Tag Archives: China

Security News for the Week Ending October 2, 2020

False Claims Act Means Big Fines

I had heard about the Department of Justice going after companies for misrepresenting things in federal contracts. I remember that Cisco paid a fine of less than $10 million, so I didn’t think it really meant much. But in a press release, the DoJ says that they recovered over $3 BILLION last year. That includes health care fraud, procurement fraud and other fraud. But 2019 was not an anomaly. In 2018 they recovered $2.8 billion; in 2017 they recovered $3.5 billion and in 2016, it was $4.9 billion. That is a lot of money, so if you are thinking about misrepresenting things in a government contract, you might want to reconsider. Read the details here.

911 Service in Multiple States Goes Down

Issues were reported by police departments in counties across Arizona, California, Colorado, Delaware, Florida, Illinois, Indiana, Minnesota, Nevada, North Carolina, North Dakota, Ohio, Pennsylvania, and Washington. Initially, it was thought that it was related to an outage at Microsoft at the same time. Many of the 911 dispatch centers were able to recover in less than an hour, but that turns out not to be the case; see yesterday’s blog post. Credit: ZDNet

DoJ Wins Case Against Snowden to Seize His Money

This has nothing to do with whether he is guilty of whatever. This is a simple contract dispute. If you go to work for the government and get a security clearance, you agree to let the government clear certain publications and speeches you make to make sure that you are not disclosing classified information. The Supremes have said in the past that the government can seize the proceeds from these illegal speeches and publications. In Snowden’s case, that is about $5 million. It is not clear that Snowden expected to keep the money; he knew the rules. Of course, if the money is in Russia with Edward, well, good luck. Credit: The Register

Still the Best Reason NOT to Buy Huawei Equipment

The White House has claimed that Chinese telecom provider Huawei is a national security risk – a tool of the Chinese government. That may be, I don’t know. But the Brits have been much more honest and open about things. The Brits have been evaluating Huawei’s software and they say that it is as secure against intruders as a screen door. Huawei says that these bugs prove that they are being honest. Not sure about that. Maybe they mean that they are too stupid to design backdoors for the Chinese government. Credit: The Register

Samsung has a Deal for You

Samsung has an interesting deal. They say to their advertisers that they will display an ad to an owner of one of their TVs, every time it is turned on and there is nothing the owner can do about it. They say this is about 400 times a month per TV. They use something called Automatic Content Recognition to understand whether you watch sports or movies (and what kind) or whatever and tune the ads to that. They do not tell you before you buy the TV that you are agreeing to that. Of course, if you have a dumb TV, that is not a problem, but that is not the direction the planet is going in. Perhaps buy a different brand. Credit: The Register

Universal Health Services Hit By Ransomware – 250 Hospitals Affected

UHS, which runs hundreds of hospitals and clinics, including behavioral health and addiction care and which has concentrations of facilities in California, Texas, Nevada and Florida has taken its systems offline. While they have not said what is going on, the scuttlebutt is that is the Ryuk strain of ransomware. Just what a hospital needs right now. They have shifted to paper based processes, although they say their electronic medical record system was not affected (it may just be offline right now but not encrypted). Utter chaos is probably rampant. Lawsuits to follow if people die. Credit: Security Week

Security News for the Week Ending September 25, 2020

GAO Tells Treasury: Track Cyber Risk in Financial Sector

The GAO told Treasury to work with Homeland Security to better track cyber risk in the financial sector.

The GAO says that Treasury does not track efforts or prioritize them. The “sector specific” security plan was last updated in 2016 and, of course, most of the tens of trillions of dollars of assets belong to private companies.

Not only that but Treasury has not implemented the recommendations from the last audit. Credit: Meritalk

Trump Campaign Spent $4 Million to Buy Your Location Data

The Trump campaign spent $4 million buying data on voters, including location, from a data broker named Phunware. The company makes a software development kit that developers can use to collect your data, including location, and sell it to data brokers. Nothing illegal, but lucrative for the app developers and useful for political campaigns and others. Credit: Vice

Google and Amazon – Both Can Be Un-Secure

We always talk about Amazon S3 storage buckets being configured in an un-secure manner, leaking data. Researchers say that 6 percent of a sample of Google storage buckets are also configured so that the wrong people can read from or write to it. Documents they were able to read include passports and birth certificates. Just like with Amazon, Google will disavow any responsibility if you mis-configure your storage. Bottom line – test your security regularly and do not assume that anything is secure. Credit: Threatpost

Russia and China, Oh, My! (Hacking)

While the current occupant of 1600 Pennsylvania Avenue continues to put pressure on China, he is not putting pressure on Russia and they are definitely going after us.

The Russian government hacking group known as APT28 or Fancy Bear is sending out fake NATO training materials laced with hard to detect Zebrocy Delphi malware. The email attachment has a zipx file extension. At the time researchers got a copy of the malware only 3 virus products detected it. It seems like with this campaign, the Ruskies are going after government computers, but there is always collateral damage. Credit: Bleeping Computer

At the same time, the FBI says that the Chinese are still actively going after Covid-19 research, including vaccines. After all, it is easier to steal a vaccine than to develop and test one. The Chinese read the newspapers, see who is claiming interesting stuff, and then try to hack them and steal their information. They are not alone. Russia and Iran are also trying to steal research and vaccine info. Credit: MSN

Security News for the Week Ending September 18, 2020

Is TikTok is Going to Sell to Oracle. Maybe

Well sale is not really the right word. They call it a “trusted tech partner”. This does not solve the national security problem, so it is not clear what problem this does solve. None the less, Steve Mnuchin will present it to the President. If it provides some sort of political benefit he may accept it even though it does nothing for national security. If it shuts down, there will be 10 million unhappy people, some of whom vote. Also, it doesn’t seem that this deal fulfills the President’s requirement that the Treasury get a lot of money. It seems like they won’t get any. Credit: The Verge

Updated information says that there will be a new corporate entity set up in the U.S. to give the President some cover that he is really improving security and that Oracle will have some sort of minority stake in this new entity, but China will still control all of the intellectual property. The President’s deadline is this Sunday. Will he really shut it down pissing off millions of Americans just before the election? Credit: The Verge

Even more updated: The Commerce Department says that a partial ban will go into effect Sunday. As of Sunday, U.S. companies can no longer distribute WeChat and TikTok, but users can continue to use the software. Also beginning Sunday, it will be illegal to host or transfer traffic associated with WeChat and the same for TikTok, but on November 12 (coincidentally, after the election). I assume that will mean that users who want to use those apps will have to VPN into other countries before using the apps. Not terribly convenient, but a way to keep the pressure up on China. Credit: CNN

Cerberus Banking Trojan Source Code Available for Free

The Russian security vendor Kaspersky (reminder: the U.S. has banned it from government systems) has announced the the Cerberus source code is now available for free. This means that any hacker with the skill to integrate it can make it part of their malware. Cerberus is a pretty nasty piece of work; it even has the ability to capture two factor codes sent via text message (one reason why I say that text message two factor is the least secure method). This means that banks and people that use banks (which is pretty much most of us) need to be on high alert when it comes to our financial account security. Credit: ZDNet

Denial of Service Attacks up 151% in First Half of 2020

Denial of service attacks are a brute force attack that aims to hurt a business by stopping a company’s customers from getting access to the company’s (typically) web site. For example, if you are an online business and customers and potential customers cannot get to your web site, they will likely go to another vendor. What is now amazingly called a small attack (less than 5 gigabytes of garbage thrown at your web site per second) are up 200% over last year. Very large attacks (100 gigabytes per second or more) are up 275%, according to Cambridge University.

If you are not prepared to deal with an attack and need help, please contact us. Credit: Dark Reading

Ransomware at German Hospital Results in 1 Death

This could have wound up much worse when hackers compromised Duesseldorf University Hospital. The hospital put itself on life support and ambulances were diverted to other hospitals. While police communicated with the hackers and told them they hacked a hospital, an ambulance was diverted and the patient died. Prosecutors, if they can find the miscreants, may charge them with negligent homicide. The hackers did withdraw the ransom demand and forked up the decryption key, but not before this patient lost his or her life. Credit: Bleeping Computer

Security News for the Week Ending August 14, 2020

China and Russia Continue to Interfere with the Elections

According the the White House, China has been targeting the US election infrastructure ahead of the election and Russia has been trying to undercut Democratic candidate Joe Biden, much like their did with Clinton in 2016. Could it be that Russia thinks that the Republican Administrations are distracted by China and are ignoring the damage that Russia is doing? After all, Its not like Russia doesn’t want to do damage. Credit: South China Morning Post

China Hacking Government Sites, Others

Just in case you thought I was saying that China is a bunch of good guys… China has been using malware called Taidoor to hack government sites, private sector and think tanks since 2008 according to Homeland Security and the Pentagon. They are using this malware to maintain a presence, undetected, on these servers. DoD’s Cyber Command has only been uploading samples of this malware to the virus engines since 2018, so it is not clear what happened during the first 10 years of the attacks. Credit: Cyberscoop

Anomaly Six Accused of Secretly Embedding Location Tracking in Hundreds of Apps

US Government contractor Anomaly Six, who has strong ties to various national security agencies, is accused of creating a software development kit that secretly tracks the user’s location and reports the data to them. Apparently hundreds of apps use this SDK as the company pays the developers for the data.

The company refuses to disclose which apps are using it and, in theory, the apps should disclose they are selling the data. Assuming the apps are not completely rogue, they would need to ask for the location permission. I suspect we will hear more now that this cat is out of the bag. Credit: Hackread

OOPS! This is Embarrassing

The SANS cybersecurity training company suffered a data breach because an employee fell victim to a phishing attack. While we can make some fun at their expense, the real point is that not falling for phishing attacks is hard and takes a strong program. If you don’t have a strong anti-phishing program, we have a great one. The attack was the result of a SINGLE phishing click. This allowed the attacker to install a malicious Office 365 add-on. The result was the hacker was able to forward over 500 emails representing the PII of 28,000 SANS members, before being detected. The good news is that they have some of the best forensics experts in the business on their staff. They are conducting an investigation. Credit: Bleeping Computer

Another NSA Advisory: Linux. Rootkit. Russia

I know China is a threat. It is. But Russia is just as big a threat – they just operate differently. The NSA released an alert that says that Russia’s intelligence arm, the GRU, has built and targeted Linux systems with Drovorub. It is a Linux rootkit that can steal files, run arbitrary commands and forward network traffic to sniff it. Other than that, not a big deal. It hooks into the Linux kernel making it hard, but not impossible, to detect. Given the nature of the GRU, they are likely to use it against high value targets like, perhaps, tech companies, defense contractors or Covid-19 researchers. Beware. Credit: The Register

Security News for the Week Ending June 26, 2020

Anonymous Gonna Rise Again. Question Mark?

A hacker or hackers claiming to be affiliated the non-group Anonymous has posted a million documents coming from over 200 police departments and other law enforcement agencies. While the documents do no purport to show illegal activities, they are likely both embarrassing and also confidential. The fact that the police could not protect their own information is probably not great for their reputations either. Credit: Wired

Republican Senators Create Bill to End Use of Warrant-proof Encryption

Senators Lindsey Graham, Tom Cotton and Marsha Blackburn say that they plan to introduce a bill that will require service providers and device manufacturers to insert backdoors into their software and devices so that cops can decrypt the devices when they want to.

They have not published the bill yet and we have no idea whether it will get any traction, so who knows, but the main issue is that there is nothing to stop bad actors from installing software from web sites in countries that don’t really case about what Mrs Graham and Cotton or Ms. Blackburn want. Sure you will catch stupid crooks, but we catch them anyway. Credit: ZDNet

Pentagon Creates List of Companies Controlled by Chinese PLA

There is a 1999 law that requires the Pentagon to produce a list of companies controlled by the Chinese military. Always prompt, 21 years later the Pentagon has produced that list. Huawei is one of those companies, of course. At this point it is not clear what the White House will do with that list, but we assume that it will be used to add pressure to China. Credit: Time

Feds Ask FCC to Deny China Access to New Fiber Optic Cable from US

Team Telecom, that federation of executive branch agencies that has been completely toothless in stopping China from compromising our telecom has finally decided that to feels its Wheaties. Renamed CAFPUSTSS, they say we should not drop an undersea fiber cable in Hong Kong for China to tap. The proposed cable would have a speed of 144 terabits per second, otherwise known as way fast. If the White House has its way, the cable will go from the U.S. to the Philippines and Taiwan and bypass Hong Kong. Google owns the Taiwan segment and Facebook owns the Philippines segment, but China owns the proposed Hong Kong segment. Credit: CSO Online

Hackers Use Captcha to Thwart Detection

Captcha, those annoying puzzles/questions/pictures that websites use to try and distinguish bots from humans, is now being used by the baddies. The hackers are putting their malware, like infected spreadsheets, on websites behind a captcha, likely to try and avoid detection by the good guys. If the good guys automated testing cannot complete the captcha, it won’t test the content behind it, leaving it available for victims to download and get infected. Credit: ARS Technica

Minneapolis City Web Sites Hit by Denial of Service Attacks

Last Thursday, early in the morning, a number of City of Minneapolis web sites were disabled by denial of service attacks. The attacks are short lived and the city was able to restore most of the services within a few hours. It is certainly possible that we will see more cyberattacks as a way to continue civil disobedience. Credit: The Hill

GA Gov. Kemp’s (R) Claims that Dems Hacked his SoS Web Site In 2018 Are False

Two days before the 2018 election, then GA Secretary of State Kemp opened an investigation into what he said was a failed hacking attempt of voter registration systems by the Democratic Party.

Newly released case files from the GBI says that there was no such hacking attempt. The report says that Kemp got confused by an authorized and planned security test by HOMELAND SECURITY with a hack. Kemp’s CIO approved the scan by DHS.

The GBI did say that there were significant security holes in the web site at the time, even though Kemp said that patches to the web site two days before the election were standard practice. No one in their right mind would make changes to critical election systems two days before the election unless it was an emergency. Credit: Atlanta Journal Constitution

Chinese and Iranians Hacking Biden and Trump

Google’s Threat Analysis Group (TAG) warned the campaigns that the were seeing the Chinese targeting Biden and the Iranians targeting Trump. Currently, there is no sign of compromise, but we still have months to go before the election. Not only is there lots of information to steal, but they have the possibility of impacting the election or causing a loss of trust by voters in the process. Credit: SC Magazine

FBI Says Big Business Email Compromise Attacks on the Upswing

The FBI has reports of multiple fraudulent invoice BEC attacks in April and May. In on case hackers used a trusted vendor relationship and a transportation company to steal $1.5 Million. They are reporting multiple incidents in different industries, so caution is advised. Credit: FBI Liaison Information Reports 200605-007, security level GREEN.