Tag Archives: Russia

In Case You Thought Russia Was Done Meddling With Elections …

Politics is a pretty interesting game.

In the United States, almost everyone, except the President, thinks that Russia interfered with the 2016 US Presidential elections.

In the UK, there is a report – that the current Prime Minister Boris Johnson has refused to release – on Russian interference in British politics, with some accusing Johnson of a coverup.

Likely in both cases, there are additional agendas.

There is a British election this week after Johnson was unable to get Parliament to agree to his plan for leaving the EU (sound familiar?  The last British PM lost her job for the same reason).  And since politics is a full contact sport everywhere, Johnson’s competitor for the job, Jeremy Corbyn, released some documents that say that Johnson would offer to sell Britain’s National Health Service (NHS) to United States corporations in a trade deal with President Trump.  In Britain, the NHS is considered a national treasure and offering to privatize it to a foreign company is not considered a route to getting yourself elected.  Corbyn “declined” to say where he got the documents and the British government says that they think the documents are real.

One of the places these documents were posted was the social media site Reddit.

Reddit said this past week that the document leak was part of a Russian influence operation known as Secondary Infektion.  It is likely that Secondary Infektion is part of the Russian hacking group Sandworm (if you are interested in this kind of intrigue, I highly recommend the book Sandworm), which is part of Russia’s military Intelligence known as GRU.  As a result of their investigation, Reddit has banned 61 accounts.  Of course, there is nothing to stop the Russians from creating new accounts.

The combination of Johnson’s refusal to release the report on past Russian hacking of British elections and the posting of and Corbyn’s use of these new documents indicates that Russian interference in worldwide politics has not stopped or slowed down.

It also means that, short of a miracle, Russia will likely interfere with the US elections next year.  Using cyber theft (DNC emails, Clinton Emails, Boris Johnson documents) is far easier than hacking into a whole bunch of election machines and changing votes, so that is likely the route the Russians will take next year.

Whether Russia’s release of the Boris Johnson documents will affect this week’s British Prime Minister’s election is unknown and even if Johnson loses, he can blame many factors other than Russia for his loss.

Still, is shows that politics remains a full contact sport – a reality that is not likely to change anytime soon.

Information for this post came from the Guardian.

 

Facebooktwitterredditlinkedinmailby feather

Security News for the Week Ending November 22, 2019

Huawei Ban – Is It A National Security Issue or Bargaining Chip?

Back in May, President Trump issued a ban on US companies buying from or selling to Huawei (see here).  Since then, the government has issued an extension to the ban 90 days at a time and the government just issued another extension.  They are doing this at the same time that they are trying to get US allies to not use Huawei products in the rollout of those country’s 5G networks.   This tells China that we are not serious about this and don’t really think Huawei is a security risk – whether it is or not.

There are two problems with the ban.  The first is that US telecom carriers currently use lots of Huawei gear and it will cost billions to replace it.   Second, US companies and likely Republican donors make billions selling parts to Huawei, so the administration is reluctant to stop that flow of money into the country.

Congress is considering a bill to fund $1 billion over TEN YEARS as a down payment on removing Huawei gear from US networks.  If the US actually implements the Huawei ban, then those companies will no longer get software patches, The Chinese might even announce the holes so hackers can attack US networks.  In addition,  if the equipment breaks, carriers won’t be able to get  it fixed.   Life is never simple.

Carriers that have to spend money replacing Huawei will have to delay their 5G rollouts, turning the US into even more of a third-world cellular network than we already are.   Source: ITPro

Phineas Fisher Offers $100,000 Bounty to Hack Banks and Oil Companies

The hacker or hacker group Phineas Fisher has offered up a bounty of $100,000 for other hackers who break into “capitalist institutions” and leak the data.  The group said that hacking into corporations and leaking documents in the “public interest” is the best way for hackers to use their skills for social good.  That is not a great message for businesses who are trying to defend themselves.

Phineas Fisher has a long track record of breaking into companies and publishing embarrassing data, so this is not just an idle threat.  Source: Vice

Russian Hacker Extradited to the United States May Be High Value Asset

We see from time to time that hackers are not too bright or act in not so bright ways.  In this case, a Russian hacker, wanted by the US was arrested when he entered Israel in 2015.  The US says that he ran the underground credit card mart CARDPLANET which sold over a hundred thousand stolen cards.  Why a Russian hacker would think that visiting Israel would be safe seems like he thought, maybe, no one knew who he was or that he is not very smart.

After Israel arrested him at the request of the US, the Russians tried to bargain him back to Russia under the guise of trying him there.  When the Israelis told them thanks, but we will handle this ourselves, Russia convicted a young Israeli woman on trumped up drug charges and she is serving a 7 year sentence in Russia.  Even that did not sway Israel to return him.  In the mean time, the Israelis have turned him over to us and he waiting trial here.

Some people say that Russia wants him back because he has first hand knowledge of Russian interference in the 2016 US elections, but the White House doesn’t even admit that Russia hacked the elections, so I am guessing they are not going to press on that issue, but who knows  – stay tuned.  Source: Brian Krebs

When It Affects the Boss, Well, Just Fix It

A few weeks ago Jack Dorsey, Twitter’s CEO, had his Twitter account hacked.

Up until yesterday, you had to provide Twitter with a phone number for two factor authentication and they would send you a text  message.  You could change the method later, but you had to initially give them a phone number.  HIS account was hit by a SIMJacking account (so apparently he did not change his authentication method).

As of November 21, you can now set up a Twitter account WITHOUT SMS as the second factor.  I strongly recommend that you change your Twitter 2FA method.  Source: Tech Crunch

Apple Tells Congress That You’ll Hurt Yourself if You Try to Fix Your iPhone

Congress pressed Apple on why you or a repair center (that doesn’t pay Apple a licensing fee) should not be allowed to repair your iPhone because, they say, doing such repairs could be dangerous.

They also said it costs them more money to repair iPhones at Apple stores than they charge, which is probably the best reason ever to let other people repair them.  Of course, that is not the way Apple sees it.  They said that you might leave a screw out or something.  Of course, if they provided manuals, that wouldn’t be a problem.

Apple would like you and Congress to believe that their repair monopoly is good for you as a consumer.  Apple also said that they don’t stop consumers from getting repairs from a shop of their choice, even though they modified the iPhone software to disable the phone’s touchscreen if they do get their phone repaired outside the Apple ecosystem.  Read more details here.

 

Facebooktwitterredditlinkedinmailby feather

Security News for the Week Ending October 25, 2019

Database Leaked 179 GB of Personal Data of military personnel, officials and hotel customers.

I wish this was a new story.  Autoclerk, a Best Western service that manages reservations, revenue, loyalty programs, payment processing and other functions for the hotel chain. left an elastic search database exposed.

Hundreds of thousands of guest reservations were exposed including names, home addresses, dates of birth, travel dates and other information.

The reason why government and military personnel are affected is that a government contractor that deals in travel reservations was sucked into the breach.  Source: SDNet.

 

San Bernadino Schools Hit By Ransomware

A message on the school district’s web site says not to worry, all of your data is secure.   (it’s just that it has all been encrypted by a hacker).    Phones are working but email is not working.   Schools in Flagstaff closed last month for several days while officials got things under control after a ransomware attack there.  Source: ABC

 

Russia Using “False Flags” to Confuse Security Experts

Researchers are still dissecting the attack on the 2018 Olympics in South Korea.  Russia inserted false signals and other misdirections in order to may people think that the attack came from China or North Korea.  This does point out that if you are willing to spend millions of dollars, you likely can figure out quite about a cyber attacker.  The story is so complex that one of the researchers wrote a book, Sandworm, which will be available on Amazon on November 5, 2019.  Source: WaPo

 

Amazon’s Web Services DDoSed for 10 Hours This Week

For about 10 hours earlier this week parts of Amazon were effectively offline.  Amazon’s DNS servers were being hammered by a DDoS attack.  This meant that Amazon backend services such as S3 may have failed for websites and apps that attempted to talk to those services.  The outage started around 0900 east coast time so it impacted users throughout the work day on Tuesday October 22, 2019.   For developers and businesses this is just one more reminder that nothing is bullet proof if the bullet is large enough.  Even though Amazon has an amazing about of bandwidth and infrastructure, it can get taken down.

Other services that were affected included RDS (database), Simple Queue Service, Cloudfront, Elastic Compute Cloud, and Elastic Load Balancing.  Amazon did offer some ways to mitigate the damage if it happens again – see the link below.  As a business you need to decide how much cost and effort you are willing to expend to mitigate rare occurrences like this.  Source: The Register.

 

Comcast is Lobbying Against Browsers Encrypting DNS Requests

Here is a big surprise.  As the browser vendors (Chrome and Firefox) add the ability to support encrypting your DNS requests to stop people from spying on you, one of the biggest spies, Comcast, is lobbying against this.  They say that since Google would be able to see the data, that puts too much power in Google’s hands.  Ignore for the moment that Firefox is not using Google as a DNS provider and also ignoring that Google is offering  users at least 4 different encrypted DNS providers.  Lets also consider that encrypted DNS is not even turned on by default.  The much bigger issue is that Comcast will not be able to see your DNS requests and therefore will not be able to sell your web site visit data.  But of course, we would not expect them to be honest about why.  Source: Motherboard.

Facebooktwitterredditlinkedinmailby feather

Security news for the Week Ending September 20, 2019

A New Trend?  Insurers Offering Consumers Ransomware Coverage

In what may be a new trend, Mercury Insurance is now offering individuals $50,000 of ransomware insurance in case your cat videos get encrypted.  The good news is that the insurance may help you get your data back in case of an attack.  The bad news is that  it will likely encourage hackers to go back to hacking consumers.  Source: The Register.

Security or Convenience Even Applies to Espionage

A story is coming out now that as far back as 2010  the Russians were trying to compromise US law enforcement (AKA the FBI) by spying on the spies.

The FBI was tracking what Russian agents were doing but because the FBI opted for small, light but not very secure communications gear, the Russians were able crack the encryption and listed in to us listening in to them.  We did finally expel some Russian spy/diplomats during Obama’s presidency, but not before they did damage.  Source: Yahoo

And Continuing the Spy Game – China Vs. Australia

Continuing the story of the spy game,  Australia is now blaming China for hacking their Parliament and their three largest political parties just before the elections earlier this year (sound familiar?  Replace China with Russia and Australia with United States).

Australia wants to keep the results of the investigation secret because it is more important to them not to offend a trade partner than to have honest elections (sound familiar?).  Source: ITNews .

The US Government is Suing Edward Snowden

If you think it is because he released all those secret documents, you’d be wrong.

It is because he published a book and part of the agreement that you sign if you go to work for the NSA or CIA is an agreement that you can’t publish a book without first letting them redact whatever they might want to hide.  He didn’t do that.

Note that they are not suing to stop the publication of the book – first because that has interesting First Amendment issues that the government might lose and they certainly do not want to set that precedent and secondly, because he could self publish on the net in a country – like say Russia – that would likely flip off the US if we told Putin to shut him down.  No, they just want any money he would get. Source: The Hacker News.

 

HP Printers Phone Home – Oh My!

An IT guy who was setting up an HP printer for a family member actually read all those agreements that everyone clicks on and here is what they said.

by agreeing to HP’s “automatic data collection” settings, you allow the company to acquire:

… product usage data such as pages printed, print mode, media used, ink or toner brand, file type printed (.pdf, .jpg, etc.), application used for printing (Word, Excel, Adobe Photoshop, etc.), file size, time stamp, and usage and status of other printer supplies…

… information about your computer, printer and/or device such as operating system, firmware, amount of memory, region, language, time zone, model number, first start date, age of device, device manufacture date, browser version, device manufacturer, connection port, warranty status, unique device identifiers, advertising identifiers and additional technical information that varies by product…

That seems like a lot of information that I don’t particularly want to share with a third party that is going to do who knows what with it.  Source: The Register.

Private Database of 9 Billion License Plate Events Available at a Click

Repo men – err, people – are always looking for cars that they need to repo.  So the created a tool.  Once they had that, they figured they might as well make some money off it.

As they tool around town, they record all the license plates that they can and upload the plate, photo, date, time and location to a database that currently has 9 billion records.

Then they sell that data to anyone who’s check will clear.  Want to know where your spouse is?  That will cost $20.  Want to get an alert any time they see the plate?  That costs $70.  Source: Vice.

Election Commission Says That It Won’t Decertify Voting Machines Running Windows 7

Come January 2020, for voting machines running Windows 7 (which is a whole lot of them) will no longer get security patches unless the city or county pays extra ($50 per computer in the first year and then $100 per computer in the second year) for each old computer.  Likely this means a whole lot of voting machines won’t get any more patches next year.

The nice folks in Washington would not certify a voting machine running an operating system that is not supported, but they won’t decertify one.  That, they say, would be inconvenient for manufacturers and cities.   I guess it is not so inconvenient for foreign nations to corrupt our elections.  Source: Cyberscoop

Facebooktwitterredditlinkedinmailby feather

Security News for the Week Ending August 2, 2019

Capital One Breached – 100+ Million Applicants Compromised

Among the data compromised are 140,000 US social security numbers and 80,000 bank account numbers.  Also in the mix were one million Canadian social security numbers plus names, addresses, phone numbers, birth dates and incomes.

The data included applicants who applied between 2005 and 2019.  Yes, 15 years worth of applicant data, floating around in the cloud.  I ask WHY?

The hackers were inside between March and July and the breach was discovered in July.  In this case, a U.S. person was identified as the source of the hack and arrested.  She is still in jail.

The feds say a configuration error allowed her to access their data which was stored in the cloud.  See more information at The Register.

 

Florida Senator Admits He Hasn’t Read the Report on Russian Hacking of Florida’s Election Systems

After the Republican controlled Senate Intelligence Committee released the first volume of it’s report of Russian hacking of the 2016 Presidential elections, Florida Senator and at the time Florida Governor Rick Scott said on national TV that he has not read the report.  The report, which is heavily redacted, talks about Russian efforts to hack “State-2” which is widely believed to be Florida.

The report is only 67 pages;  much less if you read the redacted version, but Scott has only gotten the Cliff-Notes version from his staff.  At the time, Scott was adamant that his state was not hacked.  Florida’s other Senator, Marco Rubio, has been working hard to sound the alarm bells on the report.  Perhaps the report hit a little to close to Scott’s denials for comfort.  Source: The Tampa Bay Times.

 

Honda Exposes the Family Jewels

134 million rows of sensitive data was accidentally exposed.  Wait.  Guess.  On an unprotected elastic search database.

Information on the company’s security systems, network, technical data on workstations, IP addresses, operating systems and patches were all exposed.  Basically, these are directions for even an inexperienced hackers to attack Honda.

Honda  is being pretty quiet about this, but it is one more more case of corporate governance gone wrong.  Or missing.  Source: Silicon Republic.

 

Apple Suspends Program Of Listening to Siri Recordings

After it was reported last week that Apple had contractors listening to people’s Siri recordings, including sensitive  protected health information,  Apple announced it was suspending the program and will conduct an investigation.  Apple said they will provide an option for people to participate in the program or not, in a future software release.  Source: The Guardian.

 

On Eve of Amazon Getting Awarded $10 Billion DoD Contract, Capital One Happens

Amazon and Microsoft are locked in mortal combat over a $10 billion DoD cloud contract called Jedi.  Now the Capital One breach happens exposing information on 100 million customers and it turns out the person who is accused of doing it is a former Amazon tech employee who may have hacked other Amazon customers as well.

So Congress wants some answers – and probably so does Microsoft.  $10 billion could be hanging in the balance.

This is a message for cloud customers to ask some hard questions of their cloud vendors, even though this particular attack was helped by a configuration error. Source: Bloomberg.

Facebooktwitterredditlinkedinmailby feather

Security News bites for the Week Ending March 8, 2019

Commerce Department Wants Companies to Publish Ingredients of their Software

The Commerce Department is trolling around the RSA conference trying to get companies to publish the ingredients in their software – the so called bill of materials that I have written about before – so that users can understand what libraries are being loaded.  The objective is to avoid another Equifax style breach because people don’t know that this particular software package uses a vulnerable version of, say, Struts.  Then people have to figure out how to use it.  Big project, but a useful one.  Source: The Cybersecurity 202.

Massachusetts High Court Orders Man to Unlock Phone

Various courts have come down with different decisions regarding whether a person can be compelled to unlock his or her computing device after a warrant is issued.  In general, it has been held that you can be forced to look at your phone (face ID) or put your finger on your phone (fingerprint reader), but not to enter a password (compelled testimony).  But not all courts agree.

The Massachusetts Supreme Justice Court announced (seriously) “the end of privacy in the digital age” when it compelled an accused pimp to unlock his phone.

Whether this particular case winds up in front of the US Supreme Court or not, the issue will ultimately have to be decided there.  Source: Boston Herald.

Brits Say Brexit was a Russian Plot

As politicians scramble to spin reality regarding Russia’s inflluence peddling efforts, British foreign secretary Jeremy Hunt says that there is no evidence of successful Russian interference with UK polls in the face of lawsuits compelling the government to investigate if that happened.

He is likely right that the Ruskies did not try to literally break into the (digital) ballot box and change votes, but on the other hand, it is equally likely that they used their normal social media techniques to influence the outcome in a direction favorable to Russia.

Why Hunt thinks that England is in some kind of “no-influence” bubble is beyond me (other than to admit it would be politically damaging).  After all, governments around the globe (including the US) have been working hard to influence elections for decades.  Source: The Guardian.

Huawei Sues US Government Over Ban

The Chinese electronics giant Huawei sued the United States government on Wednesday, arguing that it had been unfairly and incorrectly banned as a security threat.

In what will likely be a years long court battle, China is demonstrating that it does not plan to roll over and play dead for Trump.  Source: The New York Times.

 

Its Y2K All Over Again

Its been a few years (like around 1977 or so), but I seem to recall that we discussed this at the time and it is in the spec, but who reads specs anyway.

The Global Positioning System tracks time in weeks since January 5, 1980.  It uses a 10 bit number (1024 weeks) because memory was expensive in 1977, so we knew it was going to roll over about every 20 years and our code (inside the receiver that was placed in a fighter jet) handled the rollover.

But, apparently, not every software developer is as forward looking as we were, so come April 6, 2019 (the next rollover day), some GPSes may become wonky.

In the case that the GPS is directing you to the nearest Starbucks, you might get lost.

If the GPS is controlling a weapon system or a piece of high precision nuclear medicine equipment…. well… people could wind up dead.

So at least a few people are doing the Y2K thing all over again.

I suspect that if you power off your GPS on the day before the rollover and then power it back on, everything will be fine (as I remember the code in the GPS, but that was a real long time ago).  That means you are on your own finding that Starbucks, but powering off that weapon system may not be an option.

It is very likely that the GPS firmware on your phone will be fine, I predict.  We shall see.  Source: Homeland Security.

Facebooktwitterredditlinkedinmailby feather