Tag Archives: Trump

Security News for the Week Ending June 19, 2020

Akamai Sees Largest DDoS Attack Ever

Cloudflare says that one of its customers was hit with a 1.44 terabit per second denial of service attack. A second attack topped 500 megabits per second. The used a variety of amplification techniques that required some custom coding on Akamai’s part to control, but the client was able to weather the attack. Credit: Dark Reading

Vulnerability in Trump Campaign App Revealed Secret Keys

Trump’s mobile campaign app exposed Twitter application keys, Google apps and maps keys and Branch.io keys. The vulnerability did not expose user accounts, it would have allowed an attacker to impersonate the app and cause significant campaign embarrassment. This could be due to sloppy coding practices or the lack of a secure development lifecycle. Credit: SC Magazine

FBI and Homeland Use Military-Style Drones to Surveil Protesters

Homeland Security has been using a variety of techniques, all likely completely legal, to keep track of what is going on during the recent protests.

Customs (part of DHS) has Predator drones, for example. Predator drones have been used in Iraq and other places. Some versions carry large weapons such as missiles. These DHS drones likely only carry high resolution spy cameras (that can, reportedly, read a license plate from 20,000 feet up) and cell phone interception equipment such as Stingrays and Crossbows. Different folks have different opinions as to whether using the same type of equipment that we use to hunt down terrorists is appropriate to use on U.S. soil, but that is a conversation for some other place. Credit: The Register

Hint: If You Plan to Commit Arson, Wear a Plain T-Shirt

A TV news chopper captured video of a masked protester setting a police car on fire. Two weeks later, they knocked on her door and arrested her for arson.

How? She was wearing a distinctive T-Shirt, sold on Etsy, which led investigators to her LinkedIn page and from there to her profile on Poshmark. While some are saying that is an invasion of privacy, I would say that the Feds are conducting open source intelligence (OSINT). The simple solution is to wear a plain T-Shirt. If you are committing a felony, don’t call attention to yourself. Credit: The Philly Inquirer

Ad-Tech Firm BlueKai has a bit of a Problem

BlueKai, owned by Oracle, had billions of records exposed on the Internet due to an unprotected database. This data is collected from an amazing array of sources from tracking beacons on web pages and emails to data that they buy from a variety of sources. Apparently the source of the breach is not Oracle it self but rather two companies Oracle does business with. They have not said whether those companies were customers, partners or suppliers and they haven’t publicly announced the breach. If there were California or EU residents in the mix, it could get expensive. The California AG has refused to say whether Oracle has told them, but this will not go away quietly or quickly. Credit: Tech Crunch

Minneapolis City Web Sites Hit by Denial of Service Attacks

Last Thursday, early in the morning, a number of City of Minneapolis web sites were disabled by denial of service attacks. The attacks are short lived and the city was able to restore most of the services within a few hours. It is certainly possible that we will see more cyberattacks as a way to continue civil disobedience. Credit: The Hill

GA Gov. Kemp’s (R) Claims that Dems Hacked his SoS Web Site In 2018 Are False

Two days before the 2018 election, then GA Secretary of State Kemp opened an investigation into what he said was a failed hacking attempt of voter registration systems by the Democratic Party.

Newly released case files from the GBI says that there was no such hacking attempt. The report says that Kemp got confused by an authorized and planned security test by HOMELAND SECURITY with a hack. Kemp’s CIO approved the scan by DHS.

The GBI did say that there were significant security holes in the web site at the time, even though Kemp said that patches to the web site two days before the election were standard practice. No one in their right mind would make changes to critical election systems two days before the election unless it was an emergency. Credit: Atlanta Journal Constitution

Chinese and Iranians Hacking Biden and Trump

Google’s Threat Analysis Group (TAG) warned the campaigns that the were seeing the Chinese targeting Biden and the Iranians targeting Trump. Currently, there is no sign of compromise, but we still have months to go before the election. Not only is there lots of information to steal, but they have the possibility of impacting the election or causing a loss of trust by voters in the process. Credit: SC Magazine

FBI Says Big Business Email Compromise Attacks on the Upswing

The FBI has reports of multiple fraudulent invoice BEC attacks in April and May. In on case hackers used a trusted vendor relationship and a transportation company to steal $1.5 Million. They are reporting multiple incidents in different industries, so caution is advised. Credit: FBI Liaison Information Reports 200605-007, security level GREEN.

Security news for the Week Ending May 24, 2019

SalesForce Gives Users Access To All of Your Company’s Data

In what can only be called an Oops, SalesForce deployed a script last Friday that gave users of certain parts of SalesForce access to all of the data that a company had on the system.  The good news is that it didn’t show you anyone else’s data,  but it did give users both read and write access to all of their company’s data.

In order to fix it, Salesforce took down large parts of its environment, causing some companies that depend on SalesForce to shut their company down and send employees home.

This brings up the issue of disaster recovery and business continuity.  Just because it is in the cloud does not mean that you won’t have a disaster.  It is not clear if replicating your SalesForce app to another data center would have kept these companies working.  Source: ZDNet.

Google Tracks Your Online Purchases Through GMail

While this is probably not going to show up as a surprise, Google scans your emails to find receipts from online purchases and stores them in your Google purchase history at https://myaccount.google.com/purchases .  This is true whether you use Google Pay or not.  One user reported that Google tracked their Dominos Pizza and 1-800-Flowers purchases, as well as Amazon, among other stores.

You can delete this history if have masochistic tendencies, but I doubt anyone is going to do that because it requires you to delete the underlying email that caused it to populate the purchase, one by one.  There is also no way to turn this “Feature” off.

It appears that it keeps this data forever.

Google said they are not using this data to serve ads, but they did not respond to the question about if they use it for other purposes.  Source: Bleeping Computer.

President Trump Building An Email List to Bypass Social Media

Welcome to the world of big data.  The Prez has created a survey for people to submit information about how they have been wronged by social media.  And get you subscribed to his email list.  Nothing illegal.  Nothing nefarious.  Just a big data grab.

If you read the user agreement, it says you “grant the U.S. Government a license to use, edit, display, publish, broadcast, transmit, post, or otherwise distribute all or part of the Content.  (NOTE: That “content” includes your email address and phone number).  The license you grant is irrevocable and valid in perpetuity, throughout the world, and in all forms of media.” 

This seems to be hosted on the Whitehouse.Gov servers.  It is not clear who will have access to this data or for what purpose.  Source: Vice.

Colorado Governor Declares Statewide Emergency After Ransomware Attack

Last year the Colorado Department of Transportation suffered a ransomware attack.  Initially the state thought it was getting a handle on the attack, but ten days later it came back.

It was the first time any state had issued a Statewide Emergency for a cyberattack.  Ever!  Anywhere!

It had the affect that the state was able to mobilize the National Guard, call in resources from other departments, activate the state Department of Homeland Security and Emergency Management and get help from the FBI and the US Department of Homeland Security.  It also allowed them to call for “Mutual Aid”, the process where neighboring jurisdictions  – in this case neighboring states – provided assistance.

It worked and since then, other states have begun to do this.

When you have a disaster, even a cyber disaster, you need a lot of resources and an emergency declaration is one way to do it. Source: StateScoop.

 

Latest Breach – 885 Million Records

First American Financial, one of the largest title insurance companies, exposed 885 million records going back to 2003 due to a software design flaw.  The records include all kinds of sensitive records that are associated with real estate closings.  Source:  Krebs on Security.

Trump Organization Hacked 4 Years Ago (And Didn’t Know It)

Reports are coming out that the Trump organization suffered a hack, Bigly, as the President would say, around four years ago and, we assume, did not know about it until a week ago.  The only alternative explanation is that they did know about and chose to let the hacker stay inside their network for four years.  Either explanation is problematic.

What happened?  The heart of any Internet based corporate world is DNS or the Domain Name System.   DNS is where you define every web site in the organization and all of the parameters of those sites.  If a hacker controls your DNS he or she can shut down access to your web servers or point them to a different place (such as to porn sites as we have seen in the past).

Apparently, based on reports shown to the media, hackers took over the Trump organization’s DNS and added hundreds of sub-domains under a variety of Trump domains.

These roughly 250 sub-domains were all hosted in Russia.  The Mother Jones article below provides a link to a list of those domains.

These domains were pointing to one of 17 IP addresses owned by the Petersburg Internet Network, known for hosting a lot of cyber criminals.

Two weeks ago a researcher came to Mother Jones with this information;  The anti virus firm Kaspersky (who has been in the news lately) said that many of those sub-domains were, in fact, serving up malware.  Last week a researcher tweeted about it.

Trump said that the domains were not CURRENTLY serving up malware (which appears to be true) and they have no association with those sub domains.  If that is true, then the only reasonable explanation is that they were hacked and didn’t know it.

I am sure there will be more about this in the news.

Information for this post came from Mother Jones.

Trump Senior Staff Using Same Hackable Private Email as Hillary

I generally stay away from politics in this blog, but this item is an interesting intersection of security and politics. And, it is pretty unique.  Most non-public sector businesses don’t have to worry about this.  While they may or may not let employees use their business email for personal reasons, there are no laws or regulations governing that.  Which makes this situation unique.  And very interesting. Sooooo…..

Politicians are an interesting breed.

After Trump spent months on the campaign trail saying that Hillary Clinton was a criminal for using a private email server, that she risked state secrets and that she should be locked up, Newsweek is reporting that Kellyanne Conway, Jared Kushner, Sean Spicer and Steve Bannon have active email accounts on the private RNC email server.

This is the same email system that George W. Bush used and on which he misplaced 22 million emails.  You may remember that Trump also complained about some 30,000 emails on Hillary’s private email server that were deleted.

Politicians can talk out of one side of their mouth to complain about what an opponent does and then do it themselves.

Now that it has come to light, the staffers are no  longer using those accounts.

But, just like Trump complained about Hillary, we have no idea what the senior Trump staff may have used that server for.

We do believe that Bush used that very same server to evade transparency rules.

We have not yet heard from the White House that while they may no longer be using the RNC email server that they are not using any other private email servers.

This is the same kind of servers that Trump complained about on the campaign trail were not secure.  And, at least until yesterday, they, themselves, were using.

Of course we have no idea what they used those email accounts for – or didn’t.  The law does NOT prohibit them from using private email accounts for non-government business.  It does require them to forward any government business email that is received on a private account to the government within 20 days.

A former Obama White House official said that they were trained on the issue of using private emails from day 1 and a former Obama administration lawyer said that they did an enormous amount of training on compliance.

That being said, we likely will never know what is on these servers – those accounts were likely wiped within an inch of their life.

Part of the problem is that some White House staff work part time or in an unpaid capacity for the RNC.  As soon as that happens, mischief is almost certain to follow.

Since FBI Director Comey said that Hillary Clinton’s use of a personal email server was “extremely careless”, I assume he will come out as publicly and as vocally about the Trump team’s use of similar servers.

The RNC said that those email accounts were only used for email distribution lists.  Who knows.  That is certainly possible.  Or not.

Stay tuned.

We definitely live in interesting times.

Information for this post came from Newsweek.

Trump Hotels Hacked For Second Time In 12 Months

While The Trump Hotel Collection is “investigating” yet another breach at their luxury hotel chain, Brian Krebs is reporting that three different sources in the financial sector have told him that they have noticed “a pattern of fraud” that suggests that hackers have breached security at some, if not all, properties in the Trump hotel chain.

Just last July the Trump organization was dealing a cyber security breach. Possibly this is a new attack; possibly they did not clean out all the traces of the old attack.

I assume that they will make a statement once they are done investigating.

In the mean time, it is an embarrassment for the luxury hotel chain to be breached twice in less than a year.

After Krebs reported the earlier breach, Eric Trump, Donald Trump’s son and the executive in charge of the hotels issued a statement that “Like virtually every other company these days, we have been alerted to potential suspicious credit card activity and are in the midst of a thorough investigation to determine whether it involves any of our properties,”.  Basically, he said, to quote Tom Peters, We’re no worse than anyone else.  But we are no better either.

To add to the embarrassment, Donald Trump said, in an interview with the New York Times, that we’re so obsolete in cyber.  He did not offer any suggestions regarding how he would fix that.

If, in fact, his hotels have been hacked, again, his statement will turn out to be correct.  I think he was suggesting that this obsolescence is the government’s fault, but the security at his hotels would be his responsibility.

I am sure this will heat up;  the item only came out yesterday, so stay tuned.

Information for this post came from Krebs On Security.