Tag Archives: FBI

Security News for the Week Ending November 19, 2021

Old Scams Never Die, They Just Get a Fresh Coat of Paint

Scammers have been posing, according to a warning by DHS, as Immigration and Customs Enforcement (ICE) Homeland Security Investigations (HSI) agents in San Antonio. The scammers call the mark, pretending to be HSI and tell them there is a problem with their passport and if they just pay the scammer/HSI agent some money, the problem will go away. They threaten that they will be arrested if they don’t pay. The victim’s passport, they say, was involved in a crime and police will be dispatched to their house to arrest them. Marks can call the ICE tip line at 866-347-2423 if they are able to “mark the mark”, so to speak. This type of scam is decades old; the only things that change are the targets and the agency who the scammers claim to represent, although DHS is a popular one. Credit: Infosecurity

Hackers Use Real FBI Email Account to Send Spam Cyberattack Spam

I don’t think this qualifies as a hack. Instead it is really poor software design. The FBI runs a portal for law enforcement, but until Saturday anyone could sign up for an account. The prankster sent out at least 100,000 emails and the FBI was flooded with calls. For admins, it was hard to disregard the alert since it came from the real FBI email server and was signed with DMARC. A bit of a black eye for the FBI and they only said that they were working on fixing the hole. Their temporary fix was to shut the system down. Probably a good idea. The hacker talked to Brian Krebs and explained what he did and why. To point out crappy security. Credit: Brian Krebs

Election Conspiracy Theory Lives On

For those of us in Colorado, there is a full blown election conspiracy fight still going on. Tina Peters, the election official in Mesa county, the reddest part of the state, is in the middle of a fight for her political life. A Republican, she was booted out of her role as election chief by Jena Griswold, a Democrat and the state’s chief election official. Griswold appointed another Republican to oversee Mesa County’s elections. So far, the courts have sided with the state. Peters did things like turn off the cameras in the secure counting area and made covert copies of the disk drives from the counting machines Somehow, copies of all of her voting system passwords and a copy of the rogue disk drive image were posted on the Internet for anyone to download. She says that she doesn’t know how that happened. Her legal expenses are being paid for by the MyPillowMan. Check out the story here.

CISA About to Name Members of New Advisory and Investigation Panels

DHS’ CISA officially created the Cybersecurity Advisory Committee this month. It was authorized in the 2021 NDAA. The committee is limited to 35 people and must include one each from 12 key industries including finance, tech, communications and healthcare. The remaining slots will be appointed by CISA’s director. The Cyber Safety Board was created by executive order this year and will operate similar to the way the NTSB examines transportation accidents. It will include both Govies and private sector people and will convene when needed. Credit: The Record

NSA/FBI/CISA Issue Alert – Russia SVR

While China is a serious threat and the last administration pushed on that hard, that administration ignored Russia.

Today the National Security Agency, the FBI and the Cybersecurity and Infrastructure Security Agencies issued a joint alert titled Russian SVR Targets U.S. and Allied Networks.

The NSA, FBI and CISA said that the Russian Foreign Intelligence Service or SVR is behind the exploitation of 5 publicly known vulnerabilities.

The Feds also announced that Russia and the SVR were the ones behind the SolarWinds attack and all the other attacks surrounding SolarWinds.

In addition to the SolarWinds attack, they are crediting/blaming Russia for:

  • Fortinet Fortigate VPN
  • Synacor Zimbra Collaboration Suite
  • Pulse VPN
  • Citrix Application Delivery Gateway
  • VMWare Workspace ONE Access

The advisory is available here.

The FBI and their cousins also provided some very specific actions to take, here.

Here is the problem. These actors are pros. These are not random attacks.

In the SolarWinds attack they went after heavily defended federal agencies as well as a lot of big companies.

The Feds are saying that you should assume a breach will happen. Note that they did not say assume a breach might happen.

They said to implement network segmentation.

Enable robust logging

Prepare for incident response.

It seems like they are saying that we are fighting a war.

The feds will do their part to try and identify them and slow them down, but this is more of an art than a science.

One bit of good news is that the NSA is sufficiently embarrassed for missing SolarWinds that they are on high alert. That should help. HELP, but not prevent.

Historically, the NSA spent 90% of their budget on offense and 10% on defense. While we don’t know what those numbers are today, the pendulum has definitely moved.

And this is good for every business in America.

Be prepared. Credit: NSA

Security News for the Week Ending February 19, 2021

Parler is Back Online

After being down for a month after getting kicked off Amazon, Parler is back online. Existing accounts can log in now; new accounts can be created next week. They have a new interim CEO after the board fired the last one. It does not appear that old content was moved over to the new platform. Apple and Google have not restored Parler’s apps and there are lawsuits and Congressional investigations, so they are not completely out of the woods yet. It remains to be seen what their content moderation strategy will be. In their notice it says that they don’t moderate and then proceed to talk about all the content moderation they are doing – likely to try and stay out of jail. Credit: MSN

Even Though FBI Complains About Going Dark, they Unlock Phones

While the FBI will never be happy until we return to the 1990s when there was no encryption, apparently, according to court documents, the FBI can get into iPhones after first unlock after power up (which is 99.99% of the time) and even read Signal messages. Likely using tools like GrayKey and Cellebrite they can extract data from many encrypted phones. Credit: Hackread

Certification Labs UL Hit By Ransomware

Underwriters Labs, the safety certification organization – which also has a cybersecurity certification – has apparently been hit by a ransomware attack which caused them to shut down their IT systems. Attempts to connect to the MyUL.Com portal return a ‘can’t reach this page’ error message. They have been down for a week so far and have decided not to pay the ransom. This points to how long it takes to recover from ransomware, even for a big company. Credit: Bleeping Computer

Microsoft Says SolarWinds Hackers Stole Some Source Code

Microsoft is now admitting that the SolarWinds hackers were able to download some of their source code including parts of code for Intune, Exchange and Azure. While not complete code for anything, any code that makes it onto the dark web will make it easier for hackers to figure out how to hack Microsoft users in the future. Credit: ZDNet

John Deere Promised Right to Repair But Didn’t Quite Do That

In 2018 John Deere lobbyists successfully killed a number of state legislative bills that would have allowed farmers to repair their own tractors and heavy equipment. In exchange, Deere pinky-promised to make the software and manuals available in three years. That would be January 1 of this year. Apparently, Deere, while successful at killing the bills, has not lived up to their end of the bargain and some of the state legislators are not terribly happy. Expect at least some states to introduce new “right to repair” bills this year. What is unknown is how broad these bills will be. Will they just allow a farmer to repair his/her tractor or will it also allow iPhone users to also repair their phones? Credit: Vice

The FBI is TRYING to Stem Cyber Badguyness

There is no easy answer, but I can tell you for sure that the FBI has been applying more and more resources to cybecrime every year.

Just this month they unsealed seven indictments charging 16 people from China, Russia, Iran and Malaysia with hacking crimes.

Treasury sanctioned 45 people associated with Iran and two people from Russia.

At the same time, DHS and the FBI have been flooding us techies with threat advisories.

While this is completely unlikely to stop crime, it does increase the risk for bad guys. I am always amazed when these folks travel to countries friendly to us and get arrested and extradited.

FBI Director Wray said last week at a CISA summit that the FBI’s plan is to increase risk for the bad guys.

They have also been working with companies like Microsoft to take down web servers hosted by the hackers.

But it turns out that none of these recent indictments went after government sponsored hackers. That may be a coincidence or it may be intentional.

In fairness to the FBI, these crimes are hard to solve. It is not like China is going to cooperate with us

Still, we have to acknowledge that the more pressure the FBI and other law enforcement puts on hackers, the better. And, we should not forget, there are a lot of hackers right here in the U.S. Those should be easier to apprehend.

I will say that I would not want their job. It is next to impossible to win. Most hackers think, correctly or not, that the odds of getting caught are very low.

The risk is low – if they remember one thing – one thing that hackers seem to forget regularly. Pigs get fat, hogs get slaughtered. If you are too greedy, you will paint a target on your back. And you will increase the odds of getting caught.

Credit: The Record

Security News for the Week Ending April 19, 2019

Microsoft Pulls Patches AGAIN After Some Computers Become Super Secure

Users of Sophos and Avast, especially those running Windows 7 or Windows 8 – but not Windows 10 – got their computers bricked after this month’s update.  Microsoft has had multiple update failures over the last 6 months, causing admins to wait a week or two before installing patches.  In general, this is probably an acceptable risk.  In this case, users had to boot the computer in safe mode, disable their AV, reboot and uninstall the patch.  Then they can re-enable the AV software.  A bit of a pain for companies with a lot of PCs.  Microsoft has now blocked the patch if it sees a problem machine.

NOTE:  If you need a reason to update to Windows 10, Microsoft is releasing an update to back out these failed updates automatically, but, of course, only in Windows 10.

Source: The Register.

Facebook is, Apparently, in the Black Market Business

For many people, who do not love Facebook, they would have said this even before this revelation, but now it is official.

Facebook really does not have the ability to police billions of accounts.  You just can’t get there from here.

This time, researchers at Cisco’s Talos group found 74 groups selling criminal wares, very publicly, on Facebook.  Everything from stolen credit cards to spamming tools.

The groups, which had close to 400,000 members have been removed.  No doubt, immediately replaced with new ones.  Source: Info Security Magazine.

Genesee County Michigan Joins Many Other Municipalities in Falling to Ransomware

Genesee County was hit by a ransomware attack last week.  Initially, they said no biggie, they would be back the next day.  A week later, they are still wrestling with it, although, it appears, they have a lot of services back online and seem to be making progress towards the rest.

While they are keeping mum about the details, it certainly appears that they had a good backup and disaster recovery strategy, unlike a lot of cities and towns (remember Atlanta last year?)   Source: SC Magazine.

 

China Is Following in US Lead – US Upset

Huawei Marine Networks is currently constructing or improving nearly 100 submarine cables.

Similar to the Hauwei 5G controversy, western intelligence is concerned that they might eavesdrop on the data since just one cable with multiple fibers might carry 100 gigabits of traffic or more –  a very nice prize.

Until recently, the United States and its friends in the Five Eyes countries have had somewhat of a monopoly in spying on Internet traffic.

Now China and other not so friendly countries have the ability also and want in on the action.  The United States would prefer to keep the capability to itself.

Since the U.S. has repeatedly preferred a less secure Internet to make it easier for it to spy on others (consider the NSA’s successful efforts to modify encryption standards to make them easier to crack as has been revealed over the last few years as just  one example).  Now that others have the ability to spy on us as well, the lack of security works both ways.  According to Bruce Schneier, the U.S. is going to have to make a decision – a secure Internet which is harder for everyone to hack or a weak Internet which is easy for our adversaries to crack.  Source: Bruce Schneier.

Hacker Publishes Personal Information on Thousands of Law Enforcement Agents

Hackers believed to be based in Ukraine claim to have hacked more than 1,000  sites and have published the personal information (names, phone numbers and street addresses)  of about 4,000 federal agents such as the FBI Academy grads.

When a reporter asked if the hacker was concerned that putting this information out would put federal agents at risk, he responded “Probably, yes”.  The hacker also demonstrated being able to deface an FBI Academy Alumni Site.  His motivation, he said, is money.

The hacker claims to have data on over 1 million  people and is working on formatting it to sell.

The FBI Academy Alumni Association only said that it was investigating.  Techcrunch is NOT publishing the name of the hacker’s website.  Source: Tech Crunch.

 

Expensive IoT Hack

Car2Go, recently renamed Share Now, has suspended its service in Chicago out of “an abundance of caution”.

That caution comes from the fact that 100 of their cars were stolen and some of them used in crimes.  Half of the cars were Mercedes.

Some people have been arrested and a few cars have been recovered.

If we assume that the average cost of one of these vehicles is $50,000 then the loss of 100 cars and the brand damage from news reports like “Robbing a bank?  Steal a Cars2Go to make your getaway” or whatever, is significant.  While the hard cost could be covered by insurance, likely the bigger issue is that they don’t understand how the Car2Go app was hacked to allow the thieves to steal a large number of expensive luxury cars.  They likely won’t restart the service until they figure that out.

One more time, Internet of Things security is a challenge (I assume that you use the app to unlock and start the car).  In this case, they probably spent a bit on security, but apparently not enough.

This is one case where APPLICATION PENETRATION TESTING and RED TEAM EXERCISES become very important.  Luckily the hackers weren’t terrorists and didn’t use the cars to kill people.  That would have been a real challenge to do damage control over.

We need to work diligently on IoT security before it becomes more than a financial issue.  Source: NY Daily News.

The FBI’s Cyber Challenge Exceeds Its Bandwidth

Or so says Christopher Wray, the current director of the FBI, testifying before a Congressional committee.

My guess, having talked to my share of FBI agents, including today,  is that he is correct.

The basic premise of all police work is that the number of crimes is relatively small.  No so with cyber.

Also, it used to be that crime was local.  It is hard to break into your house and steal your TV from Kiev.  You MUST have an operative in town, even if you are in Kiev.  Not so when it comes to cybercrime.

Jurisdiction was never an issue.  Yeah, sometimes a crook would flee the state before the cops caught up with him or her.  Now, a large percentage of cybercrime is committed offshore.  Even if it comes from a country friendly to us, there are an amazing number of hoops that cops have to jump through to get information from even the friendly countries.  Imagine what it is like to get information from countries that you have to Google just to figure out exactly where they are located.

As the FBI agents who briefed us today said (thank you Nate and Dennis), they need a lot of  help from businesses if they even stand a chance of catching the bad guys, but if businesses do what is required, it is possible.  Sometimes.  Let me know if you would like a briefing.

According to this year’s budget.  The FBI has 1,981 employees involved in cyber investigations.  Assuming the FBI has 56 field offices and not counting all the satellite offices, that means that the FBI has about 35 employees at all levels, on average, at each field office to investigate the roughly 300,000 crimes that were reported to the FBI in 2017 and probably 10 times that many which people didn’t even bother to report.

Given that most of these crimes involve foreign countries and therefore  reams of paperwork, if you ever do get cooperation,  they are fighting a losing battle.

One of the roles of these roughly 2,000 people is to help state and local law enforcement solve cyber crimes reported to them, so the problem multiplies.

What this means is that you are much better off trying to keep the bad guys out rather than trying to get help after the fact.

Just a matter of simple math.  Not. Enough. Resources.

Of course, it is virtually impossible for the FBI to retain top cyber talent.  A really smart cyber investigator can likely earn double or more what they would make at the FBI in private industry, with less hassle and more perks.  Yes, they don’t get to wear a badge and carry a gun, but that excitement wears off quickly.

The FBI is trying to improve the overall cyber knowledge of its total staff, but that is hard.  These people have spent their entire careers searching for traditional crooks,  This is a very different skill.  You don’t send someone to a one day class and make their a cyber expert.

Source: Government Computer News.