Category Archives: Cyber War

Apply More Shame to Facebook

Posted on by

Okay, so without much media attention, YouTube was just fined $170 million for children’s privacy violations. Hello Google? WTH? This was a settlement by the way between Google and the Federal Trade Commission.

But what about Facebook and protecting our data? We have heard and read items about how casual Facebook is with out data. But hold on, there is more.

Primer: Cambridge Analytica was a cyber spy network with political operations and twisted tactics.

In part:

The company at the centre of the Facebook data breach boasted of using honey traps, fake news campaigns and operations with ex-spies to swing election campaigns around the world, a new investigation reveals.

Executives from Cambridge Analytica spoke to undercover reporters from Channel 4 News about the dark arts used by the company to help clients, which included entrapping rival candidates in fake bribery stings and hiring prostitutes to seduce them.

In one exchange, the company chief executive, Alexander Nix, is recorded telling reporters: “It sounds a dreadful thing to say, but these are things that don’t necessarily need to be true as long as they’re believed.” More here.

Meanwhile:

Techcrunch: Hundreds of millions of phone numbers linked to Facebook accounts have been found online.

The exposed server contained more than 419 million records over several databases on users across geographies, including 133 million records on U.S.-based Facebook users, 18 million records of users in the U.K., and another with more than 50 million records on users in Vietnam.

But because the server wasn’t protected with a password, anyone could find and access the database.

Each record contained a user’s unique Facebook ID and the phone number listed on the account. A user’s Facebook ID is typically a long, unique and public number associated with their account, which can be easily used to discern an account’s username.

But phone numbers have not been public in more than a year since Facebook restricted access to users’ phone numbers.

TechCrunch verified a number of records in the database by matching a known Facebook user’s phone number against their listed Facebook ID. We also checked other records by matching phone numbers against Facebook’s own password reset feature, which can be used to partially reveal a user’s phone number linked to their account.

Some of the records also had the user’s name, gender and location by country.

fb 3 2

This is the latest security lapse involving Facebook data after a string of incidents since the Cambridge Analytica scandal, which saw more than 80 million profiles scraped to help identify swing voters in the 2016 U.S. presidential election.

Since then the company has seen several high-profile scraping incidents, including at Instagram, which recently admitted to having profile data scraped in bulk.

This latest incident exposed millions of users’ phone numbers just from their Facebook IDs, putting them at risk of spam calls and SIM-swapping attacks, which relies on tricking cell carriers into giving a person’s phone number to an attacker. With someone else’s phone number, an attacker can force-reset the password on any internet account associated with that number.

Sanyam Jain, a security researcher and member of the GDI Foundation, found the database and contacted TechCrunch after he was unable to find the owner. After a review of the data, neither could we. But after we contacted the web host, the database was pulled offline.

Jain said he found profiles with phone numbers associated with several celebrities.

Facebook spokesperson Jay Nancarrow said the data had been scraped before Facebook cut off access to user phone numbers.

“This data set is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers,” the spokesperson said. “The data set has been taken down and we have seen no evidence that Facebook accounts were compromised.”

But questions remain as to exactly who scraped the data, when it was scraped from Facebook and why.

Facebook has long restricted developers‘ access to user phone numbers. The company also made it more difficult to search for friends’ phone numbers. But the data appeared to be loaded into the exposed database at the end of last month — though that doesn’t necessarily mean the data is new.

This latest data exposure is the most recent example of data stored online and publicly without a password. Although often tied to human error rather than a malicious breach, data exposures nevertheless represent an emerging security problem.

In recent months, financial giant First American left data exposed, as did MoviePass and the Senate Democrats.

Feds Prepare States for Foreign Voting Interference

Posted on by

The Democrats have really lost their argument against voter ID if they are being fully candid about foreign interference. It is without question that several cities and states are victims of ransomware and Florida is especially concerned. Remember that a foreign actor, where clues point to Russia were able to gain access to voter registration databases and it stands to reason China will attempt the same.

Continually, the Democrats say that the Trump administration is virtually doing nothing to protect the election system. Read on as the Democrats know the mission and actions of the Cyber division of the Department of Homeland Security.

Image result for foreign hackers us voting systems photo
As Reuters reports:

The U.S. government plans to launch a program in roughly one month that narrowly focuses on protecting voter registration databases and systems ahead of the 2020 presidential election.

These systems, which are widely used to validate the eligibility of voters before they cast ballots, were compromised in 2016 by Russian hackers seeking to collect information. Intelligence officials are concerned that foreign hackers in 2020 not only will target the databases but attempt to manipulate, disrupt or destroy the data, according to current and former U.S. officials.

“We assess these systems as high risk,” said a senior U.S. official, because they are one of the few pieces of election technology regularly connected to the Internet.

The Cybersecurity Infrastructure Security Agency, or CISA, a division of the Homeland Security Department, fears the databases could be targeted by ransomware, a type of virus that has crippled city computer networks across the United States, including recently in Texas, Baltimore and Atlanta.

“Recent history has shown that state and county governments and those who support them are targets for ransomware attacks,” said Christopher Krebs, CISA’s director. “That is why we are working alongside election officials and their private sector partners to help protect their databases and respond to possible ransomware attacks.”

A ransomware attack typically locks an infected computer system until payment, usually in the form of cryptocurrency, is sent to the hacker.

The effort to counter ransomware-style cyberattacks aimed at the election runs parallel to a larger intelligence community directive to determine the most likely vectors of digital attack in the November 2020 election, according to current and former U.S. officials.

“It is imperative that states and municipalities limit the availability of information about electoral systems or administrative processes and secure their websites and databases that could be exploited,” the FBI said in a statement, supporting the Homeland Security initiative.

CISA’s program will reach out to state election officials to prepare for such a ransomware scenario. It will provide educational material, remote computer penetration testing, and vulnerability scans as well as a list of recommendations on how to prevent and recover from ransomware.

These guidelines, however, will not offer advice on whether a state should ultimately pay or refuse to pay ransom to a hacker if one of its systems is already infected.

“Our thought is we don’t want the states to have to be in that situation,” said a Homeland Security official. “We’re focused on preventing it from happening.”

Over the last two years, cyber criminals and nation state hacking groups have used ransomware to extort victims and create chaos. In one incident in 2017, which has since been attributed to Russian hackers, a ransomware virus was used to mask a data deletion technique, rendering victim computers totally unusable.

That attack, dubbed “NotPetya,” went on to damage global corporations, including FedEx and Maersk, which had offices in Ukraine where the malware first spread.

The threat is concerning because of its potential impact on voting results, experts say.

“A pre-election undetected attack could tamper with voter lists, creating huge confusion and delays, disenfranchisement, and at large enough scale could compromise the validity of the election,” said John Sebes, chief technology officer of the ESET Institute, an election technology policy think tank.

The databases are also “particularly susceptible to this kind of attack because local jurisdictions and states actively add, remove, and change the data year-round,” said Maurice Turner, a senior technologist with the Center for Democracy and Technology. “If the malicious actor doesn’t provide the key, the data is lost forever unless the victim has a recent backup.”

Nationwide, the local governments that store and update voter registration data are typically ill-equipped to defend themselves against elite hackers.

State election officials told Reuters they have improved their cyber defenses since 2016, including in some cases preparing backups for voter registration databases in case of an attack. But there is no common standard for how often local governments should create backups, said a senior Homeland Security official.

“We have to remember that this threat to our democracy will not go away, and concern about ransomware attacks on voter registration databases is one clear example,” said Vermont Secretary of State Jim Condos. “We’re sure the threat is far from over.”

 

35 North Korean cyberattacks in 17 countries

Posted on by

Pwned: North Korea's Facebook clone hacked by UK teen ...

According to a South Korean politician, last fall North Korean hackers gained access to South Korea’s Defense Integrated Data Center and stole 235 gigabytes of classified military plans. More here.

UNITED NATIONS (AP) — U.N. experts say they are investigating at least 35 instances in 17 countries of North Koreans using cyberattacks to illegally raise money for weapons of mass destruction programs — and they are calling for sanctions against ships providing gasoline and diesel to the country.

Last week, The Associated Press quoted a summary of a report from the experts which said that North Korea illegally acquired as much as $2 billion from its increasingly sophisticated cyber activities against financial institutions and cryptocurrency exchanges.

The lengthier version of the report, recently seen by the AP, reveals that neighboring South Korea was hardest-hit, the victim of 10 North Korean cyberattacks, followed by India with three attacks, and Bangladesh and Chile with two each.

Thirteen countries suffered one attack — Costa Rica, Gambia, Guatemala, Kuwait, Liberia, Malaysia, Malta, Nigeria, Poland, Slovenia, South Africa, Tunisia and Vietnam, it said.

The experts said they are investigating the reported attacks as attempted violations of U.N. sanctions, which the panel monitors.

The report cites three main ways that North Korean cyber hackers operate:

—Attacks through the Society for Worldwide Interbank Financial Telecommunication or SWIFT system used to transfer money between banks, “with bank employee computers and infrastructure accessed to send fraudulent messages and destroy evidence.”

—Theft of cryptocurrency “through attacks on both exchanges and users.”

— And “mining of cryptocurrency as a source of funds for a professional branch of the military.”

The experts stressed that implementing these increasingly sophisticated attacks “is low risk and high yield,” often requiring just a laptop computer and access to the internet.

The report to the Security Council gives details on some of the North Korean cyberattacks as well as the country’s successful efforts to evade sanctions on coal exports in addition to imports of refined petroleum products and luxury items including Mercedes Benz S-600 cars.

One Mercedes Maybach S-Class limousine and other S-600s, as well as a Toyota Land Cruiser, were transferred from North Korea to Vietnam for last February’s summit between the country’s leader Kim Jong Un and U.S. President Donald Trump, the experts said, adding that Vietnam said it asked for but was never provided a list of vehicles being brought into the country.

The panel also said it obtained information that the Taesong Department Store in Pyongyang, which reopened in April and is selling luxury goods, is part of the Taesong Group which includes two entities under U.N. sanctions and was previously linked to procurement for North Korea’s ballistic missile programs.

The panel recommended sanctions against six North Korean vessels for evading sanctions and illegally carrying out ship-to-ship transfers of refined petroleum products.

Under U.N. sanctions, North Korea is limited to importing 500,000 barrels of such products annually including gasoline and diesel. The U.S. and 25 other countries said North Korea exceeded the limit in the first four months of 2019.

The panel also recommended sanctions against the captain, owner, and parent company of the North Korean-flagged Wise Honest, which was detained by Indonesia in April 2018 with an illegal shipment of coal.

As for North Korea’s military cooperation with other countries, the experts said Iran rejected an unnamed country’s allegation that two North Korean entities under sanctions maintained offices in Iran — the Korea Mining Development Trading Corporation known as KOMID, which is the country’s primary arms dealer and main exporter of goods and equipment related to ballistic missiles and conventional weapons, and Saeng Pil Company.

How does Nolvadex work?
Cheap Nolvadex prevents the cells of tumor to access growing hormones which ensures slowing or complete termination of growth of tumor. Tamoxifen https://canadianrxcenter.com/buy-nolvadex-online-cheap/ belongs to the drug class known as SERM which stands for selective estrogen receptor modulators. The medicine prevents estrogen from binding with certain particles (receptors) on cells of cancer tumor. Tamoxifen fills these receptors and estrogens are disabled to bind to the cells. When breast cancer cells lack estrogen they turn dormant and in 98% of cases the cells of cancer die.

The experts said they have requested information from Rwanda on a report that North Koreans are conducting special forces training at a military camp in Gabiro. And they said they are also waiting for a response from Uganda “to multiple inquires” about reports indicating specialized training is being conducted in the country, and KOMID and North Korean workers maintain a presence.

As examples of North Korean cyberattacks, the panel said hackers in one unnamed country accessed the infrastructure managing its entire ATM system and installed malware modifying the way transactions are processed. As a result, it forced 10,000 cash distributions to individuals working for or on behalf of North Korea “across more than 20 countries in five hours.”

In Chile, the experts said, North Korean hackers demonstrated “increasing sophistication in social engineering,” by using LinkedIn to offer a job to an employee of the Chilean interbank network Redbanc, which connects the ATMs of all the country’s banks.

According to a report from one unnamed country cited by the experts, stolen funds following one cryptocurrency attack in 2018 “were transferred through at least 5,000 separate transactions and further routed to multiple countries before eventual conversion” to currency that a government has declared legal money, “making it highly difficult to track the funds.”

In South Korea, the experts said, North Korean cyber actors shifted focus in 2019 to targeting cryptocurrency exchanges, some repeatedly.

The panel said South Korea’s Bithumb, one of the largest cryptocurrency exchanges in the world, was reportedly attacked at least four times. It said the first two attacks in February 2017 and July 2017 each resulted in losses of approximately $7 million, while a June 2018 attack led to a $31 million loss and a March 2019 attack to a $20 million loss.

The panel said it also investigated instances of “cryptojacking” in which malware is used to infect a computer to illicitly use its resources to generate cryptocurrency. It said one report analyzed a piece of malware designed to mine the cryptocurrency Monero “and send any mined currency to servers located at Kim Il Sung University in Pyongyang.”

Fancy Bear, APT28, IoT, Hacking via Printers

Posted on by

Image result for jon huntsman moscow photo

Primer: U.S Ambassador to Russia, Jon Huntsman just issued his letter of resignation to President Trump. He states that he wants to return home to Utah due to a growing family. Gotta wonder if Amb. Huntsman ever really challenged Moscow on hacking and security intrusions of the United States.

Image result for fancy bear russia

MIT: A group of hackers linked to Russian spy agencies are using “internet of things” devices like internet-connected phones and printers to break into corporate networks, Microsoft announced on Monday.

Fancy Bear never hibernates: The Russian hackers, who go by names like Strontium, Fancy Bear, and APT28, are linked to the military intelligence agency GRU.

The group has been active since at least 2007. They are credited with a long list of infamous work including breaking into the Democratic National Committee in 2016, the crippling NotPetya attacks against Ukraine in 2017, and targeting political groups in Europe and North America throughout 2018.

Insecurity of Things: The new campaign from GRU compromised popular internet of things devices including a VOIP (voice over internet protocol) phone, a connected office printer, and a video decoder in order to gain access to corporate networks. Microsoft has some of the best visibility into corporate networks on earth because so many organizations are using Windows machines. Microsoft’s Threat Intelligence Center spotted Fancy Bear’s new work starting in April 2019.

The password is password: Although things like smartphones and desktop computers are often top of mind when it comes to security, it’s often the printer, camera, or decoder that leaves a door open for a hacker to exploit.

In multiple cases, Microsoft saw Fancy Bear get access to targeted networks because the IoT devices were deployed with default passwords. In another case, the latest security update was not applied. Using those devices as a starting point, the hackers established a beachhead and looked for further access.

“Once the actor had successfully established access to the network, a simple network scan to look for other insecure devices allowed them to discover and move across the network in search of higher-privileged accounts that would grant access to higher-value data,” Microsoft warned in a blog post published on Monday.

The hackers moved from one device to another, establishing persistence and mapping the network as they went, communicating with command and control servers all the while.

Global targets: Microsoft has been closely watching this group over the last year.

Of the 1,400 notifications the company delivered to those targeted or compromised by Fancy Bear, 20% have been to global non-governmental organizations, think tanks, or politically affiliated organizations. The remaining 80% have been to various sectors including government, technology, military, medicine, education, and engineering.

“We have also observed and notified STRONTIUM attacks against Olympic organizing committees, anti-doping agencies, and the hospitality industry,” Microsoft’s blog warned.

Last year, the FBI took disruptive action against a Fancy Bear campaign known as “VPNFilter” which targeted routers and network storage devices with malware with destructive capabilities of “bricking” a device by deleting firmware and rendering the device unusable. That campaign especially targeted Ukraine, a favorite target of Fancy Bear.

When Russia Helps N Korea Cheat on Sanctions, What to Do

Posted on by

Primer: Do you wonder what Russia’s votes on the UNSC really do to help North Korea? Do you wonder about the 40,000+ North Korean slave laborers in Russia add to the North Korean economy each year? About $200 million. How about the Russian oil pipeline that goes through North Korea? What about the rail system between the two countries and how that helps North Korea skirt sanctions with illicit goods transportation? Then there is the alleged legitimate navy and fishing fleets between Russia and North Korea. Money? Or the weekly air flight service from Vladivostok to Pyongyang. Or how Russia provides internet service to North Korea in addition to China, known as SatGate and the fiber optic lines that run along the rail system. Check front companies in China, Singapore and the banking system known as Dalcombank or just flying cash twice a week.

Rajin, North Korea Image result for rajin north korea  Image result for rajin north korea

FDD: The Treasury Department on Monday sanctioned a North Korean trading company official for helping Pyongyang evade U.S. and UN sanctions through illicit activity in Vietnam. The designation, which arrived in the brief interval between two North Korean missile tests in less than a week, suggests that Washington understands the importance of investigating and disrupting North Korea’s extensive overseas illicit networks.

Treasury’s latest target is Kim Su Il, who works for a Vietnam-based trading company on behalf of North Korea’s Munitions Industry Department, which the U.S. and UN have both sanctioned. According to Treasury, Kim helped export UN-sanctioned goods such as anthracite coal, titanium ore concentrate, and other raw materials from North Korea to Vietnam. Both anthracite coal and titanium ore are among the top exports that fund the regime’s illicit activities. Treasury also found that Kim Su Il helped charter ships and export Vietnamese products to North Korea, as well as to China and other undisclosed countries.

Kim Su Il’s designation is a reminder that North Korea’s overseas networks continue to thrive despite sanctions. In January, The Wall Street Journalreported that up to six Chinese-owned vessels transported North Korean coal between North Korea and Vietnam throughout 2018. In March 2018, the UN Panel of Experts also found that North Korean coal shipments to Vietnam go as far back as January 2017 – eight months before the UN Security Council’s comprehensive coal ban on North Korea went into effect. This persistent trade affirms Assistant Secretary of the Treasury Marshall Billingslea’s assessment in 2017 that coal “has been the center of North Korea’s revenue generation” for many years.

In March 2019, the same UN Panel of Experts exposed North Korea’s numerous overseas illicit money-making schemes, which employ networks of front companies, North Korean government workers, and local banks. For example, in Malaysia, North Korea’s intelligence agency, the Reconnaissance General Bureau, operated two companies that provided revenue to Pyongyang: the Malaysia-Korea Partners Group and Global Communications.

The UN Panel also found that foreign governments were applying “insufficient scrutiny” on the activities of North Korea’s overseas banking and government representatives, thereby enabling these company networks to thrive. The lax monitoring has ultimately allowed Pyongyang’s representatives to conduct financial transactions across numerous borders. Chinese banks in particular have been key enablers of North Korea’s actions.

Treasury provided robust evidence of this lax oversight last month when it sanctioned the Russian Financial Society (RFS) for helping North Korea evade sanctions. This designation revealed how a U.S.-sanctioned North Korean banking representative in Moscow exploited local financial service providers, specifically RFS, to conduct business for sanctioned North Korean companies. The incident showed that designating only the North Korean nationals working abroad is not enough. Rather, Washington also should target the banks and financial institutions that allow North Korean government officials based overseas to thrive.

Treasury’s next steps therefore should focus on investigating Kim Su Il’s local network of companies, individuals, and banks. Closing these gaps in enforcement is an indispensable step for maximizing the impact of U.S. sanctions on North Korea.