Tag Archives: Russia

Security News for the Week Ending August 7, 2020

Microsoft Considering Buying TikTok

In light of President Trump’s threats to ban TikTok, Microsoft says that it is considering buying the company from its Chinese owners. That would be a win-win-win for Microsoft. They would add another social media platform to their inventory. The can probably buy it at fire sale prices and they would be doing something nice for the Republican administration. Credit: NY Times

Republicans Say TikTok is a National Security Risk

The current Republican administration says that TikTok is a national security risk and it may well be, but not for any of the reasons that they are talking about. Secretary of State Pompeo says that the TikTok and other Chinese owned software might be feeding the Chinese your address, your facial image, phone number or friends. First of all, they likely have all of that already. Second, they can get all that information from Twitter or Facebook, so what is special about TikTok and third, they can buy or steal all of that and a whole lot more from any one of a thousand data brokers and it is all legal.

Why is this only a China problem and not, say, a Russia problem? One reason is that we don’t tend to use Russian software. But in the bigger picture, if the Republicans don’t think that Russia, North Korea, Iran, as well as friendly countries like France, Israel and Germany, among many others, they are wrong. After all, we are doing this, both to our citizens and theirs.

The bigger problem is that the TikTok software, along with a lot of other software running on your computers (PC or Mac) and phones (iPhone and Android) is horribly unsecure and is leaking WAY MORE data than just that. And that assumes that the software does not have malicious intent. *THAT* is a national security risk that the Republicans don’t want to talk about because it cost American businesses money to fix that problem. What if a malicious update to a piece of software vacuumed whatever data it could off your phone – contacts, texts, photos. It is probably more realistic than you think. Credit: Fox News

Papers Leaked Before UK Election Linked to Russia

Classified US-UK trade documents that were leaked before the recent UK election in an attempt to manipulate the elections are now being linked to Russia. They were stolen from former British trade minister Liam Fox. The Brits say that they have a “very robust” system to protect classified documents and are investigating how the Russians access Fox’s email multiple times between July and October of last year in spite of this so-called robust system. This is a classic technique that all intelligence services try to use – steal documents. Cherry pick which ones to leak. Use social media to generate outrage. Rinse and repeat. Score one for Russia. Credit: US News

Shocking News: Voting Machine Security Improves When you Work With Researchers

Voting machine maker ES&S has a horrible reputation when it comes to security. Organizers at Defcon bought used ES&S (and other) voting hardware and let people hack it. I don’t think any piece of their hardware lasted 5 minutes. What was ES&S’s response? They threatened to sue. Recently, they have begun to change that strategy. They are now going to offer a bug bounty program managed by an independent third party and are actually listening to the researchers. Did the gov threaten to blackball their machines? Who knows? Whatever they did, it is good for voting security. Credit: The Register

Minneapolis City Web Sites Hit by Denial of Service Attacks

Last Thursday, early in the morning, a number of City of Minneapolis web sites were disabled by denial of service attacks. The attacks are short lived and the city was able to restore most of the services within a few hours. It is certainly possible that we will see more cyberattacks as a way to continue civil disobedience. Credit: The Hill

GA Gov. Kemp’s (R) Claims that Dems Hacked his SoS Web Site In 2018 Are False

Two days before the 2018 election, then GA Secretary of State Kemp opened an investigation into what he said was a failed hacking attempt of voter registration systems by the Democratic Party.

Newly released case files from the GBI says that there was no such hacking attempt. The report says that Kemp got confused by an authorized and planned security test by HOMELAND SECURITY with a hack. Kemp’s CIO approved the scan by DHS.

The GBI did say that there were significant security holes in the web site at the time, even though Kemp said that patches to the web site two days before the election were standard practice. No one in their right mind would make changes to critical election systems two days before the election unless it was an emergency. Credit: Atlanta Journal Constitution

Chinese and Iranians Hacking Biden and Trump

Google’s Threat Analysis Group (TAG) warned the campaigns that the were seeing the Chinese targeting Biden and the Iranians targeting Trump. Currently, there is no sign of compromise, but we still have months to go before the election. Not only is there lots of information to steal, but they have the possibility of impacting the election or causing a loss of trust by voters in the process. Credit: SC Magazine

FBI Says Big Business Email Compromise Attacks on the Upswing

The FBI has reports of multiple fraudulent invoice BEC attacks in April and May. In on case hackers used a trusted vendor relationship and a transportation company to steal $1.5 Million. They are reporting multiple incidents in different industries, so caution is advised. Credit: FBI Liaison Information Reports 200605-007, security level GREEN.

Security News for the Week Ending April 10, 2020

Remember that Real-ID Deadline we Were Worried About

Since planes seem to be flying with less passengers than flight crew members these days – if they fly at all – the gov has decided to make some security changes.   In addition to the fact that they are allowing you to bring a 12 ounce bottle of hand sanitizer onto the flight, they are allowing people to fly with EXPIRED drivers licenses since DMV offices are closed in almost every state.  They can be expired up to the later of one year or 60 days past the end of the pandemic emergency.  The DMVs were saying that, given the number of licenses that they had to re-issue to comply with Real ID, the October 1, 2020 date was going to be impossible to meet – before the pandemic.  Now that date would require a miracle – assuming we even know when DMV offices will reopen.  Of course, since no one is flying right now, it is sort of a moot point for the moment.  Several House members wrote to DHS pointing that fact out, but as of today, other than saying that you can use an expired license, they haven’t said anything about Real ID.  I am reasonably confident that they will delay enforcement.  Again.  For the umpteenth time.  Source: CNN

Hacker Takes on Elastic Search Scorched Earth Policy

A hacker or hackers have decided to make a point that putting servers on the Internet with no password is not exactly a bright strategy.

To reinforce that point, the hacker is wandering around the Internet, finding unprotected servers and wiping all the data from.  As of earlier this week, that amounts to around 15,000 servers.  It is unknown whether these servers are active or abandoned or whether the owner has a backup, but hopefully the point will be made and people will start securing their servers.  Source: ZDNet

Russia one-ups China – Steals Internet Traffic for 200 Networks for an Hour

Russia does not want to feel unloved.  Therefore, it stole all of the Internet traffic for 200 or so content delivery networks such as Facebook, Google, Amazon and others for an hour.  After vacuuming in all that data, it spit it back out to the rightful destination, so other than the connection being slow, the users were unaware.  I am sure it was just an accident.  Of course, if Russia wanted to, it could have rerouted all that data and just thrown it in the trash.  The good news is that there is a new spec for BGP routing security and there are a few tests going on right now as some companies begin to implement it.  In ten years or so (if we are lucky), when it is fully implemented, these attacks won’t work.  Source: ZDNet

Microsoft Pays for Its Past Sins

A couple of weeks ago it was reported that the owner of the domain corp.com was putting the domain up for sale.  This was an issue because for years Microsoft used Corp.com as the example domain for setting up Active Directory and thousands of companies used that example for real.  This week Microsoft bought the domain which was for sale for $1.7 million.  Microsoft didn’t say how much they paid, but the really had no option because if a bad guy bought it, the passwords of tens of thousands of companies employees would be at risk.  Credit: Bleeping Computer

Security News For The Week Ending February 28, 2020

Russia Behind Cyberattacks on Country of Georgia Last Year

The State Department and the UK say that Russia was behind the attack on over ten thousand websites in the Country of Georgia last year.

They also formally attributed Sandworm (AKA Voodoo Bear, Telebots and BlackEnergy) to Russia’s GRU Unit 74455. Sandworm is the group responsible for the attacks against Ukraine’s power grid in 2015 and 2016 as well as NotPetya and other attacks. Not a nice bunch, but highly skilled. Andy Greenberg’s book, Sandworm, tells a scary story about these guys.

This is an interesting announcement from the State Department given the general position of the White House regarding Russian hacking. Here is the State Department’s press release.

Google to Restrict Android App Access to Location Tracking

Google is changing the Google Play Store policy for apps accessing your location when they are running in the background in response to user concerns.

The “user” is likely the folks running GDPR and the concern is the potential fine of 4% of Google’s revenue (AKA $6.4 billion).

They are reviewing all apps in the Play Store to see if the really need background access to your location or whether the user experience is just fine without them collecting and selling your location.

New apps will have to comply with this new policy by August 3 and existing apps will have until November 3 to comply.

In Android 11 you will be able to give an app ONE TIME permission to access your location data. When the app moves to the background, it will lose permission and will have to re-request it if it wants your location again.

This is actually pretty cool, but GDPR went into effect almost two years ago and they are just doing this now? Could it have something to do with a EU investigation of their use of location data? Probably just a coincidence. Source: PC Magazine

Accused CIA Vault 7 Leaker Goes To Trial

Accused CIA Vault 7 leaker Joshua Schulte’s trial for leaking top secret documents to Wikileaks started earlier this month. Schulte is accused of leaking top secret programs that the CIA used to hack opponents, causing serious embarrassment for their horrible security, allowing those tools to get into the hands of hackers and allowing our enemies to know how we hack them. It also cost the CIA a ton of money because they had to create a whole bunch of new programs that exploited different bugs that that had not disclosed to vendors to fix. Apparently Joshua is a bit of a challenge to work with and manage. Not only was he “a pain in the ass” but he also was into kiddie porn. He will be tried on those charges separately. Schulte’s lawyers say the government failed to turn over evidence that there might have been another leaker and wants the court to declare a mistrial. WOW! Read the details here.

Microsoft Trying to Do Away With Windows “Local” Accounts

For those of you who have been long time Windows users, you know that you had a userid to log on to the computer and then, possibly, if you want, another userid and password to logon to cloud services.

Like Google, Microsoft wants as much information about you as it can possibly collect. They also want you to use all of Microsoft’s online services, all of which are tied to your Microsoft login and not your local Windows login.

Microsoft’s answer? Make it very difficult for a user to logon to his or her computer with a local login. In fact, as of the most recent update to Windows 10, the only way to create a local, non-Microsoft, login is to disconnect your computer from the Internet when you first install it.

After all, they know that you DO want them to snoop on everything that you do. Source: Bleeping Computer

Security News for the Week Ending December 27, 2019

Russia Claims to Have Successfully Disconnected from the Internet

Russia has been planning to install an Internet kill switch for a couple of years now.  Of course, we have no clue what that means.  Likely, it means that they have their own DNS servers so that they do not have to resolve web site addresses using servers controlled by the US and EU.  But that means any web sites that are outside of Russia will not work if they do this.

More likely, this process, which forces all traffic through government controlled gateways, is designed to surveil its citizens even more than it already does.  Details at ZDNet.

Pentagon Tells Military Not To Use “At Home” DNA Tests

I am not sure that Ancestry.com or 23AndMe are terribly happy about the message, but the Pentagon put out a memo this week telling members of the armed services not to take at home DNA tests unless otherwise notified.

The cover story is that the tests might be unreliable and not reviewed by the FDA.  The next story is that negative results might require members of the armed forces to disclose things that could end their military careers.

The real story is they are worried about state actors getting their hands on the DNA of our service men and women for nefarious purposes.

It looks like the military is actually starting to understand risks of the 21st century.  Good work.  Note this is not voluntary or optional. Source: MSN

Telemarketing Firm Lays off 300 Before Christmas Due to Ransomware

A Sherwood, Arkansas telemarketing firm laid off 300 people just before Christmas after a ransomware attack shut down their systems.  The attack happened about two months ago and even though they paid the ransom, they have not yet been able to restore the systems.  Apparently, at this point, they have run out of money. The company finally put out a memo explaining what was happening and told employees to call on January 2nd to see if they were going to get their jobs back.  Merry Christmas.  Source: KATV

British Pharmacy Fined $350K for Failing to Protect Medical Records

It is not just the big companies that are getting fined.  In this case a British pharmacy was fined $350,000 for leaving a half million records unprotected and exposed to the elements.  In addition, the pharmacy was issued an order to fix its security practices in 90 days or face more fines.  We are seeing less willingness by courts and regulators on both sides of the Atlantic to deal with companies missteps when it comes to security and privacy.   Source The Register.

Georgia Supreme Court Says Victims of Medical Clinic Hack Can Sue

Moving to this side of the Atlantic, the Georgia Supreme Court says that victims of an Atlanta area medical clinic that was hacked can sue the clinic for negligence.  As I said, courts are becoming much less understanding as to why companies are not effectively protecting the data entrusted to them.  This decision reverses the Court of Appeals decision and is only binding in Georgia, but courts in other states may use this as a precedent in their decision process.  Source: Atlanta Journal Constitution

In Case You Thought Russia Was Done Meddling With Elections …

Politics is a pretty interesting game.

In the United States, almost everyone, except the President, thinks that Russia interfered with the 2016 US Presidential elections.

In the UK, there is a report – that the current Prime Minister Boris Johnson has refused to release – on Russian interference in British politics, with some accusing Johnson of a coverup.

Likely in both cases, there are additional agendas.

There is a British election this week after Johnson was unable to get Parliament to agree to his plan for leaving the EU (sound familiar?  The last British PM lost her job for the same reason).  And since politics is a full contact sport everywhere, Johnson’s competitor for the job, Jeremy Corbyn, released some documents that say that Johnson would offer to sell Britain’s National Health Service (NHS) to United States corporations in a trade deal with President Trump.  In Britain, the NHS is considered a national treasure and offering to privatize it to a foreign company is not considered a route to getting yourself elected.  Corbyn “declined” to say where he got the documents and the British government says that they think the documents are real.

One of the places these documents were posted was the social media site Reddit.

Reddit said this past week that the document leak was part of a Russian influence operation known as Secondary Infektion.  It is likely that Secondary Infektion is part of the Russian hacking group Sandworm (if you are interested in this kind of intrigue, I highly recommend the book Sandworm), which is part of Russia’s military Intelligence known as GRU.  As a result of their investigation, Reddit has banned 61 accounts.  Of course, there is nothing to stop the Russians from creating new accounts.

The combination of Johnson’s refusal to release the report on past Russian hacking of British elections and the posting of and Corbyn’s use of these new documents indicates that Russian interference in worldwide politics has not stopped or slowed down.

It also means that, short of a miracle, Russia will likely interfere with the US elections next year.  Using cyber theft (DNC emails, Clinton Emails, Boris Johnson documents) is far easier than hacking into a whole bunch of election machines and changing votes, so that is likely the route the Russians will take next year.

Whether Russia’s release of the Boris Johnson documents will affect this week’s British Prime Minister’s election is unknown and even if Johnson loses, he can blame many factors other than Russia for his loss.

Still, is shows that politics remains a full contact sport – a reality that is not likely to change anytime soon.

Information for this post came from the Guardian.