Zoom Bombing, don’t be Fooled

So, there are several online conference video chat platforms now being used while businesses continue to operate even while doing the stay at home thing. We are aware of course of the common Skype platform, Uber Conference and gaining huge popularity is Zoom.

Warning to the healthcare industry: Since the United States has launched full tele-health platforms, all parties involved in the session(s) should watch carefully the platform(s) for cyber weirdness. All the same warnings and watchful eyes should be applied to the military across the spectrum as forces too are working from remote locations.

How to Record Zoom Meeting on PC, iPhone

In recent days, I have seen reports of Zoom conference/meeting events getting bombed by rogue players. Every nation while struggling to overcome the pandemic, governments and companies are quite vulnerable to breaches of cyber security due to limited employee resources. What better time for bad actors (read China) to attack?

Zoom has also seen a sharp increase in usage, but the attention the teleconferencing solution is receiving continues to be decidedly mixed. TechCrunch reports that researcher Patrick Wardle has found two local security flaws in Zoom’s macOS client.

***

While Zoom has certainly drawn investors’ eyes in a good way, it’s also attracted the ministrations of white hat researchers, cybercriminals, the plaintiffs’ bar, and state attorneys general. The platform’s encryption isn’t really end-to-end, the Intercept reports. Instead, it uses familiar transport encryption, which gives Zoom itself the potential to access its users’ traffic. The FBI’s Boston Field Office has issued a detailed warning about the ways in which criminals (conventional criminals out for gain, sleazy hacktivists, and skids out for the lulz) have been able to meddle with Zoom sessions. Check Point describes the ways in which criminals have registered domains that include the name “zoom;” these domains are of course up to no good at all. Zoom was also discovered to have been sharing analytic data with Facebook, a practice Zoom halted after it came to public attention, but not in time to forestall a class action suit under California’s Unfair Competition Law, Consumers Legal Remedies Act, and Consumer Privacy Act. And the New York Times reports that all of this news has prompted New York State’s Attorney General to ask Zoom for an explanation of its privacy and security policies.

So, as I was researching for this piece, I received an email from a distant buddy that read in part:

The government has sought the assistance of outside software experts to move online meetings. In one particular instance, my email buddy noted the following”

I have a Zoom warning. We had a Council meeting this afternoon and it had to end immediately. Fortunately, the Council was 99% finished with the meeting. The reason for ending the meeting is because we were Zoom Bombed (yup this is really the name for it). A participant joined the meeting late and his name was Mr. Off. His first name was Jack and he had a middle name “Me”. You can imaging the video. It was horrible. There were three hosts of the meeting that could control participants. The hosts could not see this participant so they didn’t think anything was wrong. Clearly, the hack knows how to enter a meeting without the controlling hosts knowing what is going on. I saw it and ordered the meeting end immediately. The Chair couldn’t see it and was wondering what to heck was wrong with me. It took about 5 more long seconds for me to yell at people to leave the meeting. We all jumped back on the meeting in five minutes and Mr. Off joined the meeting again.

I will add that only half the participants actually saw the act. We also caught it in time to not have it go live on cable or YouTube. Another participant actually viewed video of three other participants that no one else could see and were likely ready to Bomb the meeting.

In the future, we will use passwords for participants. This is unfortunate for the public because they wont be able to join the Zoom part of the meeting. They will still be able to watch it live on local cable and YouTube. We will set up an email and telephone for public comment if the agenda item requires public comment.

I highly recommend you use passwords for future meetings.

Seems we have a new kind of cyber terrorism going on here….espionage at a silent/covert level. Perhaps we can get some kind of press release from the NSA or something.

 

 

The Reason for the WH and Dr. Birx Chilling New Probability Report

Primer: We all seem to guess this except for Jim Acosta/CNN and the others at MSNBC. Media continues to blame the Trump White House for the slow response to address COVID-19, while Dr. Birx and Dr. Fauci explained what they did not know very early on. Now we know.

Now some real questions and new policy towards China must be considered. We can start with the $1.8 T in U.S. debt that China holds. The next is challenging American telecommunications companies to squelch China’s advances of 5G. Then there is the next phase of the U.S. trade agreement with China. Add in the mission to stop China’s power agenda across the globe as it is clear, China is fine with killing people and economies across the world.

China has concealed the extent of the coronavirus outbreak in its country, under-reporting both total cases and deaths it’s suffered from the disease, the U.S. intelligence community concluded in a classified report to the White House, according to three U.S. officials.

The officials asked not to be identified because the report is secret and declined to detail its contents. But the thrust, they said, is that China’s public reporting on cases and deaths is intentionally incomplete. Two of the officials said the report concludes that China’s numbers are fake.

The report was received by the White House last week, one of the officials said. The outbreak began in China’s Hubei province in late 2019, but the country has publicly reported only about 82,000 cases and 3,300 deaths, according to data compiled by Johns Hopkins University. That compares to more than 189,000 cases and more than 4,000 deaths in the U.S., which has the largest publicly reported outbreak in the world.

Communications staff at the White House and Chinese embassy in Washington didn’t immediately respond to requests for comment.

While China eventually imposed a strict lockdown beyond those of less autocratic nations, there has been considerable skepticism of China’s reported numbers, both outside and within the country. The Chinese government has repeatedly revised its methodology for counting cases, for weeks excluding people without symptoms entirely, and only on Tuesday added more than 1,500 asymptomatic cases to its total.

Stacks of thousands of urns outside funeral homes in Hubei province have driven public doubt in Beijing’s reporting.

Deborah Birx, the State Department immunologist advising the White House on its response to the outbreak, said Tuesday that China’s public reporting influenced assumptions elsewhere in the world about the nature of the virus.

Coronavirus: Doctor at hospital in China's Hubei province ... source

“The medical community made — interpreted the Chinese data as: This was serious, but smaller than anyone expected,” she said at a news conference on Tuesday. “Because I think probably we were missing a significant amount of the data, now that what we see happened to Italy and see what happened to Spain.”

China is not the only country with suspect public reporting. Western officials have pointed to Iran, Russia, Indonesia and especially North Korea, which has not reported a single case of the disease, as probable under-counts. Others including Saudi Arabia and Egypt may also be playing down their numbers.

U.S. Secretary of State Michael Pompeo has publicly urged China and other nations to be transparent about their outbreaks. He has repeatedly accused China of covering up the extent of the problem and being slow to share information, especially in the weeks after the virus first emerged, and blocking offers of help from American experts.

“This data set matters,” he said at a news conference in Washington on Tuesday. The development of medical therapies and public-health measures to combat the virus “so that we can save lives depends on the ability to have confidence and information about what has actually transpired,” he said.

“I would urge every nation: Do your best to collect the data. Do your best to share that information,” he said. “We’re doing that.”

The outbreak began in China’s Hubei province in late 2019, but the country has publicly reported only about 82,000 cases and 3,300 deaths, according to data compiled by Johns Hopkins University. That compares to more than 189,000 cases and more than 4,000 deaths in the U.S., which has the largest publicly reported outbreak in the world.

Map of sampling sites in the Hubei Province of China. Red ... source

 

Abstract

Background: The COVID-19 outbreak containment strategies in China based on non-pharmaceutical interventions (NPIs) appear to be effective. Quantitative research is still needed however to assess the efficacy of different candidate NPIs and their timings to guide ongoing and future responses to epidemics of this emerging disease across the World. Methods: We built a travel network-based susceptible-exposed-infectious-removed (SEIR) model to simulate the outbreak across cities in mainland China. We used epidemiological parameters estimated for the early stage of outbreak in Wuhan to parameterise the transmission before NPIs were implemented. To quantify the relative effect of various NPIs, daily changes of delay from illness onset to the first reported case in each county were used as a proxy for the improvement of case identification and isolation across the outbreak. Historical and near-real time human movement data, obtained from Baidu location-based service, were used to derive the intensity of travel restrictions and contact reductions across China. The model and outputs were validated using daily reported case numbers, with a series of sensitivity analyses conducted. Results: We estimated that there were a total of 114,325 COVID-19 cases (interquartile range [IQR] 76,776 – 164,576) in mainland China as of February 29, 2020, and these were highly correlated (p<0.001, R2=0.86) with reported incidence. Without NPIs, the number of COVID-19 cases would likely have shown a 67-fold increase (IQR: 44 – 94), with the effectiveness of different interventions varying. The early detection and isolation of cases was estimated to prevent more infections than travel restrictions and contact reductions, but integrated NPIs would achieve the strongest and most rapid effect. If NPIs could have been conducted one week, two weeks, or three weeks earlier in China, cases could have been reduced by 66%, 86%, and 95%, respectively, together with significantly reducing the number of affected areas. However, if NPIs were conducted one week, two weeks, or three weeks later, the number of cases could have shown a 3-fold, 7-fold, and 18-fold increase across China, respectively. Results also suggest that the social distancing intervention should be continued for the next few months in China to prevent case numbers increasing again after travel restrictions were lifted on February 17, 2020. Conclusion: The NPIs deployed in China appear to be effectively containing the COVID-19 outbreak, but the efficacy of the different interventions varied, with the early case detection and contact reduction being the most effective. Moreover, deploying the NPIs early is also important to prevent further spread. Early and integrated NPI strategies should be prepared, adopted and adjusted to minimize health, social and economic impacts in affected regions around the World.

 

Google Sent Users 40,000 Warnings

Primer questions: Did other tech companies do the same and if so, how many? What does Congress know and where are they with a real cyber policy?

Google’s threat analysis group, which counters targeted and government-backed hacking against the company and its users, sent account holders almost 40,000 warnings in 2019, with government officials, journalists, dissidents, and geopolitical rivals being the most targeted, team members said on Thursday.

The number of warnings declined almost 25 percent from 2018, in part because of new protections designed to curb cyberattacks on Google properties. Attackers have responded by reducing the frequency of their hack attempts and being more deliberate. The group saw an increase in phishing attacks that impersonated news outlets and journalists. In many of these cases, attackers sought to spread disinformation by attempting to seed false stories with other reporters. Other times, attackers sent several benign messages in hopes of building a rapport with a journalist or foreign policy expert. The attackers, who most frequently came from Iran and North Korea, would later follow up with an email that included a malicious attachment.

Color-coded Mercator projection of the world.

“Government-backed attackers regularly target foreign policy experts for their research, access to the organizations they work with, and connection to fellow researchers or policymakers for subsequent attacks,” Toni Gidwani, a security engineering manager in the threat analysis group, wrote in a post.

Top targets

Countries with residents that collectively received more than 1,000 warnings included the United States, India, Pakistan, Japan, and South Korea. Thursday’s post came eight months after Microsoft said it had warned 10,000 customers of nation-sponsored attacks over the 12 previous months. The software maker said it saw “extensive” activity from five specific groups sponsored by Iran, North Korea, and Russia.

Thursday’s post also tracked targeted attacks carried out by Sandworm, believed to be an attack group working on behalf of the Russian Federation. Sandworm has been responsible for some of the world’s most severe attacks, including hacks on Ukrainian power facilities that left the country without electricity in 2015 and 2016, NATO and the governments of Ukraine and Poland in 2014, and according to Wired journalist Andy Greenberg, the NotPetya malware that created worldwide outages, some that lasted weeks.

The following graph shows Sandworm’s targeting of various industries and countries from 2017 to 2019. While the targeting of most of the industries or countries was sporadic, Ukraine was on the receiving end of attacks throughout the entire three-year period:

Sandworm’s targeting efforts (mostly by sector) over the last three years.
Enlarge / Sandworm’s targeting efforts (mostly by sector) over the last three years.
Google

Tracking zero-days

In 2019, the Google group discovered zero-day vulnerabilities affecting Android, iOS, Windows, Chrome, and Internet Explorer. A single attack group was responsible for exploiting five of the unpatched security flaws. The attacks were used against Google, Google account holders, and users of other platforms.

“Finding this many zeroday exploits from the same actor in a relatively short time frame is rare,” Gidwani wrote.

The exploits came from legitimate websites that had been hacked, links to malicious websites, and attachments embedded in spear-phishing emails. Most of the targets were in North Korea or were against individuals working on North Korea-related issues.

The group’s policy is to privately inform developers of the affected software and give them seven days to release a fix or publish an advisory. If the companies don’t meet that deadline, Google releases its own advisory.

One observation that Google users should note: of all the phishing attacks the company has seen in the past few years, none has resulted in a takeover of accounts protected by the account protection program, which among other things makes multifactor authentication mandatory. Once people have two physical security keys from Yubi or another manufacturer, enrolling in the program takes less than five minutes.

Rogue Nations Competing with the X-37B

The Air Force’s X-37B Orbital Test Vehicle Mission 5 successfully landed at NASA’s Kennedy Space Center Shuttle Landing Facility Oct. 27, 2019. The X-37B OTV is an experimental test program to demonstrate technologies for a reliable, reusable, unmanned space test platform for the U.S. Air Force. (Courtesy photo) source

America’s four greatest adversaries are investing in systems that can take out satellites on orbit, including funding laser systems, nuclear power and satellites that shadow American space vehicles.

Russia, China, Iran and North Korea are each researching counterspace capabilities — kinetic or nonkinetic ways to taking out systems in space — according to the annual Global Counterspace Capabilities report, released by the Secure World Foundation.

Defense News was given an exclusive preview of the report, which will available later today and was edited by Brian Weeden and Victoria Samson.

For the first time, the report includes data on the space situational awareness (SSA) capabilities of countries — that is, the ability of nations to track what is moving in various orbits. Japan and India are two nations investing heavily in that area, according to the report, while Iran appears to lag behind.

“This is important because you can’t protect [against] what you can’t see,” said Samson, the organization’s Washington office director. “This doesn’t mean that developing an SSA capability is an indication of an offensive counterspace program, as there are many reasons why you would want that capability. But it is needed if you want to go offensive.”

  The Indian Space Research Organisation’s (ISRO) GSAT-9 on board the Geosynchronous Satellite Launch Vehicle (GSLV-F09), launches in Sriharikota in the state of Andhra Pradesh on May 5, 2017. / AFP PHOTO / ARUN SANKAR (Photo credit should read ARUN SANKAR/AFP/Getty Images)

She also highlighted the fact that in the last year, four of the countries with counterspace investments — India, Japan, France and the U.S. — have launched new military organizations specifically to deal with space-related issues, including a focus, at least in part, on counterspace efforts. In addition, the NATO alliance declared space an “operational domain” in December.

The vast majority of counterspace capabilities continue to reside with Russia, China and the United States, but other nations are funding programs as well. France, India, Japan, Iran and North Korea are all known to be at least investing some money in counterspace efforts, whether through ballistic missile programs or non-kinetic means such as cyberattacks.

The most prominent counterspace example of the last year came from India, which in March controversially launched a missile at one of its satellites, blowing it up and spewing shrapnel around low-earth orbit.

So is a counterspace arms race underway? The authors say no, at least in the context of the nuclear arms race where each country is trying to match the other capability for capability.

Instead, “this is about developing a range of offensive and defensive capabilities to go after an opponent’s space assets while protecting your own,” said Weeden, the organization’s director of program planning. “And I think that’s unfortunately inevitable because more and more countries are using space for military purposes. That drives increased interest in how to counter those uses.”

Added Samson, “it now seems that if you want to be considered a major space power, it’s not enough to have your own satellites, or the ability to launch them, or even the ability to launch other country’s satellites. You want your own counterspace capability.”

The big three

When Pentagon and White House officials talked about the need for a Space Force last year, leaders emphasized a growing threat in space.

“For all their posturing about who’s ‘weaponizing’ space, the big three are all working on a lot of the same technologies and doing a lot of the same things,” particularly rendezvous and proximity operations (RPO) where satellites can maneuver near another nation’s system, said Weeden.

The big three in this case are China, Russian and the United States.

China has run multiple maneuvers with its space-based systems that may be RPO-related, but it’s hard to know whether those capabilities are being developed for counterspace use as opposed to intelligence gathering, the report said.

When it comes to Chinese capabilities, Weeden said to focus on the ground-based anti-satellite weaponry — perhaps not a surprise, given China declared itself a player in counterspace technology by destroying one of its own satellites in 2007.

Beijing is investing in at least one, and perhaps as many as three, kinetic anti-satellite capabilities, “either as dedicated counterspace systems or as mid-course missile defense systems that could provide counterspace capabilities,” according to the report.

“It was robustly tested and appears to be operationally deployed,” Weeden said of those capabilities. “As long as the U.S. still relies on small numbers of very expensive satellites in LEO, I think it will prove to be a significant deterrent.”

While China often becomes the focus of public comments from Defense officials, Weeden said to keep an eye on Moscow, as he was “a bit shocked by the breadth of Russian counterspace programs. For all the concern and hype in the U.S. about China, Russia seems to be putting the most into counterspace.”

Those efforts include the Nudol, a ground-launched ballistic missile designed to be capable of intercepting targets in low-earth orbit; three different programs focused on RPO capabilities; the rebirth of an 1980s era program involving a large laser, to either dazzle or damage a satellite, carried about an IL-76MD-90A transport aircraft; a newly-discovered program called Ekipazh, which involves a nuclear reactor to power a large payload of on-orbit jammers; and what Weeden describes as a “massive” upgrade to SSA capabilities.

“All of that spells a very potent, more operationally-integrated, and more battle-tested package than what I’m seeing in China,” he warned. He added that he believes the public focus on China to be “part of the broader narrative the Trump administration is trying to push with China being the long-term threat they want to focus on. It also helps sell the narrative they’re trying to push on human spaceflight and exploration as well.”

As for the United States, the military has focused more on SSA and defensive counterspace capabilities, a trend Weeden says is due to America being the most reliant on space of the three countries, and hence must “protect its capabilities if it hopes to win a future conflict against Russia or China.” America’s SSA capabilities, in particular, remain well ahead of the rest of the world.

Which isn’t to say the U.S. is skipping out on counterspace investments either. America has a number of options for electronic warfare in space, including proven capabilities to jam enemy receivers within an area of operations; assets with RPO capabilities; and operational midcourse missile defense interceptors that have been demonstrated against low orbit satellites. In addition, there are plans to invest in prototyping directed energy capabilities for space.

One capability to keep an eye on is the X-37B, a spaceplane program that has made five trips into orbit and back to earth. In total, the spacecrafts have spent 2,865 days on orbit cumulatively over its five missions, with its last trip consisting of 780 days in space — more than two years.

The Air Force has been secretive about X-37B missions, often talking broadly about it conducting experiments in space; analysts have long believed that the mission set has at least something to do with counterspace capabilities. That belief was only strengthened by what happened during its last trip during which researchers believe it was used to launch a trio of small cubesats which were not registered in international tracking databases.

“The secret deployment of multiple small satellites raises additional questions about the mission of the X-37B. It suggests that the X-37B may have a mission to serve as a covert satellite deployment platform. The secrecy surrounding both the X-37B and the deployment may indicate they are part of a covert intelligence program, but it may also indicate the testing of offensive technologies or capabilities,” the authors wrote in the report. “The failure to even catalog the deployed satellites, something that is done even for classified U.S. military and intelligence satellites, calls into question the trustworthiness of the public SSA data provided by the U.S. military.”

And that creates potential diplomatic issues, at a time that the need for open discussions about space capabilities across nations should be growing, warned Samson.

“The Russians and Chinese have always pointed at the secrecy surrounding the X-37B program as evidence of malevolent intentions by the United States,” she said. “The fact that the U.S. released objects from the X-37B and didn’t register them feeds absolutely into that narrative and causes ripple effects that harm other multilateral discussions on space security and stability.”

China Supplied Faulty Coronavirus Test Kits

Seems to be a systemic problem with China as in 2017, the Chinese Communist Party issued a sizable medical equipment recall for faulty quality. It is unclear just what equipment was included but the CCP said they would reissue equipment under tighter controls. Swell.

China Supplied Faulty Coronavirus Test Kits to Spain, Czech Republic source

Translated from El Pais newspaper:

The much-announced rapid tests for coronaviruses with which the Government wanted to start testing the broader layers of the population to find out what is the real size of the contagion in Spain do not work well. This has been confirmed by several microbiology laboratories of large hospitals in the analyzes that have been made of the kits recently arrived from China. The results of these preliminary tests are discouraging: “They do not detect the positive cases as expected,” says a source who has participated in the tests and who asks for anonymity.

The rapid tests, manufactured by the Chinese company Bioeasy, based in Shenzhen, one of the technological poles of the Asian country, have a sensitivity of 30%, when it should be above 80%, these sources indicate. One of the microbiologists who has analyzed the Chinese test assures: “With that value it does not make sense to use these tests.” The conclusion of the experts who have evaluated these detection kits is that they will have to continue using the current test, the PCR. This has been reported to the Carlos III Health Institute, under the Ministry of Health.

The price of the sale of Chinese medical equipment to Spain was $467 million. In the transaction of medical equipment was 950 ventilators, 5.5 million testing kits and 11 million gloves and 500 million protective face masks. Chinese blamed one of its own companies called Bioesy and declared the company was not licensed. Okay, sure Beijing.

***

From NR:

Up to 80 percent of the 150,000 portable, quick coronavirus test kits China delivered to the Czech Republic earlier this month were faulty, according to local Czech news site Expats.cz. The tests can produce a result in 10 or 15 minutes but are usually less accurate than other tests. Because of the high error rate, the country will continue to rely on conventional laboratory tests, of which they perform about 900 a day.

The country’s Health Ministry paid $546,000 for 100,000 of the test kits, while the Interior Ministry paid for the other 50,000.

Deputy Prime Minister and Interior Minister Jan Hamacek downplayed the discovery that many of the tests were faulty, blaming it on a possible wrong methodology and saying the kits can still be used “when the disease has been around for some time,” or when “someone returns after quarantine after fourteen days.”

“In my opinion, this is not about some scandalous revelation that it is not working,” Hamacek said.

Meanwhile, Spain, which has more than 56,000 infected people and more than 4,000 coronavirus deaths, the second-highest number of fatalities in the world after Italy, found that the rapid coronavirus test kits it purchased from Chinese company Bioeasy only correctly identified 30 percent of virus cases, according to Spanish newspaper El Pais.

The director Spain’s Center for Health Alerts and Emergencies, Fernando Simón, said Spain tested 9,000 of the test kits and will return them based on their high error rate.

Studies performed on the tests which discovered the high error rate caused the Spanish Society of Infectious Diseases and Clinical Microbiology to recommend officially that the tests not be used.

The Chinese embassy in Spain claimed the Bioeasy products are not included in the products China has been supplying to countries where the virus has broken out.

Spain sends back Chinese coronavirus testing kits because they don ... source

Spain has 49,515 confirmed cases and there have been so many deaths in one small town, the officials had to use an ice skating rink to hold the bodies for burial processing.