now browsing by tag
Source: National Cyber Security – Produced By Gregory Evans A Home Office app intended for EU citizens to apply for UK residency lacks basic security, potentially exposing the passport and biometric information of over one million users, according to experts. Norwegian security firm Promon tested the EU Exit: ID Document Check application against common attack […] View full post on AmIHackerProof.com
The UK government is set to spend £1.8m developing anti-drone capabilities, as threats from the skies increase.
The Ministry of Defence’s Defence and Security Accelerator (DASA) this week announced funding for 18 projects, which will each receive around £100,000. Successful organizations included University College London, Thales UK, QinetiQ, Northumbria University and BAE Systems Applied Intelligence.
Projects include developing methods to detect 4G and 5G-controlled drones, AI sensors to automatically identify aerial vehicles and low-risk ways of stopping drones through electronic interception.
The first, proof-of-concept, phase will run until summer 2020 and will be followed by a second phase focused on maturing these projects into integrated solutions.
“The introduction of Unmanned Air Systems (UAS), often referred to as drones, has been one of the most significant technological advances of recent years and represents a shift in capability of potential adversaries,” explained competition technical lead, David Lugton.
“The threat from UAS has evolved rapidly and we are seeing the use of hostile improvised UAS threats in overseas theatres of operation. There is a similar problem in the UK with the malicious or accidental use of drones becoming a security challenge at events, affecting critical infrastructure and public establishments; including prisons and major UK airports.”
Drones famously forced hundreds of flights to be cancelled at London’s Gatwick Airport last Christmas, with tens of thousands of passengers stranded. In fact, the number of near-misses involving UAS in the UK soared by over a third from 2017 to 2018.
However, drones could also represent a growing threat not just to physical safety but also network security.
Just this week, defense contractor Booz Allen Hamilton warned that 2020 could see hackers use UAS as rogue access points — landing them in concealed places on corporate property while they harvest credentials, perform man-in-the-middle attacks against employees and carry out network reconnaissance.
#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
The post #infosec | UK Government Spends £2M on Anti-Drone Projects appeared first on National Cyber Security.
View full post on National Cyber Security
A ransomware attack last weekend struck the network of the Canadian territory Nunavut, severely impeding a bevy of government services that rely on access to systems and electronic files.
The attack took place on Saturday afternoon, encrypting files on government servers and workstations and crippling email and other internet-based communications. The only service to be unaffected is the Qulliq Energy Corporation, Nunavut’s only power utility.
With an estimated population that’s approaching 40,000, Nunavut is Canada’s northernmost territory, which split off from the Northwest Territories in 1999. Many of its inhabitants are Inuit.
“I want to assure Nunavummiut that we are working non-stop to resolve this issue,” said Nunavut Premier Joe Savikataaq in a government press release. “Essential services will not be impacted and the GN will continue to operate while we work through this issue. There will likely be some delays as we get back online, and I thank everyone for their patience and understanding.”
In an attempt to mitigate the incident, the territory is prioritizing the restoration of data to key services related to health, family services, education, justice and finance, the press release continues. Government officials expect that most files will ultimately be restored, thanks to their use of back-up files. While services continue to operate, some are running contingency procedures and conducting business manually, resulting in significant delays.
An FAQ page published on Nunavut’s official government website offered updates on the statuses of its departments.
For instance, Department of Health workers are currently relying on a paper-based system, while the territory’s MediTech health care software system remains inoperational. Health care facilities continue to operate, and patients scheduled for visits can keep their appointments, though they are asked to bring their health care cards and medications. Telehealth services, however are down and must be rescheduled.
Additionally, the Finance Department may be delayed in sending government employees and vendors their scheduled paychecks. Medical or duty travel payments and reimbursements are also impacted. Distribution of driver’s licenses and ID cards — a responsibility of the Department of Economic Development and Transportation (EDT) — is also impacted.
Networked phone services in the capital of Iqaluit are functional, but using direct dial only.
“Your network has been penetrated. All files on each host in the network have been encrypted with a strong algorithm,” the states the ransom note, which was obtained by the Canadian Broadcasting Corporation (CBC). The note instructs the victim to install the Tor browser and visit a link to a payment site. The attackers warn that the link expires in 21 days, at which point the decryption key will be deleted.
Brett Callow, company spokesperson at cybersecurity company Emsisoft, told SC Media in emailed comments that the ransomware note matches that of a ransomware called DoppelPaymer, which is often distributed via the Dridex banking trojan. Victims are often infected with Dridex when they open a phishing email attachment, he added.
In the Nov. 4 press release, Nunavut officials said they responded to the attack by “isolating the network, notifying cybersecurity experts and working with our internet software providers.”
“It is difficult to estimate recovery timelines at this early stage,” the release continues.
“Ransomware attacks can have a much larger impact than temporarily denying access to systems in exchange for payment. The demanded ransom amounts often pale in comparison to the collateral damage and downtime costs they cause,” said Justin Des Lauriers, technical project manager at Exabeam, in emailed comments. His colleague, Barry Shteiman, VP of research and innovation, added that “for cybersecurity teams to detect ransomware early enough in the ransomware lifecycle to stop it, they need to understand the business models used by ransomware network operators, the kill chain of a ransomware attack and how to detect and disrupt ransomware in corporate environments. Armed with this information, analysts should be able to react faster in the event their organization is hit with a ransomware infection.”
The post #cybersecurity | hacker | Ransomware attack delays government services in Nunavut, Canada appeared first on National Cyber Security.
View full post on National Cyber Security
General News of Tuesday, 22 October 2019
Government has said that it would incorporate cybersecurity education into the basic and senior secondary schools in Ghana as part of an agenda to build capacity of citizenry in tackling cybersecurity.
President Nana Addo Dankwa Akufo-Addo said this in a speech read on his behalf by Mr Ambrose Dery, the Minister of the Interior, at the opening of the National Cyber Security Awareness Month 2019.
The President said, including cybersecurity education in the curriculum of basic and senior secondary education would help in building the capacity of citizens from an early stage and take the efforts made during the awareness month a step further.
The National Cyber Security Awareness Month 2019 is being celebrated on the theme: “Demonstrating Ghana’s Cybersecurity Readiness” and spans from October 21 to 30 in Accra.
He said Ghana would continue to look up to other countries which had made great strides in cybersecurity to ensure regional and international collaboration in her journey towards achieving cybersecurity maturity, as part of the country’s digital strategy.
President Akufo-Addo said his government had undertaken a number of initiative that serve as testament to the fact that Ghana had made notable progress and development in the area of cybersecurity and that “We do not plan to rest in a state of complacency, but rather vow to do more”.
He said the Country had ratified the African Union Convention on Cyber Security and Personal Data Protection also known as the “Malabo Convention”, and the Council of Europe’s Convention on Cybercrime, popularly referred to as the “Budapest Convention”.
He said “these conventions would enhance our cooperation with other countries at the policy, technical and operational levels in dealing with cybercrime.”
The President said to secure the country’s digital journey, the government had tasked the National Cyber Security Centre, through the Ministry of Communications, to ensure the security of Ghana’s digital space.
“I am reliably informed that, Ghana’s National Cybersecurity Policy and Strategy (NCPS) have been reviewed to reflect current cybersecurity developments and are consistent with international best practices,” he said.
Mrs Ursula Owusu-Ekuful, the Minister of Communications, said the country was no exception to cyber-attacks, especially as government was poised at improving the digital space, adding that, everyone who used any electronic device was a potential victim of cyber attack.
She said digitalization held many opportunities for the nation, especially in the areas of job creation, hence the need for every government agency and the private sector to support the agenda of building a strong digital economy.
Mrs Owusu-Ekuful said as the country hosts the secretariat of the African Continental Free Area (AfCFTA) Agreement, there were numerous opportunies that would be presented to businesses and individual citizens.
She, however, said hosting the AfCFTA Secretariat was a wake-up call for all and sundry to support the agenda of securing the digital space to protect everyone from cyber attacks.
The Minister said by 2020, all government payments systems would be done electronically and that also called for securing the cyberspace.
View full post on National Cyber Security
An open database exposing records containing the sensitive data of hotel customers as well as US military personnel and officials has been disclosed by researchers.
On Monday, vpnMentor’s cybersecurity team, led by Noam Rotem and Ran Locar, said the database belonged to Autoclerk, a service owned by Best Western Hotels and Resorts group.
Autoclerk is a reservations management system used by resorts to manage web bookings, revenue, loyalty programs, guest profiles, and payment processing.
In a report shared with ZDNet, the researchers said the open Elasticsearch database was discovered through vpnMentor’s web mapping project. It was possible to access the database, given it had no encryption or security barriers whatsoever, and perform searches to examine the records contained within.
The team says that “thousands” of individuals were impacted, although due to ethical reasons it was not possible to examine every record in the leaking database to come up with a specific number.
Hundreds of thousands of booking reservations for guests were available to view and data including full names, dates of birth, home addresses, phone numbers, dates and travel costs, some check-in times and room numbers, and masked credit card details were also exposed.
See also: Citizen Lab: WeChat’s real-time censorship system uses hash indexes to filter content
Data breaches are a common occurrence and can end up compromising information belonging to thousands or millions of us in single cases of a successful cyberattack.
What is more uncommon, however, is that the US government and military figures have also been involved in this security incident.
It appears that one of the platforms connected to Autoclerk exposed in the breach is a contractor of the US government that deals with travel arrangements.
vpnMentor was able to view records relating to the travel arrangements of government and military personnel — both past and future — who are connected to the US government, military, and Department of Homeland Security (DHS).
Within the records, for example, were logs for US Army generals visiting Russia and Israel, among other countries.
CNET: California proposes regulations to enforce new privacy law
Autoclerk facilitates communication between different hospitality platforms, and it appears that a substantial portion of the data originated from external platforms. In total, the database — hosted by AWS — contained over 179GB of data.
At the time of writing it has not been possible to track the overall owner of the database due to the “number of external origin points and sheer size of the data exposed,” the team says.
The United States Computer Emergency Readiness Team (CERT) was informed of the leak on September 13 but did not respond to the researcher’s findings.
vpnMentor then reached out to the US Embassy in Tel Aviv, and seven days later, the team contacted a representative of the Pentagon who promised swift action. Access to the database was revoked on October 2.
TechRepublic: Financial industry spends millions to deal with breaches
“The greatest risk posed by this leak is to the US government and military,” the team says. “Significant amounts of sensitive employee and military personnel data could now be in the public domain. This gives invaluable insight into the operations and activities of the US government and military personnel. The national security implications for the US government and military are wide-ranging and serious.”
ZDNet has reached out to US-CERT and affected parties and will update when we hear back.
Previous and related coverage
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0
The post #hacking | Open database leaked 179GB in customer, US government, and military records appeared first on National Cyber Security.
View full post on National Cyber Security
There are some key conditions that must be met before governments are authorised to hack, and these must limit the uses of hacking.
There is a palpable fear gripping South African politicians, activists and journalists at the moment about whether their communication devices are being hacked. Even President Cyril Ramaphosa claims to have been hacked during his campaign for the presidency. Every public figure and prominent politician must dread the possibility of waking up one Sunday to find their hacked and leaked intimate videos circulating on some WhatsApp group.
Yet, surprisingly little is being said about hacking and what to do about it. This is in spite of the fact that regulation of hacking is big news in other countries. This lack of attention is puzzling, as it is probably the most invasive and damaging communication surveillance method of all.
Hacking can be defined broadly as interference with a system to make it act in ways that were not intended or foreseen by the manufacturer or user. Cellphones and laptops can be hacked, but so too can devices that contain sensors and linked to the Internet of Things. This includes everything from the energy grid to your smart electricity meter, your security system, television, fridge, autonomous car and Fitbit.
Hacking presents unique threats to privacy and freedom of expression because it can do things that other forms of surveillance cannot do. Unlike passive forms of surveillance, such as bulk surveillance, you cannot protect yourself against hacking even if you encrypt your communications. This danger leaves people working in sensitive professions (such as journalism) exposed. The dangers are amplified if it is the government that hacks your devices.
Governments should not have these powers without public and judicial scrutiny, but throughout the world, all too often, they do. Government hackers can suck everything out of your device whether there is evidence of a crime or not. They can turn your device against you to spy on you, and alter your personal information to embarrass you or even incriminate you. When placed in the hands of unaccountable governments, this capability can be very invasive indeed.
In Mexico, for instance, the government has hacked the emails of opposition politicians, journalists and even estate agents, regularly and with impunity. It has also been known to alter the hacked communications slightly to make their victims look worse than they actually are, release them publicly and then sit back and laugh as their victims squirm with embarrassment.
The South African government has not publicly avowed that it hacks, unlike some other countries. But there is publicly available evidence to suggest that these capabilities do exist, and are a factor in the South African surveillance set-up.
In spite of this, the recent High Court judgment about the unconstitutionality of sections of South Africa’s main communication surveillance law, Rica, did not even touch on hacking. Perhaps this is because the facts of the case, involving the surveillance of journalist Sam Sole, did not lend themselves to including this issue.
Hacking and South Africa
The University of Toronto’s Citizen Lab – which specialises in using internet scanning techniques to detect surveillance tools on communication networks – has detected FinFisher on two IP addresses belonging to communications parastatal Telkom in South Africa.
FinFisher is a weapons-grade intrusive hacking suite sold exclusively to governments and has been implicated in several surveillance abuses in authoritarian countries such as Bahrain and Ethiopia.
FinFisher is particularly useful for monitoring security-conscious and mobile targets like journalists, who make extensive use of encryption. Governments can use it to take control of a target’s computer as soon as it is connected to the internet, and it can even be used to turn on web cameras and microphones for surveillance purposes.
According to documents leaked from the manufacturers’ systems, and subsequently published by WikiLeaks, by 2014, FinSpy was the most popular product in the suite. This tool inserts a Trojan into a device (a malicious computer program enabling its controller to take complete control of the infected device).
Once it is inserted, the controller can do everything the device user can do, such as intercept and record a wide variety of information from an infected device, including Skype chats and calls, instant messaging, emails and even passwords. The controller can also turn the user’s phone into a little spying device in meetings and in their home, by remotely turning on the microphone and videocam.
According to the WikiLeaks documents, South Africa purchased base licences for FinSpy and was the third-largest named user of FinFisher after Slovakia and Estonia, with a total of 23 licences, with the largest unnamed user holding 47 licences: in other words, the WikiLeaks evidence pointed to South Africa being a significant FinFisher user.
Citizenlab detected FinFisher command-and-control servers on the Telkom network in 2013, and more seriously, it detected a master server in South Africa, which meant that not only was FinFisher present in South Africa, but that it was most likely being operated by a government department, given that the manufacturers only sell to governments.
In September 2018, Citizen Lab detected infections by the Israel firm NSO Group’s powerful mobile phone hacking tool, Pegasus, in South Africa, suggesting that an NSO operator was spying here.
In correspondence with Citizen Lab, the NSO Group claimed: “Contrary to statements made by you, our product is licensed to government and law enforcement agencies for the sole purpose of investigating and preventing crime and terror. Our business is conducted in strict compliance with applicable export control laws.”
Pegasus exploits vulnerabilities in computer systems that are not known to the manufacturers or users (zero-day vulnerabilities), to take over a user’s device for surveillance purposes. The user is duped into clicking on a link that takes them to a web domain that delivers the spyware.
Why authoritarian governments would want the powers to hack is self-evident, but why would democratic governments want these powers if they are so invasive of privacy? Is there a sound operational case for government hacking?
The government spy agency case for hacking
Increasingly, law enforcement and intelligence agencies are arguing that encryption is making it more and more difficult for them to spy for legitimate purposes. Hacking allows them to gain access to the device of a terrorist or criminal suspect and circumvent encryption by reading a message at the source.
In fact, spy agencies have bemoaned the fact that Edward Snowden’s revelations about massive and abusive government spying have led to the democratisation of encryption. Consequently, they claim, encryption is creating a law-free zone where they cannot obtain information about what suspects are thinking or doing, reducing their abilities to disrupt criminal networks and terrorist plots. Justice could even be subverted if they can compel most forms of evidence of wrongdoing, with encrypted evidence being the exception to the rule.
The agencies are also concerned that bulk surveillance is becoming less and less effective in the fight against serious crime, as this form of surveillance cannot access encrypted data, and more and more criminals are using encryption. These changes in criminal communication habits are leading to what the agencies call the “going dark” problem, where communication of interest becomes less and less visible to them.
Therefore, the agencies argue, they need more innovative and agile technological capabilities. They claim that hacking provides them with an important capability to detect and disrupt possible criminal attacks, including cyber-attacks.
They also argue that hacking is a middle path between not accessing encrypted data at all (which they would not accept) and compelling communication service providers to hand over the decryption keys (which is not an option anyway when there is end-to-end encryption), or compelling them to build back-doors or vulnerabilities into their services. Another option of creating a key escrow system – where a designated government authority or third party stores the encryption keys – has been roundly rejected as too risky.
At face value, these would appear to be compelling operational arguments. However, the reality is that the internet has opened up whole new alternative sources of data and evidence for the spy agencies, and these can be used to supplement data sources lost to encryption.
South African agencies have shown that they rely far more on metadata (or data about a person’s communications, such as who they called or what their cellphone location was) for investigations than they do on communication content. This metadata may not be encrypted, although some of it can be hidden from view through anonymising security services.
Former Rica judge Yvonne Mokgoro complained in one of her annual reports that the growing use of encryption was placing more communications beyond the reach of intelligence agencies. Yet she provided no statistical information about the number of investigations that were defeated by encryption.
In the US, intelligence agencies have vastly overstated the threat of encryption to their investigations, to justify more expansive powers. So, it is important not to take the spy agencies’ “going dark” argument, and their subsequent justifications for hacking, at face value.
Privacy and security concerns around hacking
In addition to the privacy risks, hacking threatens the security of the internet, which can affect many more people than a criminal suspect or two. An entire device is compromised during the hack, which is much more dangerous than simply listening in to a phone call.
Legalised government hacking means that the agencies have a vested interest in promoting an insecure internet to make hacking easier, which creates a host of new security threats, some of which can even be life-threatening if they compromise critical infrastructure.
Hacking creates perverse incentives for governments to keep the internet vulnerable so that they can exploit these vulnerabilities. This is leading to a huge trade in zero-day vulnerabilities, where governments buy the vulnerabilities to stockpile them for future exploitation in hacking activities.
Rightfully, governments should be fixing or patching security problems instead of creating them or contributing to them through exploiting them. The problem with promoting an insecure internet is that these insecurities can be used by governments and criminals alike: something that should concern South Africans, given our extremely high levels of cybercrime.
The Cybercrimes Bill forbids unlawful hacking. The government could argue that this leaves the door open to using lawful hacking. But the problem is that Rica is silent on hacking, although it is a form of interception of communications.
Furthermore, former Rica judge Mokgoro and the Joint Standing Committee on Intelligence have both argued that the surveillance technologies used should not be taken into account when deciding whether to grant an interception direction (or a warrant). In other words, once the judge has issued a direction, then the spy agency concerned should be allowed to use whatever spying tool it sees fit.
This approach of technology neutrality is problematic as some surveillance tools are more invasive than others. As hacking can circumvent encryption and threatens cybersecurity too, it needs to be regulated as a discrete form of surveillance with even more stringent controls than other forms of surveillance.
Legislating for hacking
While many countries continue to use hacking under the legal radar, some have publicly avowed their uses of hacking. France, Germany, Poland and the UK have adopted specific legislative measures around hacking and some other countries are in the process of doing so.
However, too many countries take advantage of the “law lag” – the lag between technological innovations and the laws that regulate these innovations – to implement hacking. They may rely on “grey area” provisions in existing laws, in spite of the fact that the United Nations Special Rapporteur on Freedom of Expression has called for clear, narrowly framed laws limiting encryption and those mandating hacking.
Hacking triggers unique and specific privacy, security and evidentiary concerns that general surveillance laws cannot address adequately. For instance, according to Rica, intercept information – or information that is derived from communication intercepts – is admissible in court.
Yet, information derived from hacking exploits can be polluted by the manner of interception, as hacking alters the device that is hacked. Therefore, as a general rule, intercept information obtained from hacking should not be admitted as evidence in court. Alternatively, a forensic expert should be brought in to verify that the integrity of the hacked information has not been compromised. If intercept information is presented in court, then the attack method should be disclosed in court so that the defence can respond appropriately.
There are some key conditions that need to be met before governments are authorised to hack, and these limit the uses of hacking. Hacking should be prescribed explicitly in law, and the spy agencies seeking to use hacking should seek a warrant from a judge beforehand. The hacking should also be appropriately targetted, and only the device of the suspect should be hacked to limit the potential impacts on cyber-security. Non-essential data should be deleted.
Bulk hacking, along the lines of what the UK has written into law recently, should not be allowed as it opens the door to the government hacking thousands of devices at a time on an indiscriminate basis, and in ways that threaten cybersecurity massively. There should be no place in a democracy for untargeted bulk hacking, and, quite rightly, the UK is being challenged on this at the moment.
Key pieces of information should be stipulated in the application for the warrant. The application should provide sufficient information enabling the judge to assess the potential risks and damages to the security of the targeted device, and how these risks can be mitigated.
The duration for hacking should also be limited, preferably to a month: the three-month duration for interception directions in Rica is too long. The warrant should mention all the applications, data and sensors that will be targeted, the software and hardware to be used, and what information may or may not be collected.
Serious consideration should also be given to having separate authorisation processes for different functionalities of a hacking tool. Italy does that, which limits (potentially) overuse of hacking’s extensive capabilities. The Netherlands spells out in its law what functionalities and techniques are permissible for use by law enforcement agencies.
The grounds for issuing a hacking warrant should be even more stringent than those applying to more passive forms of surveillance, and the judge should be empowered to consult with a technical expert to assess the application before granting it.
There should also be provisions in the law to prevent the agencies from altering, deleting or adding data to the targeted device, and in addition to notifying the surveillance subject as soon as it is possible to do so, the hardware and software manufacturers should be informed too.
As part of its contribution to non-proliferation of weapons of cyber-warfare, the government should not be allowed to stockpile zero-day vulnerabilities for possible exploitation. Undoubtedly, this will create problems where a legitimate target is using a new, and most likely patched, operating system, but the government will be failing to prevent criminal activity by not disclosing a vulnerability when it becomes aware of it. However, reporting vulnerabilities does not preclude them from being exploited, at least until they are patched.
Private contractors should be disallowed from operating the hacking tools, as this could lead to security risks, and may reduce transparency, as disclosing the tools used, even to a judge, may be limited by vendor secrecy agreements. Third parties (such as internet service providers) should not be compelled to assist with hacking, either.
The spy agency undertaking the hacking must keep an audit trail to record the hacking trail, the method, extent and duration, and any alterations or deletions. Independent experts should also be brought in to audit the entire operation.
Information should also be published on the number of hacking operations each year, and whether they have been used extra-territorially. Extra-territorial hacking is a serious matter, as it could be considered an act of aggression, even war. If it is found during the course of a hack that the device being hacked is located out of the country, then the agencies should be required to abandon the hack, and seek the required information through a mutual assistance agreement with the other country, if one exists.
Trusting our devices
Under-regulated surveillance is creating a world where we can no longer trust our devices, and nothing destroys trust more than hacking. Of course, ethical hacking can be a public good as it encourages manufacturers to develop more robust systems. However, if we are to communicate openly and securely then the spaces for abuse need to be closed. The High Court judgment on Rica has been a huge step forward in ensuring more accountable state spying; but when it comes to hacking, South Africa is wide open for abuse. Future revisions of Rica need to take this reality into account. DM
Jane Duncan is a professor in the Department of Journalism, Film and Television, School of Communication, Faculty of Humanities, University of Johannesburg. She is author of Stopping the Spies: Constructing and Resisting the Surveillance State in South Africa, published by Wits University Press in 2018. She tweets at @duncanjane.
Comments – share your knowledge and experience
Please note you must be a Maverick Insider to comment. Sign up here or if you are already an Insider.
View full post on National Cyber Security
#hacker | #government | Russian Secret Weapon Against U.S. 2020 Election Revealed In New Cyberwarfare Report
The FBI has warned that “the threat” to U.S. election security “from nation-state actors remains a persistent concern,” that it is “working aggressively” to uncover and stop, and the U.S. Director of National Intelligence has appointed an election threats executive, explaining that election security is now “a top priority for the intelligence community—which must bring the strongest level of support to this critical issue.”
With this in mind, a new report from cybersecurity powerhouse Check Point makes for sobering reading. “It is unequivocally clear to us,” the firm warns, “that the Russians invested a significant amount of money and effort in the first half of this year to build large-scale espionage capabilities. Given the timing, the unique operational security design, and sheer volume of resource investment seen, Check Point believes we may see such an attack carried out near the 2020 U.S. Elections.”
None of which is new—it would be more surprising if there wasn’t an attack of some sort, to some level. What is new, though, is Check Point’s unveiling of the sheer scale of Russia’s cyberattack machine, the way it is organised, the staggering investment required. And the most chilling finding is that Russia has built its ecosystem to ensure resilience, with cost no object. It has formed a fire-walled structure designed to attack in waves. Check Point believes this has been a decade or more in the making and now makes concerted Russian attacks on the U.S. “almost impossible” to defend against.
The new research was conducted by Check Point in conjunction with Intezer—a specialist in Genetic Malware Analysis. It was led by Itay Cohen and Omri Ben Bassat, and has taken a deep dive to get “a broader perspective” of Russia’s threat ecosystem. “The fog behind these complicated operations made us realize that while we know a lot about single actors,” the team explains, “we are short of seeing a whole ecosystem.”
And the answer, Check Point concluded, was to analyse all the known data on threat actors, attacks and malware to mine for patterns and draw out all the connections. “This research is the first and the most comprehensive of its kind—thousands of samples were gathered, classified and analyzed in order to map connections between different cyber espionage organizations of a superpower country.”
The team expected to find deep seated linkages, connections between groups working into different Russia agencies—FSO, SVR, FSB, GRU. After all, one can reasonably expect all of the various threat groups sponsored by the Russian state to be on the same side, peddling broadly the same agenda.
But that isn’t what they found. And the results from the research actually carry far more terrifying implications for Russia’s capacity to attack the U.S. and its allies on a wide range of fronts than the team expected. It transpires that Russia’s secret weapon is an organisational structure which has taken years to build and makes detection and interception as difficult as possible.
“The results of the research was surprising,” Cohen explains as we talk through the research. “We expected to see some knowledge, some libraries of code shared between the different organizations inside the Russian ecosystem. But we did not. We found clusters of groups sharing code with each other, but no evidence of code sharing between different clusters.” And while such findings could be politics and inter-agency competition, the Check Point team have concluded that it’s more likely to have an operational security motive. “Sharing code is risky—if a security researcher finds one malware family, if it has code shared with different organizations, the security vendor can take down another organisation.”
The approach points to extraordinary levels of investment. “From my perspective,” Yaniv Balmas, Check Point’s head of cyber research tells me. “We were surprised and unhappy—we wanted to find new relationships and we couldn’t. This amount of effort and resources across six huge clusters means huge investment by Russia in offensive cyberspace. I have never seen evidence of that before.”
And the approach has been some time in the making. “It’s is an ongoing operation,” Cohen says, “it’s been there for at least a decade. This magnitude could only be done by China, Russia, the U.S. But I haven’t seen anything like it before.”
The research has been captured in “a very nice map,” as Balmas described it. This map has been built by Check Point and Israeli analytics company Intezer, a complex interactive tool that enables researchers to drill down into malware samples and attack incidents, viewing the relationships within clusters and the isolated firewalls operating at a higher level.
The research has been angled as an advisory ahead of the 2020 U.S. elections. Russia has the capability to mount waves of concerted attacks. It’s known and accepted within the U.S. security community that the elections will almost certainly come under some level of attack. But the findings actually point to something much more sinister. A cyber warfare platform that does carry implications for the election—but also for power grids, transportation networks, financial services.
“That’s the alarming part,” Check Point’s Ekram Ahmed tells me. “The absence of relationships. The sheer volume and resource requirements leads us to speculate that it’s leading up to something big. We’re researchers— if it’s alarming to us, it should definitely be alarming to the rest of the world.”
So what’s the issue? Simply put, it’s Russia’s ability to attack from different angles in a concerted fashion. Wave upon wave of attack, different methodologies with a common objective. And finding and pulling one thread doesn’t lead to any other cluster. No efficiencies have been sought between families of threat actors. “Offense always has an advantage over defense,” Balmas says, “but here it’s even worse. Given the resources Russia is putting in, it’s practically impossible to defend against.”
“It’s alarming,” Check Point explains in its report, “because the segregated architecture uniquely enables the Russians to separate responsibilities and large-scale attack campaigns, ultimately building multi-tiered offensive capabilities that are specifically required to handle a large-scale election hack. And we know that these capabilities cost billions of dollars to build-out.”
I spend lot of time talking to cybersecurity researchers—it’s a noisy space. And given current geopolitics, the Gulf, the trade war, the “splinternet,” there is plenty to write about. But I get the sense here that there’s genuine surprise and alarm at just what has been seen, the extent and strategic foresight that has gone into it, the implications.
And one of those implications is that new threats, new threat actors if following the same approach will be harder to detect. The Check Point team certainly think so. “This is the first time at such a scale we have mapped a whole ecosystem,” the team says, “the most comprehensive depiction yet of Russian cyber espionage.”
And attacks from Russia, whichever cluster might be responsible, tend to bear different hallmarks to the Chinese—or the Iranians or the North Koreans.
“Russian attacks tend to be very aggressive,” Balmas explains. “Usually in offensive cyber and intelligence, the idea is to do things that no-one knows you’re doing. But the Russians do the opposite. They’re very noisy. Encrypting or shutting down entire systems they attack. Formatting hard drives. They seem to like it—so an election attack would likely be very aggressive.”
With 2020 in mind, Ahmed explains, “given what we can see, the organization and sheer magnitude of investment, an offensive would be difficult to stop—very difficult.”
Cohen reiterates the staggering investment implications of what they’ve found. “This separation shows Russia is not afraid to invest enormous amount of money in this operation. There’s no effort to save money. Different organisations with different teams working on the same kind of malware but not sharing code. So expensive.”
All the research and the interactive map is available and open source, Cohen explains, “researchers can see the connections between families, better understanding of evolution of families and malware from 1996 to 2019.”
The perceived threat to the 2020 election is “speculation,” Check Point acknowledges. “But it’s based on how the Russians are organizing, the way they’re building the foundation of their cyber espionage ecosystem.”
So, stepping back from the detail what’s the learning here? There have been continual disclosures in recent months on state-sponsored threat actors and their tactics, techniques and procedures. The last Check Point research I reported on disclosed China’s trapping of NSA malware on “honeypot” machines. Taken in the round, all of this increased visibility on Russian and Chinese approaches, in particular, provides a better sense of the threats as the global cyber warfare landscape becomes more complex and integrated with the physical threats we also face.
On Monday [September 23], 27 nation-states signed a “Joint Statement on Advancing Responsible State Behavior in Cyberspace,” citing the use of cyberspace “to target critical infrastructure and our citizens, undermine democracies and international institutions and organizations, and undercut fair competition in our global economy by stealing ideas when they cannot create them.”
The statement was made with Russia and China in mind, and a good working example of how such attack campaigns are supported in practice can be viewed by exploring Check Point’s Russian cyber espionage map, which is now available online.
View full post on National Cyber Security
WASHINGTON — President Donald Trump on Thursday urged another foreign government to probe former Vice President Joe Biden and his son Hunter, saying the Chinese government should look into Hunter Biden’s involvement with an investment fund that raised money in the country.
“China should start an investigation into the Bidens because what happened in China is just about as bad as what happened with Ukraine,” Trump told reporters outside the White House.
While Trump said he hasn’t asked Chinese President Xi Jinping to investigate the Bidens, the public call mirrors the private behavior on which Democrats are partially basing their impeachment inquiry — using the office of the presidency to press a foreign leader to investigate a political rival.
It is “certainly something we can start thinking about, because I’m sure that President Xi does not like being on that kind of scrutiny, where billions of dollars is taken out of his country by a guy that just got kicked out of the Navy,” Trump said Thursday of asking China to probe the Bidens. “He got kicked out of the Navy, all of the sudden he’s getting billions of dollars. You know what they call that? They call that a payoff.”
The U.S. in the midst of a tense trade war with China. The president, discussing progress on negotiations with Beijing on a possible trade agreement just moments before his remarks about the Bidens, told reporters that “if they don’t do what we want, we have tremendous power.”
Chinese officials will be in Washington next week in another attempt to revive talks, Trump said.
Trump, seeking to expand his corruption accusations against the Bidens beyond Ukraine, has in recent days repeatedly accused Hunter Biden of using a 2013 trip on Air Force Two with his father, then the vice president, to procure $1.5 billion from China for a private equity fund he had started.
Prior to Thursday, Trump had not called for an investigation into the matter. The White House declined to comment on Trump’s remarks.
Despite Trump’s accusations, there has been no evidence of corruption on the part of the former vice president or his son. In a statement, Biden’s deputy campaign manager and communications director, Kate Bedingfield, said the president “is flailing and melting down on national television, desperately clutching for conspiracy theories that have been debunked and dismissed by independent, credible news organizations.”
“As Joe Biden forcefully said last night, the defining characteristic of Donald Trump’s presidency is the ongoing abuse of power,” Bedingfield said. “What Donald Trump just said on the South Lawn of the White House was this election’s equivalent of his infamous ‘Russia, if you’re listening’ moment from 2016 — a grotesque choice of lies over truth and self over the country.”
Trump, during a 2016 campaign rally, encouraged the country to meddle in the 2016 election by trying to access Hillary Clinton’s emails, saying, “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing.”
Special counsel Robert Mueller’s Russia investigation found that within hours of Trump’s invitation, Russian military intelligence initiated a hack against Clinton’s office. Trump and his allies have said he wasn’t serious when he made the comment.
In pushing back on Trump, Biden’s campaign previously pointed to a fact-check from The Washington Post that found Trump’s claims false while tracing the origins of the $1.5 billion figure he has used to a 2018 book by conservative author Peter Schweizer.
In addition, Hunter Biden’s spokesman, George Mesires, told NBC News previously that Hunter Biden wasn’t initially an “owner” of the company and has never gotten paid for serving on the board. He said Hunter Biden didn’t acquire an equity interest in the fund until 2017, after his father had left office.
And when he did, he put in only about $420,000 — a 10 percent interest. That puts the total capitalization of the fund at the time at about $4.2 million — a far cry from the $1.5 billion that Trump has alleged.
Trump also said Thursday that he still wants Ukraine to conduct “a major investigation” into Joe and Hunter Biden.
“I would think that if they were honest about it, they would start a major investigation into the Bidens,” he said, adding, “They should investigate the Bidens.”
House Democrats have launched a formal impeachment inquiry against Trump centered on a July 25 phone call between him and the president of Ukraine during which Trump asked his Ukrainian counterpart to investigate the family of the former vice president, Trump’s possible 2020 opponent. The House is also looking into whether Giuliani’s overtures were proper and whether the White House was using almost $400 million in frozen aid to Ukraine as leverage.
The White House has since released a detailed description of the July call, while the House Intelligence Committee made public a lightly redacted version of the intelligence community whistleblower complaint that brought to light the allegations against Trump. The complaint alleged that Trump, in the July phone call, used the power of his office “to solicit interference from a foreign country” in the 2020 election.
The impeachment inquiry has unleashed a torrent of activity in the House and key cabinet agencies.
House Democrats have so far issued subpoenas for Trump’s personal lawyer Rudy Giuliani as well as for Secretary of State Mike Pompeo for Ukraine-related documents. They have also threatened the White House with subpoenas for Ukraine-related documents. And on Thursday, the Department of Defense said its general counsel had directed all agency offices and leadership to turn over any pertinent information dealing with military funding to Ukraine.
Democrats, meanwhile, immediately excoriated Trump’s latest comments Thursday as “unacceptable” and “indefensible,” suggesting that the president is only strengthening their case for impeachment.
“The president cannot use the power of his office to pressure foreign leaders to investigate his political opponents. His rant this morning reinforces the urgency of our work. America is a Republic, if we can keep it.” House Intelligence Committee Chairman Adam Schiff, D-Calif., said in a tweet.
Rep. Emanuel Cleaver, D-Mo., tweeted: “This is absolutely unacceptable. It’s clear the president understands he’s been caught red-handed and has now moved to normalize this kind of corrupt behavior.”
“GOP must speak out,” he added.
Rep. G.K. Butterfield, D-N.C., also had a message for Republican lawmakers.
“To my Republican colleagues, I implore you to listen to the words that came out of Trumps’ mouth this morning. From the SOUTH LAWN OF THE WHITE HOUSE,” he said on Twitter. “Think about the detrimental impact these actions will have on our democracy and our national security. This is indefensible.”
The remarks also elicited the attention of the top elections official in the U.S., Federal Election Commission Chair Ellen Weintraub, who re-shared a tweet she had posted in June explaining that “it is illegal for any person to solicit, accept, or receive anything of value from a foreign national in connection with a U.S. election.”
Weintraub had initially posted the tweet in June, after Trump said he’d consider taking information on opponents from other countries.
View full post on National Cyber Security
General Cybersecurity Conference
June 13, 2018 | Jefferson City, Missouri, United States
Cybersecurity Conference Description
Government Technology’s passion is helping spread best practices and spurring innovation in the public sector. The Missouri Digital Government Summit is designed to do just that. The summit has an advisory board that gathers public sector and private sector leaders to create an agenda designed to make that passion relevant and actionable to the state and local government organizations attending the summit. Participants tell us they use inspirational keynotes, leadership discussions, networking breaks, and timely topics discussed in the numerous breakout sessions to help advance the goals of their organizations and their own career paths.
– Innovation and Leadership
– Digital Government Trends
– Emerging Technologies
– Cyber Security
– Data and Analytics
– Mobility and Citizen Engagement
– Cloud Services
View full post on National Cyber Security Ventures
If you asked a ballroom full of government leaders what keeps them up at night, what do you think they would say? According to our latest “What’s Next in Digital Communications for Local Government” survey results, expanding citizen engagement, increasing digital accessibility and minimizing cybersecurity risks top their to-do lists.
Nearly 370 municipal and county government officials across North America participated in the December 2017 survey to assess the current state of digital communications in local government and project future trends.
Topping the list of priorities for 2018 is citizen engagement, with two-thirds of survey respondents planning to invest in technology to increase digital connections with their customers. It’s the second year in a row that “expand citizen engagement” was cited as the top priority for the next 12 months.
Moreover, 80 percent of the local leaders said they plan to invest in social media tools this year. As one survey participant noted, “social media is one of the biggest channels where citizen engagement happens.”
At a time when social media consumption is at an all-time high, it’s not surprising that local government leaders are realizing the impact digital engagement can have in creating positive relationships with citizens and improving customer experience.
The post Engagement, #accessibility, #cybersecurity top #local government #priorities appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures