Tag Archives: China

Security News for the Week Ending May 1, 2020

China, Korea, Vietnam Escalate Hacking During Covid-19 Outbreak

The Trump administration is calling out China for hacking our hospitals and research facilities who are looking for cures and vaccines for Covid-19. That should not be much of a surprise since China has always opted for stealing solutions vs. figuring them out themselves. At least that this point, the U.S. is not doing anything about this theft. Credit: CNN

At the same time, Vietnam is hacking at China’s Ministry of Emergency Management and the Wuhan government, probably trying to do the same thing and also steal information on their neighbor’s lies about their death toll. Credit: Reuters

Finally, South Korea’s Dark Hotel government hacking group is hacking at China, using 5 zero-day vulnerabilities in one attack. 5 is a massive arsenal to use in one attack, since zero-days are hard to find (or at least we think they are. Since they are unknown until they get used or announced, we don’t really know). Reports are that the group has compromised 200+ VPN servers in an effort to infiltrate the Chinese government and other Chinese institutions. Credit: Cyberscoop

Bottom line, it is business as usual, with everyone hacking everyone they can.

Israel Thwarts Major Coordinated Cyber-Attack on its Water Infrastructure

Israel says that they have reports on coordinated attacks on their wastewater, pumping and sewage infrastructure.

The response was to tell companies to take their systems off the Internet as much as possible, change passwords and update software. All good things to do but disconnecting from the Internet likely makes companies unable to operate, since most plants run “lights out” – with no onsite staff.

The attacks took place on Friday and Saturday – during the Jewish Sabbath when the least people would be around to detect and respond. Credit: The Algemeiner

Surveillance Company Employee Used Company’s Tool to Hack Love Interest

An employee of hacking tool vendor NSO Group, who was working on site at a customer location, broke into the office of the customer and aimed the software at a “love interest”.

While vendors like to claim that they are righteous and above reproach, the reality is that they have little control over what employees do. Even the NSA seems to have trouble with reports of their analysts sharing salacious images that they come across.

in fact, the “insider threat” problem as it is referred to is a really difficult problem to solve. In this case, the employee set off an alarm when he broke into the office where the authorized computer was located and was caught and fired. Most do not get caught. Credit: Vice

Over 1,000 Public Companies List Ransomware as Risk

In case you had any doubt about the risk that ransomware represents, over 1,000 publicly traded companies list ransomware as a risk to future earnings in their 10K, 10Q and other SEC filings. Companies only have to list items that have the potential to be material to earnings, so it is usually a relatively short list. Four months into 2020, 700 companies have already mentioned ransomware is on that short list. Credit: ZDNet

Nearly 3 in 5 Americans Don’t Trust Apple-Google Covid Tracking Tech

The authorities want to track the contacts of anyone who who tests positive for Covid-19. The way they want to do this is by getting everyone to install an app on their smartphone. 1 in 6 (16%) Americans don’t even have a smartphone. For the high risk group, these over 65, only 50% have smartphones and for those over 75, it is even less.

Resistance is higher among Republicans and those that think they are at lower risk. Only 17% of all smartphone owners said they would Definitely use it.

The main reason for resistance is that people don’t trust Apple, Google and others to keep their data private. Even if the tech companies wanted to keep it private, the government could demand that they hand it over. Credit: Washington Post

Facebooktwitterredditlinkedinmailby feather

News Bites for the Week Ending March 27, 2020

Hacker Sells 538 Million Weibo Accounts

Karma is a B**tch.

With all of the Chinese hacking efforts, someone is hacking back.  Is it us?  Not clear.  In any case, the data includes information like real names, site names, location, etc. and 172 million of the 538 million records include users’ phone numbers, but not passwords.  The data is available for $250.  Given China’s iron grip on the Internet, they should be able to catch this guy.  Unless he is not in China.  Source: ZDNet

Pentagon Increases Progress Payments to Primes

The Pentagon is trying to keep the Defense Industrial Base afloat during these trying times by increasing so-called progress payments to primes and other measures.  Whether it will be enough to keep small subs in business is not clear, but what we have seen is that the bankruptcy courts have seen that these companies’ intellectual property as an asset and sells it off during liquidation – even selling defense information to the Chinese.  In theory, CFIUS should allow the government to stop these (and it absolutely can if it moves fast enough) and FIRRMA (aka CFIUS 2.0) gives the government even more power to stop it but the bankruptcy courts have, for the most part, thumbed their noses at it, possibly (kindly) because they are clueless about the risk.  Source: National Defense Magazine

Experts See Over 600 Percent Spike in Malicious Emails During Covid-19

Barracuda Networks researchers saw a 667% spike in malicious emails using Coronavirus.  The goal is to get you to click on malicious links or download attachments that include viruses.  They saw almost 10,000 coronavirus linked emails attacks in the last three weeks compared to 1,800 in February and less in January.  Phishing attacks are nothing if not tied to current events. Source: The Hill

Netflix Reduces Video Quality in Europe Over Bandwidth Crunch

According to Variety, Netflix uses one out of every eight bits traversing the Internet (12%).  As general  Internet usage goes up, Europe has asked Netflix and other streaming video providers to reduce their video quality from HD to SD.

“As a result of social distancing measures put in place across Europe to fight the Coronavirus pandemic, the demand for Internet capacity has increased, be it for teleworking, e-learning or entertainment purposes. This could put networks under strain at a moment when they need to be operational at the best possible level. In order to prevent congestion and to ensure the open Internet, Internal Market Commissioner Thierry Breton has called on the responsibility of streaming services, operators and users. Streaming platforms are advised to offer standard rather than high definition and to cooperate with telecom operators.”

Netflix has agreed to reduce its video stream bitrate by 25% for the next month.  Source: Bleeping Computer

Facebooktwitterredditlinkedinmailby feather

Security News for the Week Ending February 14, 2020

Feds Say 4 Chinese Hackers Took Down Equifax

The Department of Justice indicted 4 members of the Chinese People Liberation Army, saying that they were responsible for detecting the fact that Equifax did not patch their some of their servers and thus were easily hackable.  This, of course, means that the hack did not require much skill and may have even been a coincidence.

While it is highly unlikely that the 4 will ever see the inside of an American courtroom, it is part of this administration’s blame and shame game – a game that does not seem to be having much of an effect on cybercrime.  Source: Dark Reading

 

Malwarebytes Says Mac Cyberattacks Doubled in 2019

For a long time, the story was that Macs were safer than PCs from computer malware and that is likely still true, but according to Malwarebytes anti-virus software, almost twice as many attacks were recorded against Mac endpoints compared to PCs.

They say that Macs are still quite safe and most of the attacks require the attacker to trick a user into downloading or opening a malicious file. One good note is that Mac ransomware seems to be way down on the list of malware. Source: SC Magazine

Feds Buy Cell Phone Location Data for Immigration Enforcement

The WSJ is reporting that Homeland security is buying commercial cell phone location data in order to detect migrants entering the country illegally and to detect undocumented workers. In 2019, ICE bought $1 million worth of location data services licenses. There is likely nothing illegal about the feds doing this, but it is a cat and mouse game. As people figure out how the feds are using this data, they will likely change their phone usage habits.

Note that this data is not from cell towers, but likely from apps that can collect your location (if you give them permission) as much as 1400 times EACH DAY (once a minute) – a pretty granular location capability. Source: The Hill

FBI Says Individual and Business Cybercrime Losses Over $3 Billion in 2019

The FBI’s Internet Crime Complaint Center or IC3 says that people reported 467,000 cyber incidents to them last year with losses of $3.5 billion.

They say that they receive, on average over the last five years, 1,200 complaints per day.

During 2018, the FBI established a Recovery Asset Team and in 2019, the first full year of operation, the team recovered $300 million. They say they have 79% success rate, but they don’t explain that bit of new math. I suspect that means that over the small number of cases they cherry pick, they are very successful.

Still, overall, that seems to be less than 10% of the REPORTED losses.

Also, it is important to understand that this data only draws from cybercrime reported to the IC3. No one knows if that is 10% of all cybercrime or 90%. Just based on anecdotal evidence, I think it is closer to the 10% number, and, if true, that means the $3.5 billion in losses is really closer to $35 billion. Source: Bleeping Computer

Facebooktwitterredditlinkedinmailby feather

Security News for the Week Ending November 1, 2019

Johannesburg, South Africa Attacker Threatens Data Breach

In what I think is going to be the way of the future, hackers compromised Joburg IT systems and threatened to publish data that they stole if the ransom is not paid.  As I write this, the deadline has just passed, they have not paid the ransom, the data is not yet exposed and they think they will have most of the systems back online soon.  While this project seems to be the work of inexperienced hackers (they did not encrypt all of the systems), this does not mean that more experienced hackers won’t try this technique and do a better job of it.  Source: The Register.

China Steals IP to Build C919 Airliner

I keep saying that the biggest threat to U.S. businesses is not credit card fraud but IP theft, such as by the Chinese.  In this case the Chinese wanted to build a passenger jet to compete with Boeing and Airbus.  The plane, in development for almost 10 years, was delayed because the Chinese didn’t actually know how to build it.  SOOOOOO, here comes TURBINE PANDA.  Stupidly, the developer of Turbine Panda came to the US for a security conference, where he was quickly arrested by the FBI.  Now China’s MSS (ministry of State Security) has banned Chinese researchers from attending conferences in the US.  In the meantime, Turbine Panda was  used to compromise US and European airplane parts suppliers so that China could get the tech that they needed to build the C919.  Source: CSO.

 

FCC Plans to Ban Huawei and ZTE Equipment, Force Replacement

The FCC is set to vote on rules banning using Federal Government subsidies to buy Huawei and ZTE equipment  because of their close ties to the Chinese government and another rule that would force telecoms to rip  out existing Chinese equipment.  The cost of replacing existing equipment has been estimated at several billion dollars and the FCC doesn’t have any way to pay for that.  In addition, if telecoms have to use more expensive 5G equipment from other providers, they will have to slow down the deployment of 5G services due to cost.  The options that telecoms have, if that proposal gets approved, is to significantly delay the rollout of the much overhyped 5G cell networks or raise prices.  This disproportionately will affect less densely populated parts of the county (like me, who lives 20 miles from downtown Denver – I cannot currently get any form of broadband Internet or any form of cell service where I live) because carriers will choose to install limited 5G service in highly dense areas where they will get more subscribers to pony up the additional fees for 5G cell plans and those 5G cell phones that often run $1,100 or more.  The U.S. is already pretty much a third world country when it comes to fast , affordable Internet and cell service and this will only reinforce it.  I have no problem banning Chinese firms, Congress just needs to figure out how to pay for this desire.  Source: ARS

 

Domain Registrars Web.com, Network Solutions and Register.Com Hacked

These three registrars – all owned by the same folks – were hacked in AUGUST but the company didn’t figure it out until mid OCTOBER.  The information taken is mild by today’s standards – names, addresses, phone numbers, etc. but no credit cards – they don’t don’t believe (that’s comforting).  Also not compromised were passwords.  If this is accurate, it seems like they segmented the data, which is a good security practice.  Still, if you use one of these services, I would change  my password and make sure that two factor authentication is enabled.  Source:  The Hacker News.

 

Rudy Guiliani Bricked His iPhone;  Asked Apple to Fix It

Reports just surfaced – and so far are not being disputed  – that the Prez’s cybersecurity advisor, personal lawyer and who knows what else, apparently forgot his iPhone password and after 10 tries, locked it up, so he took it to an Apple store in San Francisco and GAVE it to some random Apple tech to reset, and reload from iCloud.  Definitely a super secure situation.  Rudy said that everyone needs help from time to time and compared himself to the dead San Bernadino mass shooter whom the FBI needed help unlocking his iPhone.   I don’t think that would be someone that I would compare myself to.  Source: The Register.

Does Amazon Have a Security Prob?

One report says that an Amazon customer was seeing mysterious fraudulent charges on his account and even after working with Amazon multiple times and resetting everything, the charges kept coming.  After months, he found out that Amazon doesn’t have visibility to non-Amazon branded smart devices that are connected to your account (like a smart TV) and even if you reset your account, those devices can continue to connect and order stuff.  There is a department inside the company that has a special tool that they can use to detect these rogue devices.  If you are seeing mysterious charges that they can’t explain, this could be it.  Source: The Register.Facebooktwitterredditlinkedinmailby feather

Security news for the Week Ending September 20, 2019

A New Trend?  Insurers Offering Consumers Ransomware Coverage

In what may be a new trend, Mercury Insurance is now offering individuals $50,000 of ransomware insurance in case your cat videos get encrypted.  The good news is that the insurance may help you get your data back in case of an attack.  The bad news is that  it will likely encourage hackers to go back to hacking consumers.  Source: The Register.

Security or Convenience Even Applies to Espionage

A story is coming out now that as far back as 2010  the Russians were trying to compromise US law enforcement (AKA the FBI) by spying on the spies.

The FBI was tracking what Russian agents were doing but because the FBI opted for small, light but not very secure communications gear, the Russians were able crack the encryption and listed in to us listening in to them.  We did finally expel some Russian spy/diplomats during Obama’s presidency, but not before they did damage.  Source: Yahoo

And Continuing the Spy Game – China Vs. Australia

Continuing the story of the spy game,  Australia is now blaming China for hacking their Parliament and their three largest political parties just before the elections earlier this year (sound familiar?  Replace China with Russia and Australia with United States).

Australia wants to keep the results of the investigation secret because it is more important to them not to offend a trade partner than to have honest elections (sound familiar?).  Source: ITNews .

The US Government is Suing Edward Snowden

If you think it is because he released all those secret documents, you’d be wrong.

It is because he published a book and part of the agreement that you sign if you go to work for the NSA or CIA is an agreement that you can’t publish a book without first letting them redact whatever they might want to hide.  He didn’t do that.

Note that they are not suing to stop the publication of the book – first because that has interesting First Amendment issues that the government might lose and they certainly do not want to set that precedent and secondly, because he could self publish on the net in a country – like say Russia – that would likely flip off the US if we told Putin to shut him down.  No, they just want any money he would get. Source: The Hacker News.

 

HP Printers Phone Home – Oh My!

An IT guy who was setting up an HP printer for a family member actually read all those agreements that everyone clicks on and here is what they said.

by agreeing to HP’s “automatic data collection” settings, you allow the company to acquire:

… product usage data such as pages printed, print mode, media used, ink or toner brand, file type printed (.pdf, .jpg, etc.), application used for printing (Word, Excel, Adobe Photoshop, etc.), file size, time stamp, and usage and status of other printer supplies…

… information about your computer, printer and/or device such as operating system, firmware, amount of memory, region, language, time zone, model number, first start date, age of device, device manufacture date, browser version, device manufacturer, connection port, warranty status, unique device identifiers, advertising identifiers and additional technical information that varies by product…

That seems like a lot of information that I don’t particularly want to share with a third party that is going to do who knows what with it.  Source: The Register.

Private Database of 9 Billion License Plate Events Available at a Click

Repo men – err, people – are always looking for cars that they need to repo.  So the created a tool.  Once they had that, they figured they might as well make some money off it.

As they tool around town, they record all the license plates that they can and upload the plate, photo, date, time and location to a database that currently has 9 billion records.

Then they sell that data to anyone who’s check will clear.  Want to know where your spouse is?  That will cost $20.  Want to get an alert any time they see the plate?  That costs $70.  Source: Vice.

Election Commission Says That It Won’t Decertify Voting Machines Running Windows 7

Come January 2020, for voting machines running Windows 7 (which is a whole lot of them) will no longer get security patches unless the city or county pays extra ($50 per computer in the first year and then $100 per computer in the second year) for each old computer.  Likely this means a whole lot of voting machines won’t get any more patches next year.

The nice folks in Washington would not certify a voting machine running an operating system that is not supported, but they won’t decertify one.  That, they say, would be inconvenient for manufacturers and cities.   I guess it is not so inconvenient for foreign nations to corrupt our elections.  Source: CyberscoopFacebooktwitterredditlinkedinmailby feather

Security News for the Week Ending July 12, 2019

FBI and DHS Raid State Driver’s License Database Photos

The FBI and DHS/ICE have been obtaining millions of photos from state DMV driver’s license databases.  The FBI and DHS have do not feel that they have ask permission to do this.

The FBI conducts 4,000  facial recognition searches a  month.  While the searches might be to find serious criminals,  it also might be used to find petty thiefs.

All that may be required to conduct the search is an email.  21 states allow the these searches  absent a court order.   There is no federal law allowing or prohibiting this.

ICE does searches in a dozen states where those states DMVs give illegal aliens licenses.  Source: ZDNet.

Chinese Authorities Leak 90 Million Records

US companies are not the only ones that have crappy security.  This week the Chinese got caught in that net.   Jiangsu province, with a population of 80 million left 26 gigabytes of personal data data representing 56  million personal and 33 million business records exposed in an unprotected elastic search server.  The internet is equal opportunity.   Source: Bleeping Computer.

Will the Chinese or Russians Hack the 2020 Census?

The census used to be conducted on pieces of paper, sent in both directions through the mail.  That was very difficult to hack.  Unfortunately, it is also very expensive.  Given that the results of the Census affects everything from the makeup of Congress to the receipt of Federal road construction dollars, the outcome is very important.

What way to make people trust the government even less than they already do than to screw up that count.

This year, for the first time, the Census is using the Internet and smart phones to electronically collect data.  And, since the software is behind schedule, what better way to bring it back on schedule than to reduce testing.  After all, what could possibly go wrong.  Even Congress is nervous.  Of  course, the count directly affects their job.  Source:  The NY Times.

K12.Com Exposes Student Data on 7 Million

Its a sad situation where a breach of the personal data of 7  million students is barely a footnote.  In this case, K12’s software is used by 1,100 school districts (maybe yours?)  They  left a database publicly accessible until notified by researchers. Information compromised included name, email, birthday, gender, authentication keys for accessing the student’s account and other information.  Not nuclear launch codes, but still, come on guys.  Source: Engadget.

 

If You Were NOT Paranoid Before …..

Google smart speakers and Google Assistant have been caught eavesdropping without permission – capturing and recording (and handing over to the authorities).  Note this is likely NOT exclusively a Google issue.  They just got caught.  Amazon listens to, they say, about 1.000 clips per shift and has recorded conversations like a child screaming for help and sexual assaults.  THESE RECORDINGS ARE LIKELY KEPT FOREVER.

A Dutch news outlet is reporting that it (the news outlet) received more than 1,000 recordings from a Dutch subcontractor who had been hired to transcribe the recordings for Google as part of its language understanding program.

Among the recordings are domestic violence, confidential business calls and even users asking their speakers to play porn on their connected devices.  

Of the 1,000 recordings, over 150 did not included the wake word, so 15% of the sessions in this sample should not have been recorded at all.

Google acknowledged that the recordings are legitimate but says that only 0.2 percent of all audio gets transcribed.  They also said that the recordings given to the humans were not associated with a user’s account, but the news outlet said that you could hear addresses and other information in the audio, so doing your own association is not hard.

Fundamentally you have two problems here.  One is Google listening (or having its vendors listen) to what you ask Google and the other is Google listening and recording stuff it should not record.  The first should be reasonably expected;  the second is a problem.  Source: Threatpost.Facebooktwitterredditlinkedinmailby feather