Tag Archives: Israel

Security News for the Week Ending November 22, 2019

Huawei Ban – Is It A National Security Issue or Bargaining Chip?

Back in May, President Trump issued a ban on US companies buying from or selling to Huawei (see here).  Since then, the government has issued an extension to the ban 90 days at a time and the government just issued another extension.  They are doing this at the same time that they are trying to get US allies to not use Huawei products in the rollout of those country’s 5G networks.   This tells China that we are not serious about this and don’t really think Huawei is a security risk – whether it is or not.

There are two problems with the ban.  The first is that US telecom carriers currently use lots of Huawei gear and it will cost billions to replace it.   Second, US companies and likely Republican donors make billions selling parts to Huawei, so the administration is reluctant to stop that flow of money into the country.

Congress is considering a bill to fund $1 billion over TEN YEARS as a down payment on removing Huawei gear from US networks.  If the US actually implements the Huawei ban, then those companies will no longer get software patches, The Chinese might even announce the holes so hackers can attack US networks.  In addition,  if the equipment breaks, carriers won’t be able to get  it fixed.   Life is never simple.

Carriers that have to spend money replacing Huawei will have to delay their 5G rollouts, turning the US into even more of a third-world cellular network than we already are.   Source: ITPro

Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies

The hacker or hacker group Phineas Fisher has offered up a bounty of $100,000 for other hackers who break into “capitalist institutions” and leak the data.  The group said that hacking into corporations and leaking documents in the “public interest” is the best way for hackers to use their skills for social good.  That is not a great message for businesses who are trying to defend themselves.

Phineas Fisher has a long track record of breaking into companies and publishing embarrassing data, so this is not just an idle threat.  Source: Vice

Russian Hacker Extradited to the United States May Be High Value Asset

We see from time to time that hackers are not too bright or act in not so bright ways.  In this case, a Russian hacker, wanted by the US was arrested when he entered Israel in 2015.  The US says that he ran the underground credit card mart CARDPLANET which sold over a hundred thousand stolen cards.  Why a Russian hacker would think that visiting Israel would be safe seems like he thought, maybe, no one knew who he was or that he is not very smart.

After Israel arrested him at the request of the US, the Russians tried to bargain him back to Russia under the guise of trying him there.  When the Israelis told them thanks, but we will handle this ourselves, Russia convicted a young Israeli woman on trumped up drug charges and she is serving a 7 year sentence in Russia.  Even that did not sway Israel to return him.  In the mean time, the Israelis have turned him over to us and he waiting trial here.

Some people say that Russia wants him back because he has first hand knowledge of Russian interference in the 2016 US elections, but the White House doesn’t even admit that Russia hacked the elections, so I am guessing they are not going to press on that issue, but who knows  – stay tuned.  Source: Brian Krebs

When It Affects the Boss, Well, Just Fix It

A few weeks ago Jack Dorsey, Twitter’s CEO, had his Twitter account hacked.

Up until yesterday, you had to provide Twitter with a phone number for two factor authentication and they would send you a text  message.  You could change the method later, but you had to initially give them a phone number.  HIS account was hit by a SIMJacking account (so apparently he did not change his authentication method).

As of November 21, you can now set up a Twitter account WITHOUT SMS as the second factor.  I strongly recommend that you change your Twitter 2FA method.  Source: Tech Crunch

Apple Tells Congress That You’ll Hurt Yourself if You Try to Fix Your iPhone

Congress pressed Apple on why you or a repair center (that doesn’t pay Apple a licensing fee) should not be allowed to repair your iPhone because, they say, doing such repairs could be dangerous.

They also said it costs them more money to repair iPhones at Apple stores than they charge, which is probably the best reason ever to let other people repair them.  Of course, that is not the way Apple sees it.  They said that you might leave a screw out or something.  Of course, if they provided manuals, that wouldn’t be a problem.

Apple would like you and Congress to believe that their repair monopoly is good for you as a consumer.  Apple also said that they don’t stop consumers from getting repairs from a shop of their choice, even though they modified the iPhone software to disable the phone’s touchscreen if they do get their phone repaired outside the Apple ecosystem.  Read more details here.

 

Facebooktwitterredditlinkedinmailby feather

ECJ-Safe Harbor Trickle Down Is Already Starting

First, the European Court of Justice (ECJ) rules that the 15 year old Safe Harbor agreement which allowed companies to transfer data between the E.U. and the U.S. was invalid.  Effective immediately.

Then the Article 29 Working Group (who is responsible for Safe Harbor) met and said that if the E.U. and U.S. don’t come up with a new agreement by the end of January, country data commissioners are free to start filing complaints and fining companies.

This week, the Israeli Law, Information and Technology Authority revoked its prior authorization to transfer data from Israel to the U.S.  There is a somewhat strange relationship between Israel and the E.U. which sort of makes it an honorary member of the E.U. and they had been using the Safe Harbor agreement as a way to justify transferring data from Israel to the U.S.  That is no more.

That means that companies that don’t have binding corporate rules or standard contract clauses that have been approved by at least two E.U. country data protection authorities (once you get to 2, you sort of have a free pass for the rest of the E.U.), can no longer transfer data between Israel and the U.S.

This means that U.S. Silicon Valley companies that have offices in Israel, Israeli companies owned by U.S. companies and Israeli companies that work closely with U.S. companies will need to figure out a new strategy or risk facing fines.

Since it can take 6-12 months to create and get approval for binding corporate rules, it is not like something you can change overnight.

Also, since the U.S. and E.U. have been working for two years on a new version of Safe Harbor which was really a minor tweak and now they likely have to reinvent Safe Harbor, I doubt it will be done by the end of January deadline.

While many very large companies were already concerned about this and have been working for a year or two to get Binding Corporate Rules or Standard Contract Clauses (like Facebook, for example) approved and in place, smaller companies likely have not done that and should now be in a full scale fire fight.

We do not now what the data protection commissioners are likely to do come February 1, 2016, but waiting to see is probably not a good strategy.

It will be interesting to see if there is other fallout before the January 31, 2016 deadline – stay tuned.

If you are a company that does transfer personally identifiable data between the U.S. and the E.U – or Israel, you should already be talking to legal counsel to see what you need to do to stay off the radar.

 

Information for this post came from IAPP.

Facebooktwitterredditlinkedinmailby feather

Duqu2 Malware Trail – From Kaspersky Labs to Iranian Nuclear Talks

Gene Kaspersky, head of the Russian anti-malware vendor and security research labs reported yesterday that the malware that infected his labs last year was also found … drum roll … at the hotels for the delegates to the Iranian nuclear talks (see article).

Gene Kaspersky
Gene Kaspersky, head of Kaspersky Labs

Kaspersky reported yesterday (see article) that their lab was the victim of a sophisticated attack that they detected in the early spring.  They said that the attack used three different zero day (previously unknown) vulnerabilities.

This malware, that they labelled Duqu2, does not write to disk, so anti-malware software that scans the disk cannot detect it.

The earlier version of Duqu used a bug in Microsoft Word.  This version uses a bug in the Microsoft Installer.

Gene said that while the attackers did get some material off their systems, they were detected early and they are confident that they removed the malware and that their customers are safe.

Fast forward to yesterday.  In the report, Kaspersky says that after they found this malware, they decided to do a little “spying” of their own to see where else this malware might be.

Given that their anti-malware software is loaded on tens of millions of computers, all they need to do is add a test for this particular malware and have the software tell them if it found it.

After scanning millions of computers, including thousands of hotels, they found it – on three luxury hotels in Europe.  What these hotels have in common is that each had hosted negotiations between Iran and the rest of the world over nuclear issues.

Hmmm.  Who might have an interest in that?  Russia?  United States?  Israel?  Kaspersky is not naming names – he doesn’t do that – but there are hints that he thinks it is Israel.  While Israel denies spying on the U.S. and other allies (except for those times where they got caught at it), they don’t deny that they spy on Iran.  However, they responded with a ‘no comment’ type of response when asked if this bug was theirs.  Assuming it was, there goes some valuable intel.

So what does Duqu2 do?  It is composed of 100 distinct modules that do different things.  One, for example, compresses video feeds – like you might get from a CCTV security camera.  Other modules targeted communications from phones to WiFi.  Another allowed them to eavesdrop on microphones in elevators, alarm systems and computers.

The FBI is reviewing Kaspersky’s report and said while they have not confirmed the report, it doesn’t surprise them that someone would attempt to attack those hotels.

U.S. officials said “We’re trying to keep as much security as we can, but nothing ever stays completely secret in this world we live in these days,”.   The British, German and French said ‘no comment’.

In today’s world, with as high stakes as these negotiations are, this is not much of a surprise.

Kaspersky says that the attack on them likely started when an employee in a satellite office in Asia clicked on an attachment and loaded the malware.  No doubt, they are running some anti-malware software 🙂 , so they detected the outbreak pretty quickly.

Pretty amazing stuff.

 

Facebooktwitterredditlinkedinmailby feather