial-of-service attack that temporarily blocked
access to several of its regional sites over the weekend in parts of Europe as
well as the Middle East. In a statement, the foundation said that by Monday,
access to all of the Wikipedia sites affected by the DDoS attack had been
restored, and the not-for-profit organization was continuing to restore its
infrastructure as well as investigate the cause of the attack. The attack,
which started sometime on Friday, affected several Wikipedia sites in Europe -
including Poland, France, Germany and Italy - as well as parts of the Middle
East, including Israel, according to downdetector.com. Wikipedia remains one of
the world's most popular websites, ranking in the Top 10, according to an
analysis by Amazon Alexa. "As one of the world's most popular sites,
Wikipedia sometimes attracts 'bad faith' actors," Wikemedia Foundation
says in its statement. "We condemn these sorts of attacks. They're not
just about taking Wikipedia offline. Takedown attacks threaten everyone's
fundamental rights to freely access and share information. We in the Wikimedia
movement and foundation are committed to protecting these rights for
everyone."
CyberScoop
September
9, 2019
Microsoft
and the Hewlett Foundation are preparing to launch a nonprofit organization
dedicated to exposing the details of harmful cyberattacks and providing
assistance to victims in an effort to highlight their costs, CyberScoop has
learned. Known to its organizers as the “Cyber Peace Institute,” the nonprofit
is expected to debut in the coming weeks, according to multiple sources who
have discussed it with the organizers. The institute aims to investigate and
provide analytical information on large-scale attacks against civilian targets,
assess the costs of these attacks and give security tools to both individuals
and organizations that will help them become more resilient, according to a
description of the nonprofit provided during a session at the 2019 B-Sides Las
Vegas cybersecurity conference. “We have a shared global responsibility to
prevent the Internet from becoming ‘weaponized’ by increasing attacks by
criminal groups and state actors alike,” the description reads. “We already
have global organizations to tackle physical emergencies and now we need new
ones to help with their counterparts in cyberspace.” Besides Microsoft and the
Hewlett Foundation, supporters include Facebook, Mastercard and the Ford
Foundation.
INTERNATIONAL
ZDNet
September 13,
2019
The New
Zealand government has announced it will provide NZ$10 million over five years
to support Pacific countries as they develop national cybersecurity strategies
to secure infrastructure and data, enhance online safety, and implement new
cyber crime laws. Minister of Foreign Affairs Winston Peters said it will help
Pacific countries respond to cybersecurity risks in the region. "With
improvements in connectivity in the region, Pacific countries are seeing an
increased risk of cybersecurity threats and New Zealand is committed to
supporting our Pacific neighbours to provide a safe, secure online environment
for their citizens and to maximise the benefits of a free and open internet
while minimising cybersecurity risks," he said. As part of the initiative,
the NZ government said a dedicated Pacific partnership advisor role would be
created within New Zealand's Computer Emergency Response Team (CERT) to work
with Pacific countries to help enhance their cyber capabilities.
Wired
September 12,
2019
For nearly
three years, the December 2016 cyberattack on the Ukrainian power grid has
presented a menacing puzzle. Two days before Christmas that year, Russian
hackers planted a unique specimen of malware in the network of Ukraine's
national grid operator, Ukrenergo. Just before midnight, they used it to open every
circuit breaker in a transmission station north of Kyiv. The result was one of
the most dramatic attacks in Russia's years-long cyberwar against its western
neighbor, an unprecedented, automated blackout across a broad swath of
Ukraine's capital. But an hour later, Ukrenergo's operators were able to simply
switch the power back on again. Which raised the question: Why would Russia's
hackers build a sophisticated cyberweapon and plant it in the heart of a
nation's power grid only to trigger a one-hour blackout? A new theory offers a
potential answer. Researchers at the industrial-control system cybersecurity
firm Dragos have reconstructed a timeline of the 2016 blackout attack based on
a reexamination of the malware’s code and network logs pulled from Ukrenergo’s
systems. They say that hackers intended not merely to cause a short-lived
disruption of the Ukrainian grid but to inflict lasting damage that could have
led to power outages for weeks or even months. That distinction would make the
blackout malware one of only three pieces of code ever spotted in the wild
aimed at not just disrupting physical equipment but destroying it, as Stuxnet
did in Iran in 2009 and 2010 and the malware Triton was designed to do in a
Saudi Arabian oil refinery in 2017.
Politico
September 12,
2019
The U.S.
government concluded within the past two years that Israel was most likely
behind the placement of cellphone surveillance devices that were found near the
White House and other sensitive locations around Washington, according to three
former senior U.S. officials with knowledge of the matter. But unlike most
other occasions when flagrant incidents of foreign spying have been discovered
on American soil, the Trump administration did not rebuke the Israeli
government, and there were no consequences for Israel’s behavior, one of the
former officials said. The miniature surveillance devices, colloquially known
as “StingRays,” mimic regular cell towers to fool cellphones into giving them
their locations and identity information. Formally called international mobile
subscriber identity-catchers or IMSI-catchers, they also can capture the
contents of calls and data use. The devices were likely intended to spy on
President Donald Trump, one of the former officials said, as well as his top
aides and closest associates — though it’s not clear whether the Israeli
efforts were successful.
Reuters
September
12, 2019
The United
States has raised its concerns with Gulf allies over a possible security risk
in using Huawei’s technology for their 5G mobile infrastructure, U.S. officials
said on Thursday. Washington has been warning allies against using the Chinese
company’s equipment, which it says presents a security risk, but has so far
largely made public comments to European states. Huawei has repeatedly denied
the U.S. allegations, which were raised last week during a visit by Federal
Communications Commission Chair Ajit Pai to Saudi Arabia, the United Arab
Emirates, and Bahrain, all of which are using its equipment. “We shared a ...
message about the importance of securing 5G technology and applying risk based
security principles,” Robert Strayer, the U.S. State Department’s deputy
assistant secretary for cyber, international communications and information
policy said on Thursday. Washington says Huawei could be exploited by Beijing
and has threatened to cut off intelligence-sharing with nations that use its
equipment. China and Huawei deny the claims.
Ars
Technica
September 11,
2019
In March
2018, nine Iranians were criminally charged for their involvement with the
Mabna Institute, a company federal prosecutors said was created in 2013 for the
express purpose of using coordinated cyber intrusions to steal terabytes of
academic data from universities, academic journal publishers, tech companies,
and government organizations. Almost 18 months later, the group’s hacking
activities are still going strong, Secureworks, a Dell-owned security company,
said on Wednesday. The hacking group, which Secureworks researchers call Cobalt
Dickens, has recently undertaken a phishing operation that targeted more than
60 universities in countries including the US, Canada, the UK, Switzerland, and
Australia, according to a report. Starting in July, Cobalt Dickens used
malicious webpages that spoofed legitimate university resources in an attempt
to steal the passwords of targeted individuals.
CyberScoop
September 10,
2019
The U.S.
Department of Justice has announced the arrests of 281 people and the seizure of
nearly $3.7 million in connection with a four-month investigation into business
email compromise scams. Prosecutors on Tuesday detailed the results of an
elaborate interagency probe into BEC scams, which occur when thieves
impersonate a trusted co-worker, lover or other associate in order to convince
a victim to send them money or personal information. Among the accused are a
group of alleged scammers who defrauded a community college out of $5 million
from Illinois, two men in Texas who prosecutors say used 12 fictitious
identities to steal and launder more than $3 million, and a Florida crime ring
that relied on 18 money mules to launder $950,000. Seventy-four people were
taken into custody in the U.S, while there were also 167 arrests in Nigeria, 18
in Turkey, 15 in Ghana, and more in France, Italy, the U.K., Japan, Kenya and
Malaysia. “In unraveling this complex, nationwide identity theft and tax fraud
scheme, we discovered that the conspirators stole more than 250,000 identities
and filed more than 10,000 fraudulent tax returns, attempting to receive more
than $91 million in refunds,” Don Fort, head of the Internal Revenue Service’s
Criminal Investigation team, said in a statement.
CBC
September 9,
2019
The
U.S.-led North American Aerospace Defence Command (Norad) asked the Canadian
military to do an inventory of its bases and the surrounding civilian
infrastructure, looking for critical systems vulnerable to a cyberattack. The
letter to Canada's chief of the defence staff, written by then-Norad commander
U.S. Admiral William Gourtney just over three years ago, was obtained by CBC
News under access to information legislation. Despite the passage of time, two
leading cyber experts said the request highlights an enduring concern of both
defence planners and people in high-tech industries. The notion that a
cyberattack could shut down civilian infrastructure — such as power grids,
water treatment plants or traffic systems — in the vicinity of a military base
is nothing new. What is unusual is that Norad sought reassurance, at the
highest levels of the military, that Canada was on top of the evolving threat.
Reuters
September
9, 2019
Security
concerns in Poland and the Czech Republic over telecoms equipment made by
Huawei Technologies have not had a significant business impact despite creating
uncertainty, a deputy head of central Europe and the Nordics said. A warning
from the Czech cybersecurity watchdog that Huawei's technology could pose a
security threat and Poland's arrest of a Chinese Huawei employee and a former
Polish security official on spying allegations have put it under pressure.
"It is pretty much business as usual with a little bit more attention to
show that we are transparent, open and inclusive and we have nothing to
hide," Radoslaw Kedzia, Huawei's vice president of central Europe and the
Nordics, told Reuters. There had been no "no significant impact" on
business or major strategy shifts in the region since the concerns surfaced in
December, Kedzia said, adding that Huawei is contacting governments and
customers when security fears arise.
NL Times
September
9, 2019
The
Netherlands is not well prepared for large-scale cyber attacks, the scientific
council for government policy WRR said in a report on Monday. This applies to
the Dutch government, but also companies and society as a whole, according to
the council, NU.nl reports. At the moment there is too much "improvisation
and gambling" in dealing with cyber attacks themselves and the
consequences they entail, according to WRR. "With the increasing
interaction between physical and digital, our economy, national security, and
normal social life are endangered in unforeseen ways. There can be huge damage
and real casualties", the council said. Over the past years, the
Netherlands did a lot to prevent attacks, but attacks can never be ruled out
completely, the WRR said. And not enough thought is given to what can be done
to limit the damage of a large-scale attack. "The preparation for a
digital disruption hardly gets any attention."
TECHNOLOGY
Pro Publica
September
12, 2019
On July 3,
employees at Arbor Dental in Longview, Washington, noticed glitches in their
computers and couldn’t view X-rays. Arbor was one of dozens of dental clinics
in Oregon and Washington stymied by a ransomware attack that disrupted their
business and blocked access to patients’ records. But the hackers didn’t target
the clinics directly. Instead, they infiltrated them by exploiting vulnerable
cybersecurity at Portland-based PM Consultants Inc., which handled the
dentists’ software updates, firewalls and data backups. Arbor’s frantic calls
to PM went to voicemail, said Whitney Joy, the clinic’s office coordinator.
“The second it happened, they ghosted everybody,” she said. “They didn’t give
us a heads up.” The attack on the dental clinics illustrates a new and
worrisome frontier in ransomware — the targeting of managed service providers,
or MSPs, to which local governments, medical clinics, and other small- and
medium-sized businesses outsource their IT needs. While many MSPs offer
reliable support and data storage, others have proven inexperienced or understaffed,
unable to defend their own computer systems or help clients salvage files. As a
result, cybercriminals profit by infiltrating dozens of businesses or public
agencies with a single attack, while the beleaguered MSPs and their
incapacitated clients squabble over who should pay the ransom or recovery
costs.
