now browsing by tag
The U.S. Justice Department today unsealed indictments against four Chinese officers of the People’s Liberation Army (PLA) accused of perpetrating the 2017 hack against consumer credit bureau Equifax that led to the theft of personal data on nearly 150 million Americans. DOJ officials said the four men were responsible for carrying out the largest theft of sensitive personal information by state-sponsored hackers ever recorded.
The nine-count indictment names Wu Zhiyong (吴志勇), Wang Qian (王乾), Xu Ke (许可) and Liu Lei (刘磊) as members of the PLA’s 54th Research Institute, a component of the Chinese military. They are each charged with three counts of conspiracy to commit computer fraud, economic espionage and wire fraud.
The government says the men disguised their hacking activity by routing attack traffic through 34 servers located in nearly 20 countries, using encrypted communications channels within Equifax’s network to blend in with normal network activity, and deleting log files daily to remove evidence of their meanderings through the company’s systems.
U.S. Attorney General Bill Barr said at a press conference today that the Justice Department doesn’t normally charge members of another country’s military with crimes (this is only the second time the agency has indicted Chinese military hackers). But in a carefully worded statement that seemed designed to deflect any criticism of past offensive cyber actions by the U.S. military against foreign targets, Barr said the DOJ did so in this case because the accused “indiscriminately” targeted American civilians on a massive scale.
“The United States, like other nations, has gathered intelligence throughout its history to ensure that national security and foreign policy decision makers have access to timely, accurate and insightful information,” Barr said. “But we collect information only for legitimate national security purposes. We don’t indiscriminately violate the privacy of ordinary citizens.”
FBI Deputy Director David Bowdich sought to address the criticism about the wisdom of indicting Chinese military officers for attacking U.S. commercial and government interests. Some security experts have charged that such indictments could both lessen the charges’ impact and leave American officials open to parallel criminal allegations from Chinese authorities.
“Some might wonder what good it does when these hackers are seemingly beyond our reach,” Bowdich said. “We answer this question all the time. We can’t take them into custody, try them in a court of law and lock them up. Not today, anyway. But one day these criminals will slip up, and when they do we’ll be there. We in law enforcement will not let hackers off the hook just because they’re halfway around the world.”
The attorney general said the attack on Equifax was just the latest in a long string of cyber espionage attacks that sought trade secrets and sensitive data from a broad range of industries, and including managed service providers and their clients worldwide, as well as U.S. companies in the nuclear power, metals and solar products industries.
“Indeed, about 80 percent of our economic espionage prosecutions have implicated the Chinese government, and about 60 percent of all trade secret thefts cases in recent years involved some connection with China,” he said.
The indictments come on the heels of a conference held by US government officials this week that detailed the breadth of hacking attacks involving the theft of intellectual property by Chinese entities.
“The FBI has about a thousand investigations involving China’s attempted theft of U.S.-based technology in all 56 of our field offices and spanning just about every industry and sector,” FBI Director Christopher Wray reportedly told attendees at the gathering in Washington, D.C., dubbed the “China Initiative Conference.”
At a time when increasingly combative trade relations with China combined with public fears over the ongoing Coronavirus flu outbreak are stirring Sinophobia in some pockets of the U.S. and other countries, Bowdich was quick to clarify that the DOJ’s beef was with the Chinese government, not its citizenry.
“Our concern is not with the Chinese people or with the Chinese American,” he said. “It is with the Chinese government and the Chinese Communist Party. Confronting this threat directly doesn’t mean we should not do business with China, host Chinese students, welcome Chinese visitors or co-exist with China as a country on the world stage. What it does mean is when China violates our criminal laws and international norms, we will hold them accountable for it.”
A copy of the indictment is available here.
DOJ officials praised Equifax for their “close collaboration” in sharing data that helped investigators piece together this whodunnit. Attorney General Barr noted that the accused not only stole personal and in some cases financial data on Americans, they also stole Equifax’s trade secrets, which he said were “embodied by the compiled data and complex database designs used to store personal information.”
While the DOJ’s announcement today portrays Equifax in a somewhat sympathetic light, it’s important to remember that Equifax repeatedly has proven itself an extremely poor steward of the highly sensitive information that it holds on most Americans.
Equifax’s actions immediately before and after its breach disclosure on Sept 7, 2017 revealed a company so inept at managing its public response that one couldn’t help but wonder how it might have handled its internal affairs and security. Indeed, Equifax and its leadership careened from one feckless blunder to the next in a series of debacles that KrebsOnSecurity described at the time as a complete “dumpster fire” of a breach response.
For starters, the Web site that Equifax set up to let consumers check if they were affected by the breach consistently gave conflicting answers, and was initially flagged by some Web browsers as a potential phishing site.
Compounding the confusion, on Sept. 19, 2017, Equifax’s Twitter account told people looking for information about the breach to visit the wrong Web site, which also was blocked by multiple browsers as a phishing site.
And two weeks after its breach disclosure, Equifax began notifying consumers of their eligibility to enroll in free credit monitoring — but the messages did not come from Equifax’s domain and were in many other ways indistinguishable from a phishing attempt.
It soon emerged the intruders had gained access to Equifax’s systems by attacking a software vulnerability in an Internet-facing server that had been left unpatched for four months after security experts warned that the flaw was being broadly exploited. We also learned that the server in question was tied to an online dispute portal at Equifax, which the intruders quickly seeded with tools that allowed them to maintain access to the credit bureau’s systems.
This is especially notable because on Sept. 12, 2017 — just five days after Equifax went public with its breach — KrebsOnSecurity broke the news that the administrative account for a separate Equifax dispute resolution portal catering to consumers in Argentina was wide open, protected by perhaps the most easy-to-guess password combination ever: “admin/admin.”
Perhaps we all should have seen this megabreach coming. In May 2017, KrebsOnSecurity detailed how countless employees at many major U.S. companies suffered tax refund fraud with the IRS thanks to a laughably insecure portal at Equifax’s TALX payroll division, which provides online payroll, HR and tax services to thousands of U.S. firms.
In October 2017, KrebsOnSecurity showed how easy it was to learn the complete salary history of a large portion of Americans simply by knowing someone’s Social Security number and date of birth, thanks to yet another Equifax portal.
Around that same time, we also learned that at least two Equifax executives sought to profit from the disaster through insider trading just days prior to the breach announcement. Jun Ying, Equifax’s former chief information officer, dumped all of his stock in the company in late August 2017, realizing a gain of $480,000 and avoiding a loss of more than $117,000 when news of the breach dinged Equifax’s stock price.
Sudhakar Reddy Bonthu, a former manager at Equifax who was contracted to help the company with its breach response, bought 86 “put” options in Equifax stock on Sept. 1, 2017 that allowed him to profit when the company’s share price dropped. Bonthu was later sentenced to eight months of home confinement; Ying got four months in prison and one year of supervised release. Both were fined and/or ordered to pay back their ill-gotten gains.
While Equifax’s stock price took a steep hit in the months following its breach disclosure, shares in the company [NYSE:EFX] gained a whopping 50.5% in 2019, according to data from S&P Global Market Intelligence.
KrebsOnSecurity has long maintained that the 2017 breach at Equifax was not the work of financially-motivated identity thieves, as there has been exactly zero evidence to date that anything close to the size of the data cache stolen from that incident has shown up for sale in the cybercrime underground.
However, readers should understand that there are countless other companies with access to SSN, DOB and other information crooks need to apply for credit in your name that get hacked all the time, and that this data on a great many Americans is already for sale across various cybercrime bazaars.
Readers also should know that while identity theft protection services of the kind offered by Equifax and other companies may alert you if crooks open a new line of credit in your name, these services generally do nothing to stop that identity theft from taking place. ID theft protection services are most useful in helping people recover from such crimes.
As such, KrebsOnSecurity continues to encourage readers to place a freeze on their credit files with Equifax and the other major credit bureaus. This process puts you in control over who gets to grant credit in your name. Placing a freeze is now free for all Americans and their dependents. For more information on how to do that and what to expect from a freeze, please see this primer.
Tags: Coronavirus, Equifax breach, FBI Deputy Director David Bowdich, FBI Director Christopher Wray, Jun Ying, Liu Lei, Sudhakar Reddy Bonthu, U.S. Attorney General Bill Barr, U.S. Justice Department, Wang Qian, Wu Zhiyong, Xu Ke
The post U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack — Krebs on Security appeared first on National Cyber Security.
View full post on National Cyber Security
#nationalcybersecuritymonth | ‘Shot across the bow’: U.S. increases pressure on UK ahead of key Huawei decision | News
Source: National Cyber Security – Produced By Gregory Evans Wednesday, January 08, 2020 1:06 a.m. EST By Jack Stubbs and Alexandra Alper LONDON/WASHINGTON (Reuters) – The United States is making a final pitch to Britain ahead of a U.K. decision on whether to upgrade its telecoms network with Huawei equipment, amid threats to cut intelligence-sharing […] View full post on AmIHackerProof.com
#nationalcybersecuritymonth | U.S. and China Strike Phase One Trade Agreement; Washington Steps up Efforts to Block Chinese Tech Amidst Mounting Opposition
U.S. and China Announce Agreement on Phase One Trade Deal
On Dec. 13, President Trump announced that the U.S. and China had agreed to a “Phase One” trade deal. Under the agreement, the U.S. will roll back tariffs on Chinese goods in exchange for more U.S. goods purchases and structural reforms from the Chinese side. According to Trump, he will sign the deal on Jan. 15 with Chinese representatives at the White House. If the signing goes as planned, it will represent the U.S. and China’s first agreement to reduce import duties since the two countries began implementing bilateral tariffs in July 2018.
So far, most details of the agreement have not been made public. But as for U.S. commitments, Trump on Dec. 13 already canceled new 15 percent duties scheduled to hit $160 billion of Chinese exports on Dec. 15. Additionally, the Office of the U.S. Trade Representative (USTR) has confirmed that the U.S. will reduce tariffs on $120 billion of China’s exports from 15 percent to 7.5 percent. According to Chinese Vice Commerce Minister Wang Shouwen, the Trump administration will make these cuts in phases, though neither side has specified a timeline. Tariffs of 25 percent will remain, meanwhile, on $250 billion of Chinese goods.
As for China’s commitments, China has already cut tariffs on a slew of agricultural products and commodities. The USTR also reports that China will raise its imports of U.S. goods to $200 billion above 2017 levels—though China has yet to commit to import quantities for specific goods, like agricultural products. China has further pledged to heighten intellectual-property protections, end forced technology transfers and liberalize its financial services; however, the deal does not touch Chinese government subsidies to domestic firms. The deal also includes a process by which the U.S. may impose punitive tariffs if China does not adhere to its promises.
The Phase One deal has handed outsize benefits to U.S. and Chinese tech companies. Technology products (along with other consumer-retail goods) were disproportionately represented among the imports originally scheduled for new tariffs on Dec. 15. U.S. tech companies like Apple that produce in China will no longer see foreign-manufactured goods like phones and computers slapped with tariffs. And as analysts at Morgan Stanley have noted, following the deal, technology companies in China will likely experience the largest valuation increases among Chinese firms. Foreign financial firms may also be winners from the deal. Both sides have represented that, as part of the trade agreement, China will for the first time allow foreign companies to enter its financial sector without a joint venture. (China had already announced in July 2019 that it planned to abolish this joint-venture requirement.) This forthcoming change may also expand financing opportunities for firms raising funds in China.
Business groups in the U.S. have widely praised the deal as a positive step, and U.S. stocks rallied on news of the deal. Some commentators have argued that the Phase One agreement—which had remained in doubt for months—signifies a thaw in U.S.-China tensions and sanguine prospects for future agreements. Chinese negotiators are, reportedly, already attempting to work with the Trump administration in hammering out the next phase of the deal.
Still, reactions in the U.S. to the substance of Trump’s deal have been mixed. Although U.S. officials have touted the deal’s impact on the American economy, commentators have criticized it for resulting in few tangible concessions—particularly on structural reforms—that China had not previously been willing to make. And many remain skeptical that, even with this deal, the two sides will reach further trade agreements before November’s presidential election. Reports also suggest that Chinese leaders consider the deal a huge victory—and one that justifies a hardline approach to future U.S. trade talks.
State Department Steps up Efforts to Block Chinese Tech Imports, But Faces Mounting Opposition
Reporting broke in December that the State Department has, in recent months, attempted to stop American companies from purchasing Chinese technology components. The State Department’s Under Secretary for Economic Growth, Energy, and the Environment Keith Krach has led the initiative, which asks firms to sign a set of principles titled the Global Digital Trust Standard (GDTS). The GDTS would, in effect, commit firms not to buy products from Huawei and possibly other Chinese companies. Krach has reportedly approached thirteen business entities—including telecom carriers AT&T and Verizon, as well as chip manufacturers—about signing the GDTS. None appear to have signed.
The GDTS—by covering U.S. purchases, not sales—represents a more expansive attempt to influence U.S. supply chains than many past government actions against Huawei. But it also builds on recent steps in this direction by the Trump administration. On Nov. 26, the Commerce Department proposed a process for reviewing, and possibly prohibiting, information-technology acquisitions from “foreign adversar[ies].” These measures are widely considered to target Chinese companies like Huawei (although they have yet to take effect). Last month, the Federal Communications Commission (FCC) also labeled Huawei and ZTE national-security threats. This categorization bars purchases of their products through an FCC fund subsidizing rural telecom services.
The State Department’s requests, however, have met significant resistance from U.S. companies. Corporate leaders worry that signing the GDTS will commit them to anticompetitive behavior, exposing them to antitrust lawsuits. Concerned about higher costs and supply-chain disruption, businesses are also increasingly rebuffing Washington’s broader efforts to regulate tech imports, with many pushing back against the Commerce Department’s Nov. 26 purchase-review proposal. Unease about that rule change—and the review process’s complexity—led many trade associations on Dec. 6 to request a two-month extension to the rule’s comment period.
Chinese opposition to U.S. restrictions on Huawei has likewise grown more forceful, which may portend rising tensions on tech issues between the two countries. On Dec. 18, the Chinese state-owned paper China Daily published an editorial condemning U.S. efforts “to put Huawei out of business” as “dangerous” and “nothing but protectionism.” Huawei, meanwhile, has lately tried to market itself to American allies as more faithful than the U.S. to shared western values. And Huawei announced plans in December to sue the FCC for deeming it a national-security threat without due process. This legal challenge may compound U.S. firms’ fears about antitrust lawsuits should they cease importing Huawei goods.
It is not yet clear how the pushback will affect the Trump administration’s import-regulation efforts. Trump has continually ramped up restrictions against Huawei since May 2019, when he placed Huawei on a blacklist—still just partially implemented—that precludes it from purchasing U.S. components. However, there are some signs that regulators are open to tweaking such policies in response to feedback. Throughout November and December, the Commerce Department has issued export licenses to certain companies applying for exceptions from the ban against selling to Huawei.
In Other News
Reports emerged on Dec. 15 that the U.S. expelled two Chinese diplomats last September for suspected espionage after the two officials drove onto a military base in Virginia. At least one of the diplomats, U.S. officials suspect, was an undercover Chinese intelligence officer. The decision represents the first espionage-related expulsion of Chinese diplomats in over thirty years. After reports of the event broke, China denied that the embassy officials engaged in any wrongdoing and urged the U.S. “to correct its mistake.” The expulsions come amidst growing concerns among intelligence agencies worldwide that China is conducting espionage on a “mass scale.” Shortly after reports of the expulsions emerged, separate reporting indicated that a Chinese student had stolen research materials from a lab in Boston as an act of suspected biotechnology espionage.
Beijing last month reprimanded tech giants Tencent and Xiaomi for violating users’ data privacy with certain applications—including Tencent’s instant-messaging app QQ. Specifically, the government alleged that these apps violated national laws against collecting and selling personal data, such as through the use of designs that make it hard for users to delete accounts. In response to the transgressions, China’s Ministry of Industry and Information Technology (MIIT) on Dec. 19 published the names of dozens of problematic apps; it also threatened “punishment” if their problems were not addressed by end-2019. The crackdown gives force to an MIIT campaign announced last November to rein in mobile-app privacy violations, particularly among apps with high user volumes. Still, this campaign contrasts with Beijing’s recent efforts to scale up the government’s own data collection, which includes a Dec. 2 law requiring anyone registering a mobile number to undergo facial-recognition scans. Following the government’s announcement, Tencent issued a public pledge to amend its privacy statements.
On Dec. 8, the Financial Times obtained information that the Chinese government has ordered that all foreign-made hardware and software be removed from state institutions within three years. The substitutions will occur steadily through 2022—30 percent in 2020, 50 percent the next year and 20 percent the final year—and they complement similar moves by the U.S. to restrict Chinese tech imports. Analysts suspect executing the replacement will be difficult, because Chinese substitutes for some foreign products fall well below those foreign products’ levels of sophistication and developer support. China has wanted to remove foreign tech from key government operations since at least 2014, and doing so fits in with its objective of technological self-reliance under its “Made in China 2025” program. Still, the announced three-year timeframe is faster than expected, and the shift may harm some U.S. tech companies, which generate an estimated $150 billion in annual revenue from total sales to China. Some analysts expect, however, that major tech firms have anticipated and prepared for a move such as this.
Paul Krugman argues in the New York Times that the “Phase One” trade deal achieves few of Trump’s objectives, while Max Boot contends in the Washington Post the benefits it will bring the U.S. are speculative. Writing for Foreign Policy, Peter E. Harrell predicts that the next phase of U.S.-China trade disputes will center on export and investment controls rather than tariffs. Michael Ivanovitch argues in CNBC that a Phase One deal will do little to end the U.S.-China trade deficit and forestall future trade spats.
Henry Paulson writes in the Washington Post that the U.S. needs to catch up with China on developing 5G technologies. For Project Syndicate, Ngaire Woods questions whether Huawei really poses a greater security threat to the U.S. than companies like Facebook. Yukon Huang and Jeremy Smith discuss for the Carnegie Endowment for International Peace why the U.S. and China should resolve their technology disputes in multilateral forums.
For the New York Times, Ian Johnson examines how the Chinese Communist Party is incorporating traditional Chinese values into its governing strategy, and Roger Cohen explores the origins of political unrest in Hong Kong. In the Diplomat, Remco Zwetsloot and Dahlia Peterson argue that China’s immigration practices hold it back from competing with the U.S. in tech.
For Lawfare, Christopher C. Krebs discusses how the Cybersecurity and Infrastructure Security Agency can tackle U.S. cybersecurity vulnerabilities. Richard Altieri and Benjamin Della Rocca explore potential U.S. executive and legislative responses to Xinjiang internment camps. Tom Wheeler explains how Trump administration policies have set the U.S. back in its competition with China on 5G technologies.
The post #nationalcybersecuritymonth | U.S. and China Strike Phase One Trade Agreement; Washington Steps up Efforts to Block Chinese Tech Amidst Mounting Opposition appeared first on National Cyber Security.
View full post on National Cyber Security
#school | #ransomware | Ransomware Attacks on U.S. Have Reached “Crisis” Proportions, Governments “Must Do Better”
An unprecedented number of ransomware attacks deployed against government, healthcare and school targets in the U.S., and new attacks that not only lock up but also steal sensitive data, have prompted cybersecurity firm Emsisoft to declare a “crisis.”
An recent attack in Pensacola that “may have resulted in a municipal government’s data falling into the hands of cybercrimals” has also prompted Emsisoft to issue its 2019 “State of Ransomware in the US” report early and hopefully induce an immediate response by governments:
“We believe this development elevates the ransomware threat to crisis level and that governments must act immediately to improve their security and mitigate risks. If they do not, it is likely that similar incidents will also result in the extremely sensitive information which governments hold being stolen and leaked.”
The report describes an, “unprecedented and unrelenting barrage of ransomware attacks that impacted at least 948 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion.”
Affected organizations include:
- 103 federal, state and municipal governments and agencies.
- 759 healthcare providers.
- 86 universities, colleges and school districts, with operations at up to 1,224 individual schools potentially affected.
In a ransomware attack, hackers typically deploy malicious software via infected links embedded in “phishing” emails.
Sometimes these emails are spammed out randomly. In other cases, an employee working at a targeted organization is carefully profiled and sent a customized email designed to trick that individual into clicking an infected link.
In the case of one cryptocurrency exchange, hackers determined that someone working there was an extreme fan of a particular type of dog.
The hackers created fake digital materials claiming that a dog show featuring this breed would shortly be held in the employee’s region. The employee opened the email, clicked on a link it contained, and infected the entire exchange’s computer systems. The exchange was later robbed of cryptocurrencies.
In most cases, an organization’s systems are rendered unusable by ransomware and a ransom of cryptocurrencies is demanded in exchange for restoring systems or data.
In May, twenty-one civic agencies in Baltimore were disabled by a ransomware attack.
When Boston legal aid offices were disabled by Russian “Ryuk” ransomware earlier this year, trials had to be postponed, including a trial involving a child victim.
According to Emsisoft, the attacks it has lately witnessed, “put people’s health, safety and lives at risk”:
- Emergency patients had to be redirected to other hospitals.
- Medical records were inaccessible and, in some cases, permanently lost.
- Surgical procedures were canceled, tests were postponed and admissions halted.
- 911 services were interrupted.
- Dispatch centres had to rely on printed maps and paper logs to keep track of emergency responders in the field.
- Police were locked out of background check systems and unable to access details about criminal histories or active warrants.
- Surveillance systems went offline.
- Badge scanners and building access systems ceased to work.
- Jail doors could not be remotely opened.
- Schools could not access data about students’ medications or allergies.
Emsisoft further claims that the escalated success of ransomeware attacks in 2019 resulted from “a perfect storm…(involving) existing security weaknesses and the development of increasingly sophisticated attack mechanisms specifically designed to exploit those weaknesses.”
Fabian Wosar, CTO of Emsisoft, has issued a sober warning:
“The fact that there were no confirmed ransomware-related deaths in 2019 is simply due to good luck, and that luck may not continue into 2020. Governments and the health and education sectors must do better.”
View full post on National Cyber Security
#nationalcybersecuritymonth | Fears of Russian interference hit U.K. election as Reddit bans accounts after U.S. trade talks leak
LONDON — Fears of Russian interference reared their head in the U.K. election this weekend after social media platform Reddit said it believed confidential British government documents were posted to the site as “part of a campaign that has been reported as originating from Russia.”
Reddit launched an investigation after opposition Labour Party leader Jeremy Corbyn brandished the leaked documents at a press conference last month.
The 451-page dossier appeared to reveal rounds of trade negotiations with the U.S. for a post-Brexit trade deal included mention of the country’s beloved National Health Service. Labour claimed they proved Prime Minister Boris Johnson would put the NHS “up for sale” to secure a deal with President Donald Trump.
The British government has not denied the authenticity of the documents. NBC News has not verified their authenticity.
Johnson, whose ruling Conservative Party leads in the polls entering the final week, has denied Corbyn’s claims about what they show.
A British government spokesperson told NBC News Sunday that “online platforms should take responsibility for content posted on them, and we welcome the action Reddit have taken.”
“The U.K. government was already looking into the matter, with support from the National Cyber Security Centre,” the spokesperson said.
Let our news meet your inbox. The news and stories that matters, delivered weekday mornings.
“We do not comment on leaks, and it would be inappropriate to comment.”
Reddit said late Friday that its investigation into the posts related to the leak revealed “a pattern of coordination” by suspect accounts that were similar to a Russian campaign called “Secondary Infektion” discovered on Facebook earlier this year.
The site also said it had banned 61 accounts suspected of violating policies against vote manipulation related to the original post, which was published in October.
Corbyn has not revealed how his party obtained the documents but defended the decision to use them.
Asked about Reddit’s conclusions at a campaign stop Saturday, Corbyn said the news was an “advanced stage of rather belated conspiracy theories.”
“When we released the documents, at no stage did the prime minister or anybody deny that those documents were real, deny the arguments that we put forward. And if there has been no discussion with the USA about access to our health markets, if all that is wrong, how come after a week they still haven’t said that?” he added.
He also criticized the government for failing to release a Parliamentary intelligence committee report on Russian interference in British politics before the election campaign began.
Thursday’s vote was called in an effort to break the deadlock that has left the future of the country’s relationship with the European Union uncertain.
But the future of Britain’s health care has emerged as a powerful rejoinder to the notion of a purely ‘Brexit election.’
Asked about the source of the leak this weekend, Johnson said: “I do think we need to get to the bottom of that.”
Culture minister Nicky Morgan claimed the leak raises concerns of Russian influence on British democracy and said the government is taking steps and “watching for what might be going on.”
“From what was being put on that (Reddit) website, those who seem to know about these things say that it seems to have all the hallmarks of some form of interference,” Morgan told the BBC. “And if that is the case, that obviously is extremely serious.”
But if Russia was behind the leak, its aim may not have been to help any particular side in the election, Lisa-Maria Neudert, a researcher at Oxford University’s Project on Computational Propaganda, told Reuters.
“We know from the Russian playbook that often it is not for or against anything,” she said.
“It’s about sowing confusion, and destroying the field of political trust.”
Michele Neubert contributed.
View full post on National Cyber Security
be made on April 1, 2020. For the first time, the United States Census will
offer a full internet response option, in addition to traditional paper
responses. The digitization of the census is meant to address the challenges of
counting an increasingly large and diverse population, while also complying
with strict cost constraints imposed by Congress. But as with most
technological breakthroughs, there are plenty of risky implications.
first for the U.S., other countries have hosted censuses online before. Most
notably, the 2016 census in Australia involved the country being hit with a DDoS
attack that brought down the system for 40 hours and caused a plethora of
data was compromised, but as the U.S. gears up for its inaugural online census,
there is pressure to get it right. Security experts and citizens alike find
themselves asking the tough questions: Do we truly understand the risks
involved in an online census? How can we prepare to face potential security
concerns, and what happens if we fail to do so?
critical that both citizens and government agencies are aware of the potential
cybersecurity threats that exist with this transition. From compromised
respondent devices to disrupted network access and data breaches, there’s
plenty of room for error.
operation that is nation-wide, has a strict deadline and involves sensitive
data faces some major technical challenges and malicious cyber threats. Given
the important implications of the census for the U.S. government and its
population, the most immediately concerning are attacks and vulnerabilities that
impact the quality or security of the data in inconspicuous ways:
- Spoofing the census website in a handful of regions by attacking the caching name servers
and altering some of the responses could pose a significant threat. It is hard
enough to spot spoofing of known websites, let alone those we are not used to
- Compromised network access is a less malicious but still damaging possibility, should
the U.S. Census Bureau’s IT infrastructure be lacking. If the infrastructure is
not equipped to be secure and reliable, the results of the census could be skewed.
- Data theft isanother threat that would not impede or alter the results of the census,
but instead put U.S. citizens at risk. Such a concentrated amount of
information on U.S. residents would be valuable to many actors. A breach of
this database and theft of data may be timed after the census has concluded because
IT personnel may be more likely to let their guards down after a tense period
There are certainly
plenty of risks, but there are also steps and precautions that we can take now
to keep anticipated threats at bay and ensure an accurate, secure census in
the Best, Prepare for the Worst
that the U.S. Census Bureau has had a decade to prepare, but in today’s cyber
landscape, new threats and attack vectors are being developed that can’t always
be foreseen. With so much at stake, professionals are working around the clock
to identify potential mishaps and develop security strategies and mitigation
In terms of
precautions, there are several critical actions that can be taken to protect
our data and prepare for a successful and reliable census. First and foremost,
we must ensure that our internet service providers are not vulnerable to DNS
hijacking attacks and that all collected data is encrypted, both at rest and in
transit, in ways that are very difficult to decrypt.
making sure the internal and external networks have next generation firewalls
and advanced threat protection capabilities will mitigate the risks of
compromised network access, impersonation of U.S. Census Bureau websites and
to the precautions government entities must take, there is one important thing
the average citizen can do to protect their data – be aware of the timelines
of the census and suspicious of any phishing emails you receive prior to April
1 or afterwards, asking for similar information as the census. Any email
purporting to be from the Census Bureau requesting financial information,
social security numbers or specific birth dates, for example, should be
reported to the FBI’s internet crime center.
happens if we fail to adhere to these precautions? What is the potential
the “What ifs”
census holds extreme importance, in that it helps ensure citizens’ voices are
heard and everyone is represented. It has major implications for public decision-making
processes, including divvying up seats in Congress, dispersing public funding
and planning for Social Security.
properly prepared, we risk inaccurate, unclear or untrusted census results. In
this scenario, the faulty data would still be used to make decisions on
redistricting maps and funding allocations for community services and other
crucial programs that citizens need to thrive and prosper.
Government Accountability Office (GAO) has issued seven recommendations for managing the risk associated
with conducting an online census, all of which are key to the program’s success
and integrity. However, with just half a year to go until Census Day, it’s time
to move beyond recommendations for planning and into action.
By placing a
renewed focus on the technology vendors and supply chains being used by government
agencies, and educating and preparing citizens across the country, we’ll be well
on our way to a successful 24th U.S. Census.
The post #cybersecurity | hacker | How to prepare for the U.S. Census to move online appeared first on National Cyber Security.
View full post on National Cyber Security
#school | #ransomware | U.S. National Guard ready for potentially devastating domestic cyberattack – Defence Blog
Source: National Cyber Security – Produced By Gregory Evans The U.S. National Guard has confirmed that it is ready to mobilize its cyberdefenses in case of a potentially devastating domestic attack. Everyday the National Guard and other state agencies are preparing and battle to protect and deter malicious cyberattacks to U.S. cyberinfrastructure, according to a […] View full post on AmIHackerProof.com
#hacker | #government | Russian Secret Weapon Against U.S. 2020 Election Revealed In New Cyberwarfare Report
The FBI has warned that “the threat” to U.S. election security “from nation-state actors remains a persistent concern,” that it is “working aggressively” to uncover and stop, and the U.S. Director of National Intelligence has appointed an election threats executive, explaining that election security is now “a top priority for the intelligence community—which must bring the strongest level of support to this critical issue.”
With this in mind, a new report from cybersecurity powerhouse Check Point makes for sobering reading. “It is unequivocally clear to us,” the firm warns, “that the Russians invested a significant amount of money and effort in the first half of this year to build large-scale espionage capabilities. Given the timing, the unique operational security design, and sheer volume of resource investment seen, Check Point believes we may see such an attack carried out near the 2020 U.S. Elections.”
None of which is new—it would be more surprising if there wasn’t an attack of some sort, to some level. What is new, though, is Check Point’s unveiling of the sheer scale of Russia’s cyberattack machine, the way it is organised, the staggering investment required. And the most chilling finding is that Russia has built its ecosystem to ensure resilience, with cost no object. It has formed a fire-walled structure designed to attack in waves. Check Point believes this has been a decade or more in the making and now makes concerted Russian attacks on the U.S. “almost impossible” to defend against.
The new research was conducted by Check Point in conjunction with Intezer—a specialist in Genetic Malware Analysis. It was led by Itay Cohen and Omri Ben Bassat, and has taken a deep dive to get “a broader perspective” of Russia’s threat ecosystem. “The fog behind these complicated operations made us realize that while we know a lot about single actors,” the team explains, “we are short of seeing a whole ecosystem.”
And the answer, Check Point concluded, was to analyse all the known data on threat actors, attacks and malware to mine for patterns and draw out all the connections. “This research is the first and the most comprehensive of its kind—thousands of samples were gathered, classified and analyzed in order to map connections between different cyber espionage organizations of a superpower country.”
The team expected to find deep seated linkages, connections between groups working into different Russia agencies—FSO, SVR, FSB, GRU. After all, one can reasonably expect all of the various threat groups sponsored by the Russian state to be on the same side, peddling broadly the same agenda.
But that isn’t what they found. And the results from the research actually carry far more terrifying implications for Russia’s capacity to attack the U.S. and its allies on a wide range of fronts than the team expected. It transpires that Russia’s secret weapon is an organisational structure which has taken years to build and makes detection and interception as difficult as possible.
“The results of the research was surprising,” Cohen explains as we talk through the research. “We expected to see some knowledge, some libraries of code shared between the different organizations inside the Russian ecosystem. But we did not. We found clusters of groups sharing code with each other, but no evidence of code sharing between different clusters.” And while such findings could be politics and inter-agency competition, the Check Point team have concluded that it’s more likely to have an operational security motive. “Sharing code is risky—if a security researcher finds one malware family, if it has code shared with different organizations, the security vendor can take down another organisation.”
The approach points to extraordinary levels of investment. “From my perspective,” Yaniv Balmas, Check Point’s head of cyber research tells me. “We were surprised and unhappy—we wanted to find new relationships and we couldn’t. This amount of effort and resources across six huge clusters means huge investment by Russia in offensive cyberspace. I have never seen evidence of that before.”
And the approach has been some time in the making. “It’s is an ongoing operation,” Cohen says, “it’s been there for at least a decade. This magnitude could only be done by China, Russia, the U.S. But I haven’t seen anything like it before.”
The research has been captured in “a very nice map,” as Balmas described it. This map has been built by Check Point and Israeli analytics company Intezer, a complex interactive tool that enables researchers to drill down into malware samples and attack incidents, viewing the relationships within clusters and the isolated firewalls operating at a higher level.
The research has been angled as an advisory ahead of the 2020 U.S. elections. Russia has the capability to mount waves of concerted attacks. It’s known and accepted within the U.S. security community that the elections will almost certainly come under some level of attack. But the findings actually point to something much more sinister. A cyber warfare platform that does carry implications for the election—but also for power grids, transportation networks, financial services.
“That’s the alarming part,” Check Point’s Ekram Ahmed tells me. “The absence of relationships. The sheer volume and resource requirements leads us to speculate that it’s leading up to something big. We’re researchers— if it’s alarming to us, it should definitely be alarming to the rest of the world.”
So what’s the issue? Simply put, it’s Russia’s ability to attack from different angles in a concerted fashion. Wave upon wave of attack, different methodologies with a common objective. And finding and pulling one thread doesn’t lead to any other cluster. No efficiencies have been sought between families of threat actors. “Offense always has an advantage over defense,” Balmas says, “but here it’s even worse. Given the resources Russia is putting in, it’s practically impossible to defend against.”
“It’s alarming,” Check Point explains in its report, “because the segregated architecture uniquely enables the Russians to separate responsibilities and large-scale attack campaigns, ultimately building multi-tiered offensive capabilities that are specifically required to handle a large-scale election hack. And we know that these capabilities cost billions of dollars to build-out.”
I spend lot of time talking to cybersecurity researchers—it’s a noisy space. And given current geopolitics, the Gulf, the trade war, the “splinternet,” there is plenty to write about. But I get the sense here that there’s genuine surprise and alarm at just what has been seen, the extent and strategic foresight that has gone into it, the implications.
And one of those implications is that new threats, new threat actors if following the same approach will be harder to detect. The Check Point team certainly think so. “This is the first time at such a scale we have mapped a whole ecosystem,” the team says, “the most comprehensive depiction yet of Russian cyber espionage.”
And attacks from Russia, whichever cluster might be responsible, tend to bear different hallmarks to the Chinese—or the Iranians or the North Koreans.
“Russian attacks tend to be very aggressive,” Balmas explains. “Usually in offensive cyber and intelligence, the idea is to do things that no-one knows you’re doing. But the Russians do the opposite. They’re very noisy. Encrypting or shutting down entire systems they attack. Formatting hard drives. They seem to like it—so an election attack would likely be very aggressive.”
With 2020 in mind, Ahmed explains, “given what we can see, the organization and sheer magnitude of investment, an offensive would be difficult to stop—very difficult.”
Cohen reiterates the staggering investment implications of what they’ve found. “This separation shows Russia is not afraid to invest enormous amount of money in this operation. There’s no effort to save money. Different organisations with different teams working on the same kind of malware but not sharing code. So expensive.”
All the research and the interactive map is available and open source, Cohen explains, “researchers can see the connections between families, better understanding of evolution of families and malware from 1996 to 2019.”
The perceived threat to the 2020 election is “speculation,” Check Point acknowledges. “But it’s based on how the Russians are organizing, the way they’re building the foundation of their cyber espionage ecosystem.”
So, stepping back from the detail what’s the learning here? There have been continual disclosures in recent months on state-sponsored threat actors and their tactics, techniques and procedures. The last Check Point research I reported on disclosed China’s trapping of NSA malware on “honeypot” machines. Taken in the round, all of this increased visibility on Russian and Chinese approaches, in particular, provides a better sense of the threats as the global cyber warfare landscape becomes more complex and integrated with the physical threats we also face.
On Monday [September 23], 27 nation-states signed a “Joint Statement on Advancing Responsible State Behavior in Cyberspace,” citing the use of cyberspace “to target critical infrastructure and our citizens, undermine democracies and international institutions and organizations, and undercut fair competition in our global economy by stealing ideas when they cannot create them.”
The statement was made with Russia and China in mind, and a good working example of how such attack campaigns are supported in practice can be viewed by exploring Check Point’s Russian cyber espionage map, which is now available online.
View full post on National Cyber Security
Computer hackers are getting more sophisticated. They are not afraid to hold cities, states, and companies’ hostage until they pay a ransom. Hackers are modern day tech pirates that disrupt computer programs and turn shareholders into anxiety-ridden puppets. Computer networks in Denver, Atlanta, and Baltimore, as well as a computer network of Boeing Airlines, are recent victims. Atlanta’s computers went down on March 22nd when a hacker locked important data behind an encrypted wall. The wall would stay in place, according to the hackers, until the city pays the hackers $51,000 in Bitcoins. Atlanta has a week to comply. If the city doesn’t pay, all that important data will vanish, according to the computer pirates. No one is sure if Atlanta paid the money, according to a Fox News report. But Mayor Keisha Lance Bottoms didn’t rule out payment.
The hacking group calls itself “SamSam.” SamSam is not new to the hacking world. The group pocketed more than $800,000 in 2017. The city of Leeds, Atlanta paid SamSam $12,000 in February 2018 to release their data. But Atlanta is not the only city that SamSam has in its hacking sights this month. Officials in Baltimore said their 911 dispatch system was under attack. The system was down for 17 hours recently to prove the hackers were serious. The hackers were able to get into the system after the city made an internal change to their firewall. But the Baltimore hackers didn’t ask for money, and that is concerning, according to Frank Johnson, Baltimore’s chief information officer.
Boeing, the world’s top aerospace company, is also under attack by the now famous WannaCry ransomware. WannaCry is the same ransomware that crippled Britain’s healthcare services in 2017. The Boeing attack is not as serious as the attack in Britain, according to Boeing’s head of communications Linda Mills. Mills also said the 777 jet program was not part of the hack. Mills said only a few company machines were under attack.
Denver also had a suspicious outage when denvergov.org and pocketgov.org, as well as other online services, suddenly stopped in March. Some city staffers lost access to their email account. Denver officials claim the shutdown was the work of a computer bug, but Colorado’s Department of Transportation was a SamSam victim in February. The hackers said the information would come back to them if Colorado paid in Bitcoins, according to a news report by Denver7.
View full post on National Cyber Security Ventures
Source: National Cyber Security News
At one point or another, much of the U.S.’s data passes through Georgia.
The state is a financial technology capital, with 70 percent of all payment transactions handled in Atlanta. And Georgia is a major internet access point for not only the Southeast but also the Caribbean and part of South America, says Stanton Gatewood, the state’s chief information security officer.
“We have a tremendous amount of information flowing through the state of Georgia,” he says.
But as more data is generated online, cybersecurity resources struggle to keep up. In 2017, the cybersecurity workforce gap was expected to hit 1.8 million people by 2022, a 20 percent increase since 2015. Sources say a shortage exists because cybersecurity is a relatively new academic field, so people haven’t had ample opportunity to undergo the proper training and gain necessary skills. “The crush of demand is coming at once, and academia can’t really keep up,” says Michael Farrell, co-executive director of the Georgia Institute of Technology’s Institute for Information Security & Privacy.
In the face of this issue, Georgia is working to become a cybersecurity hub, amassing an arsenal of initiatives. The U.S. Army Cyber Command is moving from Virginia to Fort Gordon army base, right next to Augusta, Georgia.
View full post on National Cyber Security Ventures