Tag Archives: Israel

Security News for the Week Ending May 1, 2020

China, Korea, Vietnam Escalate Hacking During Covid-19 Outbreak

The Trump administration is calling out China for hacking our hospitals and research facilities who are looking for cures and vaccines for Covid-19. That should not be much of a surprise since China has always opted for stealing solutions vs. figuring them out themselves. At least that this point, the U.S. is not doing anything about this theft. Credit: CNN

At the same time, Vietnam is hacking at China’s Ministry of Emergency Management and the Wuhan government, probably trying to do the same thing and also steal information on their neighbor’s lies about their death toll. Credit: Reuters

Finally, South Korea’s Dark Hotel government hacking group is hacking at China, using 5 zero-day vulnerabilities in one attack. 5 is a massive arsenal to use in one attack, since zero-days are hard to find (or at least we think they are. Since they are unknown until they get used or announced, we don’t really know). Reports are that the group has compromised 200+ VPN servers in an effort to infiltrate the Chinese government and other Chinese institutions. Credit: Cyberscoop

Bottom line, it is business as usual, with everyone hacking everyone they can.

Israel Thwarts Major Coordinated Cyber-Attack on its Water Infrastructure

Israel says that they have reports on coordinated attacks on their wastewater, pumping and sewage infrastructure.

The response was to tell companies to take their systems off the Internet as much as possible, change passwords and update software. All good things to do but disconnecting from the Internet likely makes companies unable to operate, since most plants run “lights out” – with no onsite staff.

The attacks took place on Friday and Saturday – during the Jewish Sabbath when the least people would be around to detect and respond. Credit: The Algemeiner

Surveillance Company Employee Used Company’s Tool to Hack Love Interest

An employee of hacking tool vendor NSO Group, who was working on site at a customer location, broke into the office of the customer and aimed the software at a “love interest”.

While vendors like to claim that they are righteous and above reproach, the reality is that they have little control over what employees do. Even the NSA seems to have trouble with reports of their analysts sharing salacious images that they come across.

in fact, the “insider threat” problem as it is referred to is a really difficult problem to solve. In this case, the employee set off an alarm when he broke into the office where the authorized computer was located and was caught and fired. Most do not get caught. Credit: Vice

Over 1,000 Public Companies List Ransomware as Risk

In case you had any doubt about the risk that ransomware represents, over 1,000 publicly traded companies list ransomware as a risk to future earnings in their 10K, 10Q and other SEC filings. Companies only have to list items that have the potential to be material to earnings, so it is usually a relatively short list. Four months into 2020, 700 companies have already mentioned ransomware is on that short list. Credit: ZDNet

Nearly 3 in 5 Americans Don’t Trust Apple-Google Covid Tracking Tech

The authorities want to track the contacts of anyone who who tests positive for Covid-19. The way they want to do this is by getting everyone to install an app on their smartphone. 1 in 6 (16%) Americans don’t even have a smartphone. For the high risk group, these over 65, only 50% have smartphones and for those over 75, it is even less.

Resistance is higher among Republicans and those that think they are at lower risk. Only 17% of all smartphone owners said they would Definitely use it.

The main reason for resistance is that people don’t trust Apple, Google and others to keep their data private. Even if the tech companies wanted to keep it private, the government could demand that they hand it over. Credit: Washington Post

Security News for the Week Ending February 21, 2020

US Gov Warns of Ransomware Attacks on Pipeline Operations

DHS’s CISA issued an alert this week to all U.S. critical infrastructure that a U.S. natural gas compressor station suffered a ransomware attack. While they claim that the attackers did not get control of the gas compression hardware, they did come damn close. The ransomware took all of the machines that manage the compressor station offline. The utility was able to remotely WATCH the compressor station, but that remote site was not configured to be able run the site. The result was that other compressor stations on the same pipeline had to be shut down for safety reasons and the entire pipeline wound up being shut down for two days.

It appears that there was no customer impact in this case (perhaps this station fed other downstream stations that were able to be fed from other pipelines), CISA says that there was a loss of revenue to the company. The article provides guidance on protecting industrial control networks.

While this time the bad guys were not able to take over the controllers that run the compressors, that may not be true next time. Source: Bleeping Computer

Amazon Finally Turns on Two Factor Authentication for Ring Web Site After PR Disaster

After many intrusions into customer’s Ring video cameras where hackers took over cameras and talked to kids using very inappropriate language, Ring finally made two factor authentication mandatory for all users. While other competitors turned on two factor authentication years ago, Amazon didn’t, probably because they thought customers might consider it “inconvenient”. Source: Bleeping Computer

Real-ID Requirement To Get On An Airplane is Oct 1st

After 9-11, Congress passed the Real ID act (in 2005) to set a single national standard for IDs used to get on airplanes and get into government buildings. For years, Homeland Security has been granting extensions and now, the current plan is for Real ID to go into effect for getting on airplanes and into government buildings in about 8 months.

DHS says that only 34% of the ID cards in the US are Real ID compliant.

That means that IF the government doesn’t change the rules and if people don’t have some other form of approved ID, potentially 66% of the people will not be able to get on an airplane after October 1 or even enter a federal office building.

That might cause some chaos. Driver’s license officials say that even if they work 24-7, they could not issue all of the remaining ID cards by October 1. Will DHS blink? Again? After all, we are coming up n the 20th anniversary of 9-11 and if terrorists have not been able to blow up airplanes or government buildings using non-Real-ID compliant IDs in the last 19 years, is this really a critical problem? Better off to have a Real ID compliant ID card and not have to argue the point. Source: MSN

Sex Works

One more time Hamas tricked Israeli soldiers into installing spyware on their phones. The Palestinians created fake personas on Facebook, Instagram and Telegram, including pictures of pretty young women such as this one.

View image on Twitter

Unfortunately for the Palestinians, the Israeli Defense Forces caught wind of their plan and actually took out their hacking system before they were able to do much damage.

What is more interesting is that this is the third time in three years that the Palestinians have tried this trick. And, it keeps working. Source: Threatpost

AT&T, Verizon Join IBM in Exiting RSA Over Coronavirus

As fears of Coronavirus spread, the effect on the economy is growing. Mobile World Congress, the largest mobile-focused tech conference in the world, being held in Barcelona this year, was cancelled. Source: The Verge

Last Week, IBM cancelled their attendance and booth at RSA in San Francisco. This week their cancellations were joined by Verizon and AT&T. My guess is that attendance will be down significantly as well, without regard to whether tickets were already paid for or not. The total of exhibitors and sponsors who have decided to cancel is now up to 14. Source: Business Insider

These events generate huge income for businesses in the host cities and are very important for vendors looking for business.

This is likely going to continue to be an issue for event organizers and more events are likely to be cancelled.

Security News for the Week Ending November 22, 2019

Huawei Ban – Is It A National Security Issue or Bargaining Chip?

Back in May, President Trump issued a ban on US companies buying from or selling to Huawei (see here).  Since then, the government has issued an extension to the ban 90 days at a time and the government just issued another extension.  They are doing this at the same time that they are trying to get US allies to not use Huawei products in the rollout of those country’s 5G networks.   This tells China that we are not serious about this and don’t really think Huawei is a security risk – whether it is or not.

There are two problems with the ban.  The first is that US telecom carriers currently use lots of Huawei gear and it will cost billions to replace it.   Second, US companies and likely Republican donors make billions selling parts to Huawei, so the administration is reluctant to stop that flow of money into the country.

Congress is considering a bill to fund $1 billion over TEN YEARS as a down payment on removing Huawei gear from US networks.  If the US actually implements the Huawei ban, then those companies will no longer get software patches, The Chinese might even announce the holes so hackers can attack US networks.  In addition,  if the equipment breaks, carriers won’t be able to get  it fixed.   Life is never simple.

Carriers that have to spend money replacing Huawei will have to delay their 5G rollouts, turning the US into even more of a third-world cellular network than we already are.   Source: ITPro

Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies

The hacker or hacker group Phineas Fisher has offered up a bounty of $100,000 for other hackers who break into “capitalist institutions” and leak the data.  The group said that hacking into corporations and leaking documents in the “public interest” is the best way for hackers to use their skills for social good.  That is not a great message for businesses who are trying to defend themselves.

Phineas Fisher has a long track record of breaking into companies and publishing embarrassing data, so this is not just an idle threat.  Source: Vice

Russian Hacker Extradited to the United States May Be High Value Asset

We see from time to time that hackers are not too bright or act in not so bright ways.  In this case, a Russian hacker, wanted by the US was arrested when he entered Israel in 2015.  The US says that he ran the underground credit card mart CARDPLANET which sold over a hundred thousand stolen cards.  Why a Russian hacker would think that visiting Israel would be safe seems like he thought, maybe, no one knew who he was or that he is not very smart.

After Israel arrested him at the request of the US, the Russians tried to bargain him back to Russia under the guise of trying him there.  When the Israelis told them thanks, but we will handle this ourselves, Russia convicted a young Israeli woman on trumped up drug charges and she is serving a 7 year sentence in Russia.  Even that did not sway Israel to return him.  In the mean time, the Israelis have turned him over to us and he waiting trial here.

Some people say that Russia wants him back because he has first hand knowledge of Russian interference in the 2016 US elections, but the White House doesn’t even admit that Russia hacked the elections, so I am guessing they are not going to press on that issue, but who knows  – stay tuned.  Source: Brian Krebs

When It Affects the Boss, Well, Just Fix It

A few weeks ago Jack Dorsey, Twitter’s CEO, had his Twitter account hacked.

Up until yesterday, you had to provide Twitter with a phone number for two factor authentication and they would send you a text  message.  You could change the method later, but you had to initially give them a phone number.  HIS account was hit by a SIMJacking account (so apparently he did not change his authentication method).

As of November 21, you can now set up a Twitter account WITHOUT SMS as the second factor.  I strongly recommend that you change your Twitter 2FA method.  Source: Tech Crunch

Apple Tells Congress That You’ll Hurt Yourself if You Try to Fix Your iPhone

Congress pressed Apple on why you or a repair center (that doesn’t pay Apple a licensing fee) should not be allowed to repair your iPhone because, they say, doing such repairs could be dangerous.

They also said it costs them more money to repair iPhones at Apple stores than they charge, which is probably the best reason ever to let other people repair them.  Of course, that is not the way Apple sees it.  They said that you might leave a screw out or something.  Of course, if they provided manuals, that wouldn’t be a problem.

Apple would like you and Congress to believe that their repair monopoly is good for you as a consumer.  Apple also said that they don’t stop consumers from getting repairs from a shop of their choice, even though they modified the iPhone software to disable the phone’s touchscreen if they do get their phone repaired outside the Apple ecosystem.  Read more details here.


ECJ-Safe Harbor Trickle Down Is Already Starting

First, the European Court of Justice (ECJ) rules that the 15 year old Safe Harbor agreement which allowed companies to transfer data between the E.U. and the U.S. was invalid.  Effective immediately.

Then the Article 29 Working Group (who is responsible for Safe Harbor) met and said that if the E.U. and U.S. don’t come up with a new agreement by the end of January, country data commissioners are free to start filing complaints and fining companies.

This week, the Israeli Law, Information and Technology Authority revoked its prior authorization to transfer data from Israel to the U.S.  There is a somewhat strange relationship between Israel and the E.U. which sort of makes it an honorary member of the E.U. and they had been using the Safe Harbor agreement as a way to justify transferring data from Israel to the U.S.  That is no more.

That means that companies that don’t have binding corporate rules or standard contract clauses that have been approved by at least two E.U. country data protection authorities (once you get to 2, you sort of have a free pass for the rest of the E.U.), can no longer transfer data between Israel and the U.S.

This means that U.S. Silicon Valley companies that have offices in Israel, Israeli companies owned by U.S. companies and Israeli companies that work closely with U.S. companies will need to figure out a new strategy or risk facing fines.

Since it can take 6-12 months to create and get approval for binding corporate rules, it is not like something you can change overnight.

Also, since the U.S. and E.U. have been working for two years on a new version of Safe Harbor which was really a minor tweak and now they likely have to reinvent Safe Harbor, I doubt it will be done by the end of January deadline.

While many very large companies were already concerned about this and have been working for a year or two to get Binding Corporate Rules or Standard Contract Clauses (like Facebook, for example) approved and in place, smaller companies likely have not done that and should now be in a full scale fire fight.

We do not now what the data protection commissioners are likely to do come February 1, 2016, but waiting to see is probably not a good strategy.

It will be interesting to see if there is other fallout before the January 31, 2016 deadline – stay tuned.

If you are a company that does transfer personally identifiable data between the U.S. and the E.U – or Israel, you should already be talking to legal counsel to see what you need to do to stay off the radar.


Information for this post came from IAPP.

Duqu2 Malware Trail – From Kaspersky Labs to Iranian Nuclear Talks

Gene Kaspersky, head of the Russian anti-malware vendor and security research labs reported yesterday that the malware that infected his labs last year was also found … drum roll … at the hotels for the delegates to the Iranian nuclear talks (see article).

Gene Kaspersky
Gene Kaspersky, head of Kaspersky Labs

Kaspersky reported yesterday (see article) that their lab was the victim of a sophisticated attack that they detected in the early spring.  They said that the attack used three different zero day (previously unknown) vulnerabilities.

This malware, that they labelled Duqu2, does not write to disk, so anti-malware software that scans the disk cannot detect it.

The earlier version of Duqu used a bug in Microsoft Word.  This version uses a bug in the Microsoft Installer.

Gene said that while the attackers did get some material off their systems, they were detected early and they are confident that they removed the malware and that their customers are safe.

Fast forward to yesterday.  In the report, Kaspersky says that after they found this malware, they decided to do a little “spying” of their own to see where else this malware might be.

Given that their anti-malware software is loaded on tens of millions of computers, all they need to do is add a test for this particular malware and have the software tell them if it found it.

After scanning millions of computers, including thousands of hotels, they found it – on three luxury hotels in Europe.  What these hotels have in common is that each had hosted negotiations between Iran and the rest of the world over nuclear issues.

Hmmm.  Who might have an interest in that?  Russia?  United States?  Israel?  Kaspersky is not naming names – he doesn’t do that – but there are hints that he thinks it is Israel.  While Israel denies spying on the U.S. and other allies (except for those times where they got caught at it), they don’t deny that they spy on Iran.  However, they responded with a ‘no comment’ type of response when asked if this bug was theirs.  Assuming it was, there goes some valuable intel.

So what does Duqu2 do?  It is composed of 100 distinct modules that do different things.  One, for example, compresses video feeds – like you might get from a CCTV security camera.  Other modules targeted communications from phones to WiFi.  Another allowed them to eavesdrop on microphones in elevators, alarm systems and computers.

The FBI is reviewing Kaspersky’s report and said while they have not confirmed the report, it doesn’t surprise them that someone would attempt to attack those hotels.

U.S. officials said “We’re trying to keep as much security as we can, but nothing ever stays completely secret in this world we live in these days,”.   The British, German and French said ‘no comment’.

In today’s world, with as high stakes as these negotiations are, this is not much of a surprise.

Kaspersky says that the attack on them likely started when an employee in a satellite office in Asia clicked on an attachment and loaded the malware.  No doubt, they are running some anti-malware software 🙂 , so they detected the outbreak pretty quickly.

Pretty amazing stuff.