Tag Archives: China

Security News for the Week Ending March 26, 2021

China Bans Military and Government from using Teslas – Due to ‘Spying’

The WSJ is reporting that the Chinese government has restricted the use of Tesla vehicles near or in sensitive installations like military and government facilities. The theory is that the cameras on Teslas could be used for spying. Tesla, of course, denies that they are spies, but consider this. What is to stop hackers or state intelligence agencies from hacking ANY self driving car and stealing the data. I am sure that Musk would say that his security is great, but is it perfect? This is not a Tesla problem, this is a ’20 cameras on 4 wheels with an Internet connection’ problem and this case, I would say the Chinese are correct. The problem is that with more and more self driving cars, do you ban all cars from sensitive places? What if you convince the owner to sell their data after driving around a sensitive facility? If someone offered you $50,000 to rent your car for a week, no questions asked, would you take it? Oh, yeah, it might back with less data than it went out with. Credit: ZDNet

Facebook Fails to Derail $15 billion Privacy Lawsuit

Facebook is being accused of violating wiretap laws because of the way the Facebook “Like” icons work to track even people who do not have Facebook accounts, never mind ones who do have an account but are not logged in. Of course, Facebook monetizes this data in a variety of ways. Facebook told the Supreme Court that if they allowed the California federal court decision to let the case proceed (which is different than saying the plaintiffs will win), that would have detrimental consequences. While $15 billion is a lot of money, remember that Facebook made $30 billion in PROFIT just last year and allowing the case to proceed, does not mean anyone will win or what the penalty might be. Surely if Facebook loses it will be detrimental – to them, but that is never been a reason to stop a lawsuit from moving forward. Credit: Security Week

Amazon Contractors Have to Sign a Biometric Consent Form or Lose Their Job

Amazon continues to ratchet down on their contract drivers (and probably their own too). They are installing AI based cameras in their delivery vehicles that watch both the road and the drivers. If a driver yawns, they see that. If the driver looks at his or her phone, they see that too. Not wearing your seatbelt? Problem. Too many negatives and they are history. Or, they can quit now. Oh, yeah, they can keep the data forever. Credit: Vice

Hackers Demand $50 Million Ransom from Acer – Threaten to Leak Data

In what is probably the largest ransom demand ever (at least that we know of), hackers encrypted systems at Acer on March 14th and demanded a $50 million ransom. The hackers posted on the dark web that negotiations had broken down. Acer, apparently, offered $10 million, but Acer is not confirming anything. Leaked documents are less sensitive financial info, so we don’t really know what they have. The compromise may have started with the Microsoft Exchange Server hack. The main risk factor here, likely, is the disclosure of whatever the hackers stole. Stay tuned. Credit: Hackread

After NSA Head Says NSA Missed SolarWinds Because it Can’t Spy in US, Administration Says It Does Not Plan to Increase US Surveillance

An administration official, earlier this month, said that the administration, worried about the political blowback of the NSA spying on Americans, was not CURRENTLY seeking additional laws to allow the NSA (or others) to do additional spying on Americans. Instead, they want to focus on tighter partnerships with the private sector and allow them to provide the data to the feds. This would give the feds a cover story that they are just using data that has already been collected. This is my de-spinning of what they said. Credit: Security Week

Security News for the Week Ending March 19, 2021

Google Posts Exploit to Use Spectre to Leak Data

The Spectre family of side channel attacks against Intel based CPUs has been downplayed over the last year by some experts because they said there is no practical attack to steal data. Now Google has posted a proof of concept attack that could steal data at the rate of around 1,000 bytes a second using Chrome. It works both with both Intel CPUs and Apple M1 CPUs also. Follow the link to read the details. Credit: The Register

Police Shut Down Illegal Video Streaming App with 100 Million Users

Spanish National Police and Europol shut down the servers behind the mobile app Mobdro, which distributes illegal video streams. The investigation started in 2018 after compaints for several groups such as sports leagues. The crooks had 100 million “subscribers”. Profits from the sites are estimated to be around $5 million. While there have been arrests, confiscating of servers and bank accounts, after more than two years, authorities in Czechia are still investigating – the challenge of bringing down multinational cyber fraud groups. Credit: HackRead

Cheerleading Mom Takes Deep Fakes to New Low

A Pennsylvania woman is accused of spending months harassing other members of her daughter’s cheerleading squad by creating fake images of the other girls on the squad in an effort to get them thrown off the squad. The faked images appeared to show the girls with no clothes on, smoking and/or doing drugs. These images were texted to the other girls’ families and also to the owner of the cheerleading squad. Credit: Vice

Chinese Spies go After Telcos to Steal 5G Information

A group of Chinese spies has changed tactics to steal 5G information. The group, known as Mustang Panda or RedDelta, lures telco employees to a Huawei “jobs” page and once there, tells the visitors that they need to install a new Flash update, which will install a backdoor, thereby giving the hackers access to the employee’s network and the company’s data. Given that Flash is dead, I assume this tactic will morph, but the concept still works – lure the employee to a watering hole website, get the employee to download and install some malware in the guise of an update and thereby compromise the network. Credit: The Record

Bitcoin Entrepreneur Announces Free Speech Phone for Trump Fans

The Freedom Phone, brainchild of Erik Finman, who claims to be the youngest Bitcoin millionaire, comes preloaded with Parler and bills itself as “the first mass-marketable mobile phone based on free speech”. The main feature, the press release says, is that it allows you to download software which has been banned from Apple and Google stores such as Gab and Parler. It is based on the “freedom OS” which, it appears, is just their own build of Android. In addition to calling himself a millionaire, he also calls himself a billionaire, which does not appear to be true. The phone has not launched yet, but my guess is that it will not be free as in free. Credit: Vice

Security News for the Week Ending January 8, 2021

Britain Says Assange Cannot be Extradited

Julian Assange, a long time thorn in the backside of some folks in the US government, cannot be extradited to the US, a British court says. The court said that while he probably can get a fair trial in the US, the court system in the US is unlikely stop him from committing suicide (a la Jeffrey Epstein, another very high profile prisoner). The US is expected to appeal. Credit: Cybernews

Covid Stimulus Bill and UFOs

The first question is why? and the answer is Congress? Buried deep in the Covid stimulus bill is Intelligence Authorization Act which mandates the Pentagon release a report on its UFO task force report. Stay tuned. Credit: Vice

New York Stock Exchange Changes Mind About Delisting Chinese Stocks

After the NYSE said it was going to delist 3 Chinese telecom stocks because the President said they were tied to the Chinese government/military, they suddenly changed their mind. They said that they made the decision after consulting with their regulators. Not sure what this means in the long term, but it might mean that the DoJ thinks the President is on shaky ground legally in doing that and rather than get sued, they are going to let it play out in the courts. Credit: Cybernews

Right after this happened the exchange got a call from Secretary Mnuchin and, apparently he changed their mind. Again. So now they do plan to delist these stocks. Until they change their mind again. This is really a symbolic move since only about 2% of their shares go though the NYSE. Credit: ZDNet

Hackers Use Fake Trump Scandal Video to Load Malware

Want to see a (purported) Trump sex scandal video? Well ignoring your thoughts on the subject, the email is just click bait. If you fall for the bait and click, the malware will install a Remote Access Trojan or RAT on your computer, allowing the hacker to connect to your computer and rummage through (and steal) all your stuff. They could, in addition, deposit some ransomware when they are done, so no matter how curious you might be, don’t click. Credit: Hacker News

Nissan Seems to Have Lost Control of their Source Code

A car is not only a vehicle these days, but also a computer on wheels. More accurately, probably a hundred computers on wheels, plus a bunch of server software plus some mobile apps plus. You get the idea. So one might expect that you would protect that. Nissan did; with Userid:admin and Password:admin. A bit of a problem and it may even be difficult for Nissan to sue because they didn’t take reasonable care. Credit: SC Magazine

Security News for the Week Ending December 25, 2020

First of all, Merry Christmas and a Happy New Year.

OCC, FRB and FDIC Propose New Rule – Tell Us If You Have a Security Incident

The federal banking regulators are proposing a new rule that banks and tech companies that service banks need to report to their regulator within 36 hours if the have a security incident (like ransomware) that impacts their operations. I suspect that banks have been hiding these in the large stack of forms they file daily, hoping their regulator doesn’t catch what is going on. In *MY* opinion – long past due. It covers everyone who is part of the Federal Reserve System or the FDIC, among others. Credit: FDIC

FBI Says Iran Behind pro-Trump ‘enemy of the people’ Doxing Site

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) say that Iranian actors are “almost certainly” behind the creation of the website (currently down), basing the assertion on “highly credible information.”

The agencies add that in mid-December 2020 the website contained death threats aimed at U.S. election officials. Among them are governors, state secretaries, former CISA Director Christopher Krebs, FBI Director Christopher Wray, and people working for Dominion, the company providing the voting systems. Credit: Bleeping Computer

Facebook and Google Get a Little Too Friendly on Ads

While Google and Facebook supposedly compete in the ad business, with the two of them controlling over half the market, there was a bit of preferential treatment. In 2018 they announced a deal where Facebook’s advertisers could buy ads within Google’s ad network. What they did not announce was a secret deal where Facebook would get preferential treatment if they backed down on getting their advertisers to switch to a Google competitor. These days it is hard to keep secrets that big secret. Credit: Cybernews

Microsoft and McAfee Join Ransomware Task Force

19 tech companies, security firms and non-profits have joined together to fight ransomware. The task force will commission expert papers on the topic, engage stakeholders across industries, identify gaps in current solutions, and then work on a common roadmap to have issues addressed among all members. The result will be a standardized framework for dealing with ransomware attacks across verticals, based on industry consensus. They start playing together next month. Stay tuned to see what they produce. Credit: ZDNet

Homeland Security Releases Guide Warning About Chinese Equipment and Services

The Chinese government, along with Russia, has shown that it has a virtually insatiable appetite for stealing our stuff, whether that is personal information or trade secrets. This DHS document talks about the risks of partnering with Chinese firms and/or allowing your data to be stored in China or Chinese controlled data centers. It talks about how China has constructed it’s laws so that the government can get access to anything that it wants and what you can do to reduce the risk a little bit. A copy of the report can be downloaded here.

Security News for the Week Ending October 2, 2020

False Claims Act Means Big Fines

I had heard about the Department of Justice going after companies for misrepresenting things in federal contracts. I remember that Cisco paid a fine of less than $10 million, so I didn’t think it really meant much. But in a press release, the DoJ says that they recovered over $3 BILLION last year. That includes health care fraud, procurement fraud and other fraud. But 2019 was not an anomaly. In 2018 they recovered $2.8 billion; in 2017 they recovered $3.5 billion and in 2016, it was $4.9 billion. That is a lot of money, so if you are thinking about misrepresenting things in a government contract, you might want to reconsider. Read the details here.

911 Service in Multiple States Goes Down

Issues were reported by police departments in counties across Arizona, California, Colorado, Delaware, Florida, Illinois, Indiana, Minnesota, Nevada, North Carolina, North Dakota, Ohio, Pennsylvania, and Washington. Initially, it was thought that it was related to an outage at Microsoft at the same time. Many of the 911 dispatch centers were able to recover in less than an hour, but that turns out not to be the case; see yesterday’s blog post. Credit: ZDNet

DoJ Wins Case Against Snowden to Seize His Money

This has nothing to do with whether he is guilty of whatever. This is a simple contract dispute. If you go to work for the government and get a security clearance, you agree to let the government clear certain publications and speeches you make to make sure that you are not disclosing classified information. The Supremes have said in the past that the government can seize the proceeds from these illegal speeches and publications. In Snowden’s case, that is about $5 million. It is not clear that Snowden expected to keep the money; he knew the rules. Of course, if the money is in Russia with Edward, well, good luck. Credit: The Register

Still the Best Reason NOT to Buy Huawei Equipment

The White House has claimed that Chinese telecom provider Huawei is a national security risk – a tool of the Chinese government. That may be, I don’t know. But the Brits have been much more honest and open about things. The Brits have been evaluating Huawei’s software and they say that it is as secure against intruders as a screen door. Huawei says that these bugs prove that they are being honest. Not sure about that. Maybe they mean that they are too stupid to design backdoors for the Chinese government. Credit: The Register

Samsung has a Deal for You

Samsung has an interesting deal. They say to their advertisers that they will display an ad to an owner of one of their TVs, every time it is turned on and there is nothing the owner can do about it. They say this is about 400 times a month per TV. They use something called Automatic Content Recognition to understand whether you watch sports or movies (and what kind) or whatever and tune the ads to that. They do not tell you before you buy the TV that you are agreeing to that. Of course, if you have a dumb TV, that is not a problem, but that is not the direction the planet is going in. Perhaps buy a different brand. Credit: The Register

Universal Health Services Hit By Ransomware – 250 Hospitals Affected

UHS, which runs hundreds of hospitals and clinics, including behavioral health and addiction care and which has concentrations of facilities in California, Texas, Nevada and Florida has taken its systems offline. While they have not said what is going on, the scuttlebutt is that is the Ryuk strain of ransomware. Just what a hospital needs right now. They have shifted to paper based processes, although they say their electronic medical record system was not affected (it may just be offline right now but not encrypted). Utter chaos is probably rampant. Lawsuits to follow if people die. Credit: Security Week

Security News for the Week Ending September 25, 2020

GAO Tells Treasury: Track Cyber Risk in Financial Sector

The GAO told Treasury to work with Homeland Security to better track cyber risk in the financial sector.

The GAO says that Treasury does not track efforts or prioritize them. The “sector specific” security plan was last updated in 2016 and, of course, most of the tens of trillions of dollars of assets belong to private companies.

Not only that but Treasury has not implemented the recommendations from the last audit. Credit: Meritalk

Trump Campaign Spent $4 Million to Buy Your Location Data

The Trump campaign spent $4 million buying data on voters, including location, from a data broker named Phunware. The company makes a software development kit that developers can use to collect your data, including location, and sell it to data brokers. Nothing illegal, but lucrative for the app developers and useful for political campaigns and others. Credit: Vice

Google and Amazon – Both Can Be Un-Secure

We always talk about Amazon S3 storage buckets being configured in an un-secure manner, leaking data. Researchers say that 6 percent of a sample of Google storage buckets are also configured so that the wrong people can read from or write to it. Documents they were able to read include passports and birth certificates. Just like with Amazon, Google will disavow any responsibility if you mis-configure your storage. Bottom line – test your security regularly and do not assume that anything is secure. Credit: Threatpost

Russia and China, Oh, My! (Hacking)

While the current occupant of 1600 Pennsylvania Avenue continues to put pressure on China, he is not putting pressure on Russia and they are definitely going after us.

The Russian government hacking group known as APT28 or Fancy Bear is sending out fake NATO training materials laced with hard to detect Zebrocy Delphi malware. The email attachment has a zipx file extension. At the time researchers got a copy of the malware only 3 virus products detected it. It seems like with this campaign, the Ruskies are going after government computers, but there is always collateral damage. Credit: Bleeping Computer

At the same time, the FBI says that the Chinese are still actively going after Covid-19 research, including vaccines. After all, it is easier to steal a vaccine than to develop and test one. The Chinese read the newspapers, see who is claiming interesting stuff, and then try to hack them and steal their information. They are not alone. Russia and Iran are also trying to steal research and vaccine info. Credit: MSN