Tag Archives: Georgia

Security News For The Week Ending February 28, 2020

Russia Behind Cyberattacks on Country of Georgia Last Year

The State Department and the UK say that Russia was behind the attack on over ten thousand websites in the Country of Georgia last year.

They also formally attributed Sandworm (AKA Voodoo Bear, Telebots and BlackEnergy) to Russia’s GRU Unit 74455. Sandworm is the group responsible for the attacks against Ukraine’s power grid in 2015 and 2016 as well as NotPetya and other attacks. Not a nice bunch, but highly skilled. Andy Greenberg’s book, Sandworm, tells a scary story about these guys.

This is an interesting announcement from the State Department given the general position of the White House regarding Russian hacking. Here is the State Department’s press release.

Google to Restrict Android App Access to Location Tracking

Google is changing the Google Play Store policy for apps accessing your location when they are running in the background in response to user concerns.

The “user” is likely the folks running GDPR and the concern is the potential fine of 4% of Google’s revenue (AKA $6.4 billion).

They are reviewing all apps in the Play Store to see if the really need background access to your location or whether the user experience is just fine without them collecting and selling your location.

New apps will have to comply with this new policy by August 3 and existing apps will have until November 3 to comply.

In Android 11 you will be able to give an app ONE TIME permission to access your location data. When the app moves to the background, it will lose permission and will have to re-request it if it wants your location again.

This is actually pretty cool, but GDPR went into effect almost two years ago and they are just doing this now? Could it have something to do with a EU investigation of their use of location data? Probably just a coincidence. Source: PC Magazine

Accused CIA Vault 7 Leaker Goes To Trial

Accused CIA Vault 7 leaker Joshua Schulte’s trial for leaking top secret documents to Wikileaks started earlier this month. Schulte is accused of leaking top secret programs that the CIA used to hack opponents, causing serious embarrassment for their horrible security, allowing those tools to get into the hands of hackers and allowing our enemies to know how we hack them. It also cost the CIA a ton of money because they had to create a whole bunch of new programs that exploited different bugs that that had not disclosed to vendors to fix. Apparently Joshua is a bit of a challenge to work with and manage. Not only was he “a pain in the ass” but he also was into kiddie porn. He will be tried on those charges separately. Schulte’s lawyers say the government failed to turn over evidence that there might have been another leaker and wants the court to declare a mistrial. WOW! Read the details here.

Microsoft Trying to Do Away With Windows “Local” Accounts

For those of you who have been long time Windows users, you know that you had a userid to log on to the computer and then, possibly, if you want, another userid and password to logon to cloud services.

Like Google, Microsoft wants as much information about you as it can possibly collect. They also want you to use all of Microsoft’s online services, all of which are tied to your Microsoft login and not your local Windows login.

Microsoft’s answer? Make it very difficult for a user to logon to his or her computer with a local login. In fact, as of the most recent update to Windows 10, the only way to create a local, non-Microsoft, login is to disconnect your computer from the Internet when you first install it.

After all, they know that you DO want them to snoop on everything that you do. Source: Bleeping Computer

Facebooktwitterredditlinkedinmailby feather

Security News for the Week Ending December 27, 2019

Russia Claims to Have Successfully Disconnected from the Internet

Russia has been planning to install an Internet kill switch for a couple of years now.  Of course, we have no clue what that means.  Likely, it means that they have their own DNS servers so that they do not have to resolve web site addresses using servers controlled by the US and EU.  But that means any web sites that are outside of Russia will not work if they do this.

More likely, this process, which forces all traffic through government controlled gateways, is designed to surveil its citizens even more than it already does.  Details at ZDNet.

Pentagon Tells Military Not To Use “At Home” DNA Tests

I am not sure that Ancestry.com or 23AndMe are terribly happy about the message, but the Pentagon put out a memo this week telling members of the armed services not to take at home DNA tests unless otherwise notified.

The cover story is that the tests might be unreliable and not reviewed by the FDA.  The next story is that negative results might require members of the armed forces to disclose things that could end their military careers.

The real story is they are worried about state actors getting their hands on the DNA of our service men and women for nefarious purposes.

It looks like the military is actually starting to understand risks of the 21st century.  Good work.  Note this is not voluntary or optional. Source: MSN

Telemarketing Firm Lays off 300 Before Christmas Due to Ransomware

A Sherwood, Arkansas telemarketing firm laid off 300 people just before Christmas after a ransomware attack shut down their systems.  The attack happened about two months ago and even though they paid the ransom, they have not yet been able to restore the systems.  Apparently, at this point, they have run out of money. The company finally put out a memo explaining what was happening and told employees to call on January 2nd to see if they were going to get their jobs back.  Merry Christmas.  Source: KATV

British Pharmacy Fined $350K for Failing to Protect Medical Records

It is not just the big companies that are getting fined.  In this case a British pharmacy was fined $350,000 for leaving a half million records unprotected and exposed to the elements.  In addition, the pharmacy was issued an order to fix its security practices in 90 days or face more fines.  We are seeing less willingness by courts and regulators on both sides of the Atlantic to deal with companies missteps when it comes to security and privacy.   Source The Register.

Georgia Supreme Court Says Victims of Medical Clinic Hack Can Sue

Moving to this side of the Atlantic, the Georgia Supreme Court says that victims of an Atlanta area medical clinic that was hacked can sue the clinic for negligence.  As I said, courts are becoming much less understanding as to why companies are not effectively protecting the data entrusted to them.  This decision reverses the Court of Appeals decision and is only binding in Georgia, but courts in other states may use this as a precedent in their decision process.  Source: Atlanta Journal ConstitutionFacebooktwitterredditlinkedinmailby feather

Georgia Patches Election Web Site Two Days Before Elections – Calls it Normal

I am not sure who we should be more concerned about – us or them.

The Georgia Secretary of State, who is also running for Governor, has accused the Democrats of unsuccessfully trying to hack the state’s election system and referred it to the FBI.

Propublica is reporting that Kemp, the Secretary of State, quietly patched (it is reported that they rewrote the code on  (How extensive that might be is unclear).  the web site on Sunday after saying the site was secure and had no vulnerabilities.

Kemp said that State Democrats had committed possible cyber crimes after the Dems were notified by someone that he had found gaping security holes in the state’s voter information web site.

A Kemp spokesman denied vulnerabilities existed in the state’s voter lookup site and said that they could not reproduce the problem.

Propublica validated part of the tipster’s claim but other parts did not work after the state made fixes to the web site less than 48 hours before the midterm elections.

On top of all that, on Monday, Kemp’s spokesman claimed that they made changes to the site to support volume, but experts claim that the changes she said were made were, in fact,  not made.

From an operational stability viewpoint you would NEVER make a change that close to a major event for fear of breaking something.  Georgia likely has been testing and retesting their web site and other IT systems for months to make sure that nothing breaks today and to make major changes a day or two before the election likely meant that they did, in fact, find serious problems and felt that they had to fix them.  Minor problems would have been ignored because the very last thing that Kemp would want would be for the site to be down or go down on election day.

The Democrats, for their part, claim they forwarded the information to the FBI, Homeland Security and the State of Georgia by mid-day Saturday.

A more likely explanation for Kemp’s actions is that he is not happy that they reported the problem the the FBI and Homeland Security rather than quietly telling him so he could fix it without telling anyone.  Now he is both embarrassed and has a reputation problem after saying the site is secure.

Welcome to politics in America.  By the way, who knows if the Chinese and Russians were aware of or abused these security holes.  No one is saying.

Information for this post came from Propublica.

 

 

 Facebooktwitterredditlinkedinmailby feather

Friday News for May 11th, 2018

Irish High Court Deals Blow to Facebook

In yet another case that could deal a blow to the way that Facebook and others transfer data between the EU and the US, the Irish High Court told Facebook that it would not stay it’s “referral” to the European Court of Justice.  The case in question is a ruling about whether “Standard Contract Clauses” and the U.S. Privacy Shield provide sufficient protections for E.U. residents private data.  Facebook wants to appeal the decision to turn the question over to the ECJ to the Irish Supreme Court because the last place they want to be is at the ECJ – who ruled against them in their last privacy suit that destroyed the predecessor to Privacy Shield,  Safe Harbor (Source: Reuters).

Georgia Governor Vetos Cybersecurity Bill

The Georgia legislature recently passed a cybersecurity bill that would have likely criminalized cybersecurity research and allowed so-called hack back attacks where victims can hack the hackers (what could possibly go wrong when security novices go after professional hackers?).  The law, written by lawyers, was so vague that it might have made reporting a vulnerability a crime.  Equally likely, the large cybersecurity firms with offices in Georgia would have left the state and security researchers at Georgia Universities would have likely found more understanding states to do their research in.  Faced with a horribly drafted bill and the prospect of losing hundreds or maybe thousands of high paying jobs, the governor did the expedient thing – he vetoed the bill and told the legislature to find someone who knows something about security before they wrote the next version (Source: CSO Online).

IBM Bans All Removable Storage

IBM has issued a new company-wide policy that bans ALL FORMS OF REMOVABLE STORAGE from the company.  IBM’s Global Chief Information Security Officer made the announcement saying “the possible financial and reputational damage from misplaced, lost or misused removable portable storage devices must be minimised.” IBM isn’t saying “Why now?” , but likely someone screwed up big time.

That being said, it is relatively easy to technically implement this ban and, if done along side a policy on the appropriate use of services like Dropbox, Box, One Drive and others, it likely will reduce the certain types of information leakage.

What is or should be your company’s policy?  (Source: Gizmodo)

Beware of those Browser Extensions

Social engineering is still a very popular way to get you to load malware.  Researchers are warning people of a campaign, said to have already infected a hundred thousand users, where people are lured to click on a link on social media which redirects them to a page that tells them that they have to install a plugin or browser extention to continue reading the page.  DON’T!  Once the software is invited in by the user,  it steals passwords for a variety of accounts.  Other variants of this type of attack could empty your bank account when you log in to your bank or forward all of your email to the hacker, as other examples.

If you think you need a plugin or browser extension to view a page and  it is not already installed, independently find that extension and install it from the vendor’s site.  Make sure that the site is not one with a name similar to the real site (think App1e is not Apple, for example) that hackers have set up to fool you (source: The Hacker News).

The Dangers Of Government Surveillance

The conversation often comes up about trusting the government with all of the data that they have of ours.   Some people say there is nothing to worry about if you didn’t do anything wrong.

And then reality creeps in.

Sheriff Cory Hutcheson of Mississippi County, MO, used a service sold by Securus Technologies that is used to record and track phone calls to and from prisoners,

Unfortunately, he used it to track calls of a Judge and members of the State Highway Patrol.  This would allow him to track the location and obtain call data of these people. And anyone else he wanted to.

Securus requires someone to upload a document authorizing the request and certify that the activity was legal – basically, pinky swearing.

When the sheriff was arrested and the media went to Securus to ask about their practices, they claimed that they weren’t judges or lawyers, so, basically, they just trust people.

Sometimes trust is good, but verifying usually better.

How much of this activity goes on – who knows (Source: NY Times)?Facebooktwitterredditlinkedinmailby feather