Friday, January 31, 2020

New York state wants to ban government agencies from paying ransomware demands


The Hill
January 24, 2020
Sen. Ron Wyden (D-Ore.) on Friday pressured the National Security Agency (NSA) on efforts to secure personal devices of government employees from foreign hackers and surveillance following news that Amazon CEO Jeff Bezos's phone was allegedly hacked by Saudi officials. Wyden, a member of the Senate Intelligence Committee, sent a letter to NSA Director Gen. Paul Nakasone asking for an update on a commitment made by former NSA Director Michael Rogers in 2018 that the agency would look into how key government institutions like the White House are guarding against hacking and surveillance operations. He also singled out senior White House adviser Jared Kushner, who in 2018 reportedly communicated via WhatsApp with Saudi Crown Prince Mohammed bin Salman, sometimes referred to as MBS. “Until the White House takes security seriously, the most sensitive secrets of this country will end up in enemy hands,” Wyden told reporters on Friday while discussing the letter. “So today, I am writing to the National Security Agency and asking them to evaluate the security risks of Jared Kushner, and other White House officials who may have messaged MBS, particularly on their personal devices.”


ADMINISTRATION

FCW
January 24, 2020
Under a recent policy change, the FBI will notify states if local election systems are hacked, but some state officials and lawmakers want the feds to commit to informing a broader range of stakeholders. The federal government, in particular the FBI, have taken heat for taking three years to notify the Florida state government and members of Congress that voter registration systems in two counties were breached by Russian hackers leading up to the 2016 elections. While U.S. officials have said they do not have any evidence that suggests voting machines or tallies were compromised, security experts say bad actors tampering with registration data can still sow confusion and wreak havoc on election day. Alabama Secretary of State John Merrill said he and his counterparts in other states spent years pressing the federal government to notify states about local election hacks, arguing that many counties and municipalities lack the technical resources to effectively respond to a breach of their election systems. The FBI's new policy does not include notifying members of Congress or the public when a system is breached, though bureau and DOJ officials told reporters last week they might to do so in extenuating circumstances. According to the FBI, the federal government does not prevent or inhibit states and localities from telling Congress or the public that one of their election systems have been hacked. Instead, it's left up to the victims to come forward.

StateScoop
January 24, 2020
Municipal workers in New Orleans discovered on Dec. 13 that their computer systems had been rendered inoperable by a virus demanding payment, making the city yet another victim of the global ransomware scourge that’s pestered state and local governments for the last several years. Recovery from the attack, which has since been attributed to the Ryuk strain of malware, has already cost New Orleans $7.2 million, and officials expect that figure to climb much higher by the time their devices and networks are fully restored. The incident confirmed a warning Mayor LaToya Cantrell had given to the New Orleans City Council last June when she was arguing that cybersecurity funding deserved to be included in the city’s budget for critical infrastructure. Some members were hesitant and said that protecting IT assets was not an infrastructure component. “I said, ‘like hell it isn’t’,” Cantrell recalled Thursday during a meeting of the U.S. Conference of Mayors in Washington. Cantrell said she got the funding, but when ransomware locked up the city’s computers last month, knocking websites offline and preventing social-services agencies from accessing electronic records, she was vindicated: “I was like, now what?” she said.

Nextgov
January 23, 2020
The latest publication in a long line of reports drawing attention to the State Department’s failure to secure its information technology-dependent systems from cyberattacks reflects a general mismanagement of resources. “Notwithstanding the expenditure of substantial resources by the Department,” reads a report State’s Office of the Inspector General released Wednesday, “the OIG continues to identify significant issues that put its information at risk.” The report follows a Jan. 14 letter Sen. Mark Warner, D-Va., sent to Secretary of State Mike Pompeo asking what steps he’s taken to address the shortcomings detailed in previous IG reports. Warner put the letter in the context of a “long history of information breaches” at State and recent tensions with Iran. The senator specifically noted an August OIG report that called attention to the absence of “two senior executive service positions responsible for cybersecurity” due to a hiring freeze, and a 2017 OIG report that stated the chief information officer was “not well placed to be held accountable for State Department Cybersecurity issues.” The report out Wednesday reiterated the 2017 findings, noting “lapses in the performance of duties by Information Systems Security Officers persisted in FY 2019” and pointed to overseas posts where problems were more extensive.

CyberScoop
January 23, 2020
The U.S. Department of Homeland Security’s cybersecurity outfit on Thursday issued an alert about six flaws in popular health care devices that could affect device functionality, expose patients’ health information or create other vulnerabilities. DHS’ Cybersecurity and Infrastructure Security Agency detailed the six vulnerabilities, known collectively as “MDhex,” lurking in medical technology manufactured by GE Healthcare. The issues exist in GE’s line of CARESCAPE patient monitors, including some versions of the Central Information Center product, the Apex Telemetry Server/Tower, the Central Station, a Telemetry Server and three monitor products (the B450, B650 and B850) that display vital patient information to hospital professionals. No known public exploits specifically target these vulnerabilities, CISA said in its alert. Five of the vulnerabilities were assigned a severity score of 10 on a scale of 1-10, while the sixth was rated an 8.5 on the National Infrastructure Advisory Council’s system. The New York-based security firm CyberMDX first found the issues.

KGW
January 23, 2020
Tillamook County has called in a forensic team to figure out what caused a virus to shut down their computers. Systems were infected with malware causing all computer systems and phones to stop working. The issue was first noticed Wednesday morning and IT staff immediately shut down computers hoping to stop the spread of the virus. County websites were unavailable as of Thursday evening and phones went straight to voicemail. "It's unusual that you come to work and you can't get on a computer," said Lt. Gordon McCraw with the Tillamook County Sheriff's Office. "Much of what we do is computer generated. So, again all we can do is set back and wait and see and learn from it."

Gov Info Security
January 23, 2020
The U.S. Cybersecurity and Infrastructure Security Agency on Wednesday warned that it's seen a surge in targeted attacks using a sophisticated strain of malware called Emotet. "Heads up! We're tracking a spike in Emotet and re-upping defensive guidance," Chris Krebs, CISA's director, said on Wednesday. While Emotet started life as a banking Trojan, over the past five years, developers have added additional functionality, including making the malware a dropper - aka downloader - so that it can be used to install additional malicious code on endpoints it's infected, as well as giving it the ability to scrape victims' PCs for contact information. In addition, other attackers have increasingly rented Emotet botnets to install other malware, including Trickbot and various strains of ransomware. Now, CISA says it's seeing a fresh surge in attacks.

ZDNet
January 23, 2020
Two New York state senators have proposed two bills last week to ban local municipalities and other government entities from using taxpayer money for paying ransomware demands. The first bill (S7246) was proposed by Republican NY Senator Phil Boyle on January 14. The second bill (S7289) was introduced by Democrat NY Senator David Carlucci, two days later, on January 16. Both bills are under discussion in committee, and is unclear which will move forward to a vote on the Senate floor. Both S7246 and S7289 have similar texts. The only difference between the two is that S7246 also proposes the creation of a state fund to help local municipalities improve their cyber-security posture.

NPR
January 22, 2020
A district encompassing Greater Seattle is set to become the first in which every voter can cast a ballot using a smartphone — a historic moment for American democracy. The King Conservation District, a state environmental agency that encompasses Seattle and more than 30 other cities, is scheduled to detail the plan at a news conference on Wednesday. About 1.2 million eligible voters could take part. The new technology will be used for a board of supervisors election, and ballots will be accepted from Wednesday through election day on Feb. 11. "This is the most fundamentally transformative reform you can do in democracy," said Bradley Tusk, the founder and CEO of Tusk Philanthropies, a nonprofit aimed at expanding mobile voting that is funding the King County pilot. But the move is sure to polarize the elections community as democracy-watchers across the country debate the age-old push-and-pull between voting access and voting security.

Nextgov
January 22, 2020
Two documents published in the Federal Register within the last week highlight how the Treasury Department is embracing a more active role for itself in protecting critical infrastructure in the financial sector from cybersecurity attacks, including by promoting industry’s perspective. Treasury’s Office of Cybersecurity and Critical Infrastructure Protection will take comments through March 23 on a proposal issued Wednesday toward identifying “cybersecurity and operational risks to and interdependencies within U.S. financial services sector critical infrastructure and to work collaboratively with industry and interagency partners to develop risk management and operational resilience initiatives.” Under the Paperwork Reduction Act, the office can currently only collect information from a maximum of nine companies at a time, a senior cyber policy advisor for Treasury explained. If approved, OCIP’s proposal would allow Treasury to engage with a broader array of stakeholders and to have a written record in response to questionnaires the department hopes to issue in the future.  “Part of our mission space is looking at the implementation of best practices,” Treasury official Elizabeth Irwin told Nextgov, noting the National Institute of Standards and Technology’s Cybersecurity Framework is one such example.

CyberScoop
January 22, 2020
The market for previously unknown, or zero-day, software exploits has come out of the shadows in recent years as exploit brokers openly advertise million-dollar payouts. But while zero-day brokers like Zerodium and Crowdfense sometimes outline the types of exploits they buy — whether for mobile or desktop devices — much less has been said about the market for exploits that affect industrial control systems (ICS), which support critical infrastructure sectors like energy and transportation. Sarah Freeman, an analyst at the Department of Energy’s Idaho National Laboratory, is trying to help fill that void in data and, in the process, show how the ICS exploit market can be a bellwether for threats. Freeman’s hypothesis was that “if you track these bounties, you can use them as precursors or tripwires for future adversary activity.” She argues that current tallies of zero-day exploits with ICS implications are undercounted. In the first quarter of 2019, for example, Crowdfense categorized just 2% of the zero-days it bought as ICS exploits. But that figure doesn’t account for how exploits targeting various technology and operating systems can affect ICS, she said. “The market for [software exploits], writ large, is growing,” she said Tuesday during a presentation of her research at S4, an ICS security conference in Miami Beach. And within that market, there are signs that ICS-relevant exploits are growing, too.

Nextgov
January 22, 2020
A coalition for secure elections sent a letter to Attorney General William Barr Wednesday, criticizing the AG for recent comments he made calling on companies to create a “backdoor” through encryption. The letter, published by the Project on Government Oversight, warns such backdoors—even if expressly for use by law enforcement—would weaken the security of encrypted services and devices, “opening the door” for hackers to harm users. “While encryption does not guarantee safety from all forms of malicious hacking, it is a vital safeguard to minimize risk. The Department of Justice has previously asked companies to create a ‘backdoor’ through encryption that would be accessible to law enforcement—but it is simply not possible to create a ‘backdoor’ that could not also be accessed by malicious hackers,” the letter states. The letter follows pressure from the Justice Department on companies like Apple and Facebook to provide law enforcement backdoor access to systems if permitted under a warrant. Apple has refused to unlock encrypted iPhones for the FBI going back several years, and the issue took renewed importance last week after Barr called on Apple to unlock two phones used by a gunman at a naval air station in Pensacola, Fla.

CyberScoop
January 22, 2020
The Secret Service has recently hand-picked a small group of private-sector cybersecurity experts to advise the agency’s investigations team on how it can better take down cybercriminals, CyberScoop has learned. The council, which will be known as the “Cyber Investigations Advisory Board” (CIAB), will aim to “provide Secret Service’s Office of Investigations with outside strategic input for the agency’s investigative mission, including insights on the latest trends in cybercrime, financial crime, technology, and investigative techniques,” according to an internal Secret Service Electronic Crimes Task Force Bulletin. The 16-member federal advisory committee (FAC) will be the first one ever for the investigative unit, which focuses on financial crimes such as counterfeiting, card-skimming and other forms of fraud. Previous FACs all have been established for the Secret Service’s more widely known protection mission, which provides security for U.S. presidents and other dignitaries.

WRVO
January 22, 2020
Board of elections commissioners in central New York met with federal cybersecurity officials to talk about what issues and vulnerabilities they face leading up to the 2020 election. Rep. John Katko (R-Camillus) said New York is much further ahead in election cybersecurity than other states. Katko said the misinformation campaign on social media that was launched during the 2016 presidential election was designed to influence and create mistrust in the system. Bringing together local elections commissioners and federal cybersecurity officials is meant to build back trust. "There has never been any proof of anything nationwide, anywhere, where the 2016 or any other hacks since then into the election systems, has resulted in changing the voting numbers," Katko said. "It's undermining the confidence. It's making it more difficult to vote." Katko praised New York State for how it's handling election cybersecurity. All of the state’s election districts are tuned into a federal information sharing database that only 25% of election districts across the country are participating in. All that information can sometimes overwhelm smaller counties. New York also has paper ballot backups. "So, even if there is a ransomware attack or cyberattack, I don't think it's going to undermine the impact of the election results," Katko said.

Fast Company
January 21, 2020
The entrance to the radiofrequency isolation chamber, near the middle of the Lefkowitz Building in lower Manhattan, looks like an artifact from the Apollo program, shielded by two airtight, metallic doors that are specially designed to block electromagnetic waves. Inside the room, against one wall, are dozens of Apple iPhones and iPads in various states of disrepair. Some have cracked glass fronts or broken cases. Others look like they’ve been fished out of a smoldering campfire. Of course, the devices are not there to be fixed. They are evidence confiscated during the commission of alleged crimes. The district attorney of Manhattan, Cyrus Vance Jr., and the city’s cybercrime unit have built this electronic prison for a very specific purpose: to try, using brute force algorithms, to extract the data on the phones before their owners try to wipe the contents remotely. Welcome to ground zero in the encryption battle between state and federal law enforcement officials on one side, and trillion-dollar tech giants Apple and Google on the other. About five years ago, with the introduction of its iOS8 operating system, Apple decided to encrypt all of its mobile devices—protecting both consumers and criminals from prying eyes. Google quickly followed suit, locking down its Android devices. The result has been an escalating cat and mouse game between Washington and Silicon Valley, with prosecutors like Vance trying to break into the phones, and Apple and Google racing to stop them.

Nextgov
January 21, 2020
Four years after the enactment of the Cybersecurity Information Sharing Act of 2015, a joint inspectors general survey of seven financial-sector agencies’ efforts to implement the law reflects significant irregularities in steps taken to share cyber threat indicators and defensive measures with their fellow federal agencies and non-federal entities. The Office of the Chief Information Officer “does not have the resources, fiscal funds, or technical capabilities to implement a sharing of CTIs and DM program,” the National Credit Union Administration told the Council of Inspectors General on Financial Oversight in a Jan. 15 memo. The CISA law promised to shield private-sector entities from liability if they shared such information through the Department of Homeland Security’s Automated Indicator Sharing system and required federal agencies to implement policies to likewise share information the government had access to with the private sector. The idea was that this would lay the foundation for a stronger collective defense, but companies are still skittish, fearing the protections aren’t enough to shield them from regulators, and as the new survey shows, government entities are also constrained by the classification levels attached to threat information by intelligence agencies. The survey of the financial sector agencies—which, in addition to the NCUA, included the Board of Governors of the Federal Reserve System, the Bureau of Consumer Financial Protection, the Commodity Futures Trading Commission, Federal Deposit Insurance Corporation, the Federal Housing Finance Agency, and the Securities and Exchange Commission—gives insight into challenges the larger federal government might be facing, under pressure to share more of its information with private-sector partners.

CyberScoop
January 21, 2020
U.S. government documents made public Tuesday show that while a U.S. Cyber Command operation that disrupted ISIS computer networks was largely successful, there were significant shortcomings, including operators having trouble collecting data, interagency deconfliction issues, difficulty vetting targets, and, in at least one case, a close call with the operation being discovered by the adversary. The documents, shared with CyberScoop via George Washington University’s National Security Archive, show how the command has faced significant internal hurdles as Pentagon leadership has pushed Cyber Command to grow into a well-respected force since its creation in 2009. They include briefings on how Cyber Command measured the effectiveness of Operation Glowing Symphony, a mission carried out in 2016 that was meant to isolate and destroy ISIS networks used to spread the terrorist group’s propaganda. The documents show the gaps needed for the U.S. government to scale and expand its offensive cyber missions beyond ISIS to countering other adversaries like Russia, Iran, China, and North Korea.

The Washington Post
January 17, 2020
A senior Justice Department official on Friday said he saw an increasing willingness on Capitol Hill to pass legislation requiring tech companies to make their encrypted devices accessible to law enforcement, saying “the ground is as fertile as ever” for such action. Assistant Attorney General John Demers declined to disclose “how far along we are on a decision to seek legislation” but leaned forward on the issue. “I’ve never seen the atmosphere here in D.C. to be so conducive to passing some kind of encryption legislation or lawful access legislation as it is today,” Demers said during a discussion at the Wilson Center. His remarks come in the wake of last month’s shooting at a naval base in Pensacola, Fla., that killed three people and led the FBI earlier this month to ask Apple for help opening two iPhones that belonged to the Saudi shooter. This week, U.S. Attorney General William P. Barr raised the issue again, accusing Apple of failing to provide “substantial assistance” and calling on the firm “to help us find a solution” to locked devices.


INDUSTRY

CyberScoop
January 24, 2020
t least one insurance company will cover the costs from a cyberattack against one of its clients. A Maryland federal judge on Thursday ruled that an Ohio insurer must cover the costs following a ransomware attack that forced a client to replace much of its technology. State Auto Property & Casualty Insurance is on the hook for losses incurred by National Ink & Stitch, a Maryland screen printing business, after a 2016 hack resulted in “direct physical loss or damage” of National Ink & Stitch’s property. No dollar figure has been set yet. The embroidery company had sought $310,000 in damages from State Auto, which has a $1.3 billion market cap. The summary judgment decision from Judge Stephanie A. Gallagher, of the U.S. District Court of Maryland, comes amid ongoing skepticism with the way insurance companies have waded into data security incidents, which are difficult to predict.

Gov Info Security
January 24, 2020
Hackers who may have ties to Iran have recently turned their attention to the European energy sector, using open source tools to target one firm's network as part of an cyberespionage operation, according to the security firm Recorded Future. The precise goal of the campaign that the Recorded Future analysts describe in a report released Thursday is not clear, although other studies have found that several Iranian-backed advanced persistent threat groups have targeted U.S. and European businesses connected to the energy sector over the last several years - before the tensions between the U.S. and Iran recently heated up. In the incident described by Recorded Future, hackers targeted a company described as "a key organization in the European energy sector." The researchers believe the attack started several months before the Jan. 2 death of Major General Qasem Soleimani, leader of the foreign wing of Iran's Islamic Revolutionary Guard Corps, in a U.S. drone strike in Iraq.

Ars Technica
January 23, 2020
Almost two years have passed since the appearance of Shlayer, a piece of Mac malware that gets installed by tricking targets into installing fake Adobe Flash updates. It usually does so after promising pirated videos, which are also fake. The lure may be trite and easy to spot, but Shlayer continues to be common—so much so that it’s the number one threat encountered by users of Kaspersky Labs’ antivirus programs for macOS. Since Shlayer first came to light in February 2018, Kaspersky Lab researchers have collected almost 32,000 different variants and identified 143 separate domains operators have used to control infected machines. The malware accounts for 30 percent of all malicious detections generated by the Kaspersky Lab’s Mac AV products. Attacks are most common against US users, who account for 31 percent of attacks Kaspersky Lab sees. Germany, with 14 percent, and France and the UK (both with 10 percent) followed. For malware using such a crude and outdated infection method, Shlayer remains surprisingly prolific.

CyberScoop
January 23, 2020
Jason Larsen was tired of hearing about the skills of Russian-linked hackers, particularly those who cut power in parts of Ukraine in 2015 and 2016. These were groundbreaking and worrying attacks, he thought to himself, but giving the attackers too much credit makes defending against them more complicated than it needs to be. So Larsen, a researcher at cybersecurity company IOActive, broke into the substation network of a European electric utility using one of the Russian hackers’ techniques. The first segment of the attack — gaining root access on some firmware— took him 14 hours. He took notes by the hour and shared them with the distribution utility, one of his clients, to improve their defenses.

Computer Weekly
January 23, 2020
The criminal group responsible for the cyber attack that has disrupted high-street banks and the foreign currency exchange chain Travelex for more than three weeks has launched what has been described as a “massive cyber attack” on a German automotive parts supplier. Parts manufacturer Gedia Automotive Group, which employs 4,300 people in seven countries, said today that the attack will have far-reaching consequences for the company, which has been forced to shut down its IT systems and send staff home. The 100-year-old company, which has its headquarters in Attendorn, said in a statement posted on its website that it would take weeks or months before its systems were fully up and running. Gedia posted the statement on its website after the criminal group behind the Sodinokibi ransomware attack on Travelex claimed responsibility for the attack on an underground web forum.

ZDNet
January 22, 2020
Malicious hackers are targeting factories and industrial environments with a wide variety of malware and cyberattacks including ransomware, cryptocurrency miners – and in some cases they're actively looking to shut down or disrupt systems. All of these incidents were spotted by researchers at cybersecurity company Trend Micro who built a honeypot that mimicked the environment of a real factory. The fake factory featured some common cybersecurity vulnerabilities to make it appealing for hackers to discover and target. To help make the honeypot as convincing as possible, researchers linked the desktops, networks and servers to a false company they called MeTech and created a website detailing how the manufacturer served clients in high-tech sectors including defence and aerospace – popular targets for hacking.

Reuters
January 21, 2020
Apple Inc dropped plans to let iPhone users fully encrypt backups of their devices in the company’s iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters. The tech giant’s reversal, about two years ago, has not previously been reported. It shows how much Apple has been willing to help U.S. law enforcement and intelligence agencies, despite taking a harder line in high-profile legal disputes with the government and casting itself as a defender of its customers’ information. The long-running tug of war between investigators’ concerns about security and tech companies’ desire for user privacy moved back into the public spotlight last week, as U.S. Attorney General William Barr took the rare step of publicly calling on Apple to unlock two iPhones used by a Saudi Air Force officer who shot dead three Americans at a Pensacola, Florida naval base last month.

Japan Times
January 20, 2020
Mitsubishi Electric Corp. said Monday it was hit by a massive cyberattack and that information on government agencies and business partners may have been compromised, with a Chinese group believed behind the attack. A key player in Japan’s defense and infrastructure industries, the company said email exchanges with the Defense Ministry and Nuclear Regulation Authority, as well as documents related to projects with firms including utilities, railways, automakers and other firms may have been stolen. It also said personal data on over 8,000 people, including employees, retirees and job-seekers, had been endangered. Highly sensitive information on defense, electricity or other infrastructure operations, however, was not breached, it said. The personal data was related to 1,987 new graduates who were seeking to enter the firm between October 2017 and April 2020, as well as others who sought jobs between 2011 and 2016.

Gov Info Security
January 20, 2020
Microsoft says it's prepping a patch to fix a memory corruption flaw in multiple versions of Internet Explorer that is being exploited by in-the-wild attackers. In a security alert issued on Friday, Microsoft says the vulnerability - designated CVE-2020-0674 - is present in IE9 running on Windows Server 2008, IE10 running on Windows Server 2012 and IE11 running on Windows 7, 8.1, RT 8.1, 10 and Server 2019, among other operating systems. Microsoft warns that the flaw is already being exploited in "limited, targeted attacks." It's issued no timeline for when a patch will be published, although it notes that it prefers to release security updates on the second Tuesday of every month, as part of its monthly "Patch Tuesday" batch of fixes. Hence Feb. 11 seems a likely date for a security update to appear.

Ars Technica
January 20, 2020
On January 19, Citrix released some permanent fixes to a vulnerability on the company's Citrix Application Delivery Controller (ADC) and Citrix Gateway virtual private network servers that allowed an attacker to remotely execute code on the gateway without needing a login. The vulnerability affects tens of thousands of known VPN servers, including at least 260 VPN servers associated with US federal, state, and local government agencies—including at least one site operated by the US Army. The patches are for versions 11.1 and 12.0 of the products, formerly marketed under the NetScaler name. Other patches will be available on January 24. These patches follow instructions for temporary fixes the company provided to deflect the crafted requests associated with the vulnerability, which could be used by an attacker to gain access to the networks protected by the VPNs. Fermin J. Serna, chief information security officer at Citrix, announced the fixes in a blog post on Sunday. At the same time, Serna revealed that the vulnerability—and the patches being released—also applied to Citrix ADC and Citrix Gateway Virtual Appliances hosted on virtual machines on all commercially available virtualization platforms, as well as those hosted in Azure, Amazon Web Services, Google Compute Platform, and Citrix Service Delivery Appliances (SDXs).


INTERNATIONAL

AP
January 24, 2020
The Greek government said Friday that the official state websites of the prime minister, the national police and fire service and several important ministries were briefly disabled by a cyberattack but have been restored. Government spokesman Stelios Petsas said early Friday that the distributed denial-of-service or DDoS attack “led to the malfunction of certain websites.” He said “countermeasures” had been successfully implemented, but gave no further details. Along with the prime minister’s website, targets in the attack late Thursday included the websites of the ministries of public order, interior, foreign affairs, and merchant marine, as well as the Greek Police and Fire Service.

AP
January 23, 2020
Cybersecurity experts said Thursday there were still many unanswered questions from an investigation commissioned by Jeff Bezos that concluded the billionaire’s cellphone was hacked, apparently after receiving a video file with malicious spyware from the WhatsApp account of Saudi Arabia’s crown prince. The experts said the evidence in the privately commissioned report does not show with certainty that Bezos’ phone was actually hacked, much less how it was compromised or what kind of malware was used. The report on the investigation, which was managed by FTI Consulting and overseen by Anthony Ferrante, a former head of the FBI’s Cyber Division, was made public Wednesday. The report’s conclusions drew heavily from the unusually high volume of data that left Bezos’ iPhone X within 24 hours of receiving the video file from Prince Mohammed’s WhatsApp account on May 1, 2018, a month after the two exchanged phone numbers. The size of the file, the investigators suggested, indicated a malware payload may have been included. Cybersecurity experts said that while it was likely a hack occurred, the investigation did not prove that definitively. “In some ways, the investigation is very incomplete. … The conclusions they’ve drawn I don’t think are supported by the evidence. They veered off into conjecture,” said Robert Pritchard, the director of U.K.-based consultancy Cyber Security Expert.

Reuters
January 23, 2020
British officials have proposed granting Huawei a limited role in the UK’s future 5G network, resisting U.S. calls for a complete ban over fears of Chinese spying, two people with knowledge of the matter told Reuters. The recommendation, made at a meeting of officials from senior government departments on Wednesday, comes ahead of a meeting of Britain’s National Security Council next week to decide how to deploy Huawei equipment, the sources said. The officials proposed barring Huawei from the sensitive, data-heavy “core” part of the network and restricted government systems, closely mirroring a provisional decision made last year under former Prime Minister Theresa May. “The technical and policy guidance hasn’t changed,” said one of the sources, who spoke on condition of anonymity to discuss private conversations. “Now it is down to a political calculation.” A spokesman for prime minister Boris Johnson said: “The work on the issue of high risk vendors in the 5G network remains ongoing and when it is completed it will be announced to parliament.”

Financial Times
January 22, 2020
A US businessman believes that the sovereign wealth fund of one of the seven United Arab Emirates was responsible for hacking his emails, the High Court in London was told on Wednesday. Farhad Azima’s allegation forms part of a civil lawsuit involving him and the Ras al Khaimah Investment Authority (RAKIA), the sovereign wealth fund of Ras al Khaminah. RAKIA denies hacking Mr Azima’s emails and is suing Mr Azima for £3.7m, alleging fraudulent misrepresentation and breach of contract relating to joint business ventures and commission allegedly paid over a hotel sale. It also alleges that Mr Azima orchestrated a media “campaign of denigration” against the ruler of RAK. Mr Azima denies any wrongdoing and is defending the case. He has launched a counterclaim against RAKIA, claiming it was responsible for hacking a large cache of his emails, which were published online in 2016. The London trial began on Monday as it emerged that experts hired by Amazon founder Jeff Bezos concluded that a What’sApp account used by Saudi Crown Prince Mohammed bin Salman was involved in a 2018 hack of Mr Bezos’s phone. Saudi Arabia has denied the claim.

AP
January 21, 2020
Prosecutors accused U.S. journalist Glenn Greenwald on Tuesday of involvement in hacking the phones of Brazilian officials involved in a corruption investigation, though Brazil’s high court had blocked investigations of the journalist or his Brazil-based news outlet in relation to the case. A federal judge would have to give approval to lodging a formal charge based on the allegations by prosecutor Wellington Divino Marques de Oliveira in the capital of Brasilia that Greenwald helped a group of six people that hacked into phones of hundreds local authorities. De Oliveira accuses Greenwald of criminal association and illegal interception of communications. He charges the six alleged hackers with criminal organization, money laundering, cybercrimes and illegal interception of communications. Brazil’s federal police looked at the same evidence and did not find any wrongdoing by Greenwald. A ruling by Supreme Court Justice Gilmar Mendes later barred investigations of Greenwald and his The Intercept Brasil in relation to the alleged hacking. Prosecutors decided to recommend charges against the journalist anyway.

The Guardian
January 21, 2020
Britain’s cyber-defences are being endangered by the outdated Computer Misuse Act, which prevents investigators from dealing effectively with online threats while over-punishing immature defendants, according to a legal report. Thirty years after hacking became a criminal offence, a study by the Criminal Law Reform Now Network (CLRNN) calls for urgent revision of the legislation governing illegal access to computers, denial of service attacks and other digital crimes. The 144-page review, led by academic lawyers at Birmingham and Cambridge universities, argues that the 1990 Computer Misuse Act is “crying out for reform” and must develop public interest defences for hacking. The report, Reforming the Computer Misuse Act, identifies problems of enforcement and legal obstructions that expose the UK’s economy and critical infrastructure to “harm by cybercriminals and hostile nation states”. Wide-ranging changes are needed, the report stresses, to create a legislative regime that is “fit for purpose – allowing ethically motivated cyber defenders, security researchers and journalists to pursue their work with greater legal certainty, while improving the ability of the state to identify, prosecute and punish those acting against the public interest”.


TECHNOLOGY

Wired
January 23, 2020
On a small, blue-lit stage in a dim side room of the Fillmore Theater in Miami on Tuesday, three men sat behind laptops in front of a small crowd. Two of them nervously reviewed the commands on a screen in front of them. Steven Seeley and Chris Anastasio, a hacker duo calling themselves Team Incite, were about to attempt to take over the Dell laptop sitting a few inches away by targeting a very particular piece of software it was running: A so-called human-machine interface, sold by the industrial control systems company Rockwell Automation. Rockwell HMIs appear in industrial facilities around the world, used for manipulating the physical equipment in everything from car washes to nuclear plants. In other words, a hacker can do very dangerous things if they manage to hijack one. A soft beep signaled that a five-minute countdown timer had started. Seeley hit the enter key on his keyboard. A tense 56 seconds passed as the hackers looked back and forth at their screens and the target. Finally, they both flashed a relieved smile. Seeley mimed wiping sweat from his brow. The third person on the stage, a gruff-looking bald man with a goatee, turned the Dell around, à la Vanna White, revealing the laptop was now running Microsoft Paint. The room broke into applause. Seeley and Anastasio had just pulled off the first full takeover of a computer at this week's Pwn2Own, the latest round of the world's biggest hacking competition—so named because the hackers get to take home the computers they "pwn," cybersecurity slang for "hack" or "control."

Ars Technica
January 21, 2020
Internet routers running the Tomato alternative firmware are under active attack by a self-propagating exploit that searches for devices using default credentials. When credentials are found and remote administration has been turned on, the exploit then makes the routers part of a botnet that’s used in a host of online attacks, researchers said on Tuesday. The Muhstik botnet came to light about two years ago when it started unleashed a string of exploits that attacked Linux servers and Internet-of-things devices. It opportunistically exploited a host of vulnerabilities, including the so-called critical Drupalgeddon2 vulnerability disclosed in early 2018 in the Drupal content management system. Muhstik has also been caught using vulnerabilities in routers that use Gigabit Passive Optical Network (GPON) or DD-WRT software. The botnet has also exploited previously patched vulnerabilities in other server applications, including the Webdav, WebLogic, Webuzo, and WordPress. On Tuesday, researchers from Palo Alto Networks said they recently detected Muhstik targeting Internet routers running Tomato, an open-source package that serves as an alternative to firmware that ships by default with routers running Broadcom chips. The ability to work with virtual private networks and provide advanced quality of service control make Tomato popular with end users and in some cases router sellers.