Category Archives: Cyber War

Microsoft Reveals Continued Hacks of Technology Companies

Posted on by

The Russia-linked hackers behind last year’s compromise of a wide swath of the U.S. government and scores of private companies, including SolarWinds Corp. , have stepped up their attacks in recent months, breaking into technology companies in an effort to steal sensitive information, cybersecurity experts said.

In a campaign that dates back to May of this year, the hackers have targeted more than 140 technology companies including those that manage or resell cloud-computing services, according to new research from Microsoft Corp. The attack, which was successful with as many as 14 of these technology companies, involved unsophisticated techniques like phishing or simply guessing user passwords in hopes of gaining access to systems, Microsoft said.

***SolarWinds Hackers Accessed US Justice Department Email ...

Source: In a recent blog post to the company’s website, Microsoft’s corporate vice president of customer security and trust, Tom Burt, wrote that “state actor Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain.”

Nobelium is “attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers,” according to the company.

Burt wrote that 609 Microsoft customers had been informed that they’d been attacked between July and October of this year close to 23,000 times “with a success rate in the low single digits.”

The attacks, according to the executive, were not aimed at a specific flaw in any of the systems, rather, they were “password spray and phishing” attacks, which are aimed at stealing credentials that grant the attackers access to privileged information.

The Russian state-backed hacking group is, according to Burt, “trying to gain long-term, systematic access to a variety of points in the technology supply chain, and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government.”

***

Over 600 Microsoft customers targeted since July

“Since May, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium,” said Tom Burt, Corporate Vice President at Microsoft.

“We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised.”

As Burt added, in all, more than 600 Microsoft customers were attacked thousands of times, although with a very low rate of success between July and October.

“These attacks have been a part of a larger wave of Nobelium activities this summer. In fact, between July 1 and October 19 this year, we informed 609 customers that they had been attacked 22,868 times by Nobelium, with a success rate in the low single digits,” Burt said.

“By comparison, prior to July 1, 2021, we had notified customers about attacks from all nation-state actors 20,500 times over the past three years.”

Nobelium MSP attacks
Nobelium MSP attacks (Microsoft)

This shows that Nobelium is still attempting to launch attacks similar to the one they pulled off after breaching SolarWinds’ systems to gain long-term access to the systems of targets of interest and establish espionage and exfiltration channels.

Microsoft also shared measures MSPs, cloud service providers, and other tech orgs can take to protect their networks and customers from these ongoing Nobelium attacks.

Nobelium’s high profile targets

Nobelium is the hacking division of the Russian Foreign Intelligence Service (SVR), also tracked as APT29, Cozy Bear, and The Dukes.

In April 2021, the U.S. government formally blamed the SVR division for coordinating the SolarWinds “broad-scope cyber espionage campaign” that led to the compromise of multiple U.S. government agencies.

At the end of July, the US Department of Justice was the last US govt entity to disclose that 27 US Attorneys’ offices were breached during the SolarWinds global hacking spree.

In May, the Microsoft Threat Intelligence Center (MSTIC) also reported a phishing campaign targeting government agencies from 24 countries.

Earlier this year, Microsoft detailed three Nobelium malware strains used for maintaining persistence on compromised networks: a command-and-control backdoor dubbed ‘GoldMax,’ an HTTP tracer tool tracked as ‘GoldFinder,’ a persistence tool and malware dropper named ‘Sibot.’

Two months later, they revealed four more malware families Nobelium used in their attacks: a malware downloader known as ‘BoomBox,’ a shellcode downloader and launcher known as ‘VaporRage,’ a malicious HTML attachment dubbed ‘EnvyScout,’ and a loader named ‘NativeZone.’

Naval Engineer Arrested for Passing Classified Submarine Data to Foreign Entity

Posted on by
His code name is Alice. Making use of dead drops tells he watched too many Hollywood movies.
FOR IMMEDIATE RELEASE
Sunday, October 10, 2021

Maryland Nuclear Engineer and Spouse Arrested on Espionage-Related Charges

Jonathan and Diana Toebbe, both of Annapolis, Maryland, were arrested in Jefferson County, West Virginia, by the FBI and the Naval Criminal Investigative Service (NCIS) on Saturday, Oct. 9. They will have their initial appearances on Tuesday, Oct. 12, in federal court in Martinsburg, West Virginia. For almost a year, Jonathan Toebbe, 42, aided by his wife, Diana, 45, sold information known as Restricted Data concerning the design of nuclear-powered warships to a person they believed was a representative of a foreign power. In actuality, that person was an undercover FBI agent. The Toebbes have been charged in a criminal complaint alleging violations of the Atomic Energy Act.

“The complaint charges a plot to transmit information relating to the design of our nuclear submarines to a foreign nation,” said Attorney General Merrick B. Garland. “The work of the FBI, Department of Justice prosecutors, the Naval Criminal Investigative Service and the Department of Energy was critical in thwarting the plot charged in the complaint and taking this first step in bringing the perpetrators to justice.”

Jonathan Toebbe is an employee of the Department of the Navy who served as a nuclear engineer and was assigned to the Naval Nuclear Propulsion Program, also known as Naval Reactors. He held an active national security clearance through the U.S. Department of Defense, giving him access to Restricted Data. Toebbe worked with and had access to information concerning naval nuclear propulsion including information related to military sensitive design elements, operating parameters and performance characteristics of the reactors for nuclear powered warships.

The complaint affidavit alleges that on April 1, 2020, Jonathan Toebbe sent a package to a foreign government, listing a return address in Pittsburgh, Pennsylvania, containing a sample of Restricted Data and instructions for establishing a covert relationship to purchase additional Restricted Data. The affidavit also alleges that, thereafter, Toebbe began corresponding via encrypted email with an individual whom he believed to be a representative of the foreign government. The individual was really an undercover FBI agent. Jonathan Toebbe continued this correspondence for several months, which led to an agreement to sell Restricted Data in exchange for thousands of dollars in cryptocurrency.

On June 8, 2021, the undercover agent sent $10,000 in cryptocurrency to Jonathan Toebbe as “good faith” payment. Shortly afterwards, on June 26, Jonathan and Diana Toebbe traveled to a location in West Virginia. There, with Diana Toebbe acting as a lookout, Jonathan Toebbe placed an SD card concealed within half a peanut butter sandwich at a pre-arranged “dead drop” location. After retrieving the SD card, the undercover agent sent Jonathan Toebbe a $20,000 cryptocurrency payment. In return, Jonathan Toebbe emailed the undercover agent a decryption key for the SD Card. A review of the SD card revealed that it contained Restricted Data related to submarine nuclear reactors. On Aug. 28, Jonathan Toebbe made another “dead drop” of an SD card in eastern Virginia, this time concealing the card in a chewing gum package. After making a payment to Toebbe of $70,000 in cryptocurrency, the FBI received a decryption key for the card. It, too, contained Restricted Data related to submarine nuclear reactors. The FBI arrested Jonathan and Diana Toebbe on Oct. 9, after he placed yet another SD card at a pre-arranged “dead drop” at a second location in West Virginia.

Trial Attorneys Matthew J. McKenzie and S. Derek Shugert of the National Security Division’s Counterintelligence and Export Control Section, Assistant U.S. Attorneys Jarod J. Douglas and Lara Omps-Botteicher of the Northern District of West Virginia, and Special Assistant U.S. Attorney Jessica Lieber Smolar for the Western District of Pennsylvania are prosecuting the case on behalf of the government. The FBI and the NCIS are investigating the case.

Trump did not Trust China’s Aggression, Dispatched Special Forces to Taiwan

Posted on by

China has been an aggressor when it comes to Taiwan. The two nations have had separate governments since 1949 but under Chinese President Xi, he is determined to have full dominion over the small island nation. Major threats have been prevalent in recent years by China and President Trump took action more than a year ago.

As soon as Biden became President, conditions for Taiwan have gotten worse. In fact in January of 2021, the Chinese Defense Ministry said Taiwan’s independence is war.

In the last few days, more than 150 Chinese aircraft have challenged Taiwan airspace by flying into the Taiwan Air Defense Zone.

On October 1, China’s National Day, two waves of aircraft flew near Taiwan’s airspace; the first maneuver included 25 jets, and the second one involved an additional 13 planes. In total, the aerial flotilla included 28 Shenyang J-16 multirole fighters, six Russian-made Su-30 multirole fighters, two Xian H-6 long-range bombers, one Shaanxi Y-8 anti-submarine warfare plane, and one Shaanxi KJ-500 airborne early warning aircraft.

And then there were more in the days following.

Yet, Taiwan did respond.

taiwan air force mirage 2000

Taiwan’s air force is trained to resist invasion, including operating from strips of highway if air bases are rendered inoperable.

Twitter/ROC Ministry of Defense
***

A map showing Taiwan, China, and the Taiwan Strait.

The Trump administration is said to be encouraging Taipei to purchase dozens of F-16s, a sale that, like other major arms deals, would require congressional approval. The last time the United States sold these fighter jets to Taiwan was 1992. If the sale goes through, it would mark another departure from the Obama administration, which declined to sell the jets to avoid escalating tensions with Beijing. But experts say a sale would be put on hold until after the United States seals a trade deal with China.

WSJ: A U.S. special-operations unit and a contingent of Marines have been secretly operating in Taiwan to train military forces there, U.S. officials said, part of efforts to shore up the island’s defenses as concern regarding potential Chinese aggression mounts.

About two dozen members of U.S. special-operations and support troops are conducting training for small units of Taiwan’s ground forces, the officials said. The U.S. Marines are working with local maritime forces on small-boat training. The American forces have been operating in Taiwan for at least a year, the officials said.

The U.S. special-operations deployment is a sign of concern within the Pentagon over Taiwan’s tactical capabilities in light of Beijing’s yearslong military buildup and recent threatening moves against the island.

The special-operations unit and the Marine contingent are a small but symbolic effort by the U.S. to increase Taipei’s confidence in building its defenses against potential Chinese aggression. Current and former U.S. government officials and military experts believe that deepening ties between U.S. and Taiwan military units is better than simply selling Taiwan military equipment.

The U.S. has sold Taiwan billions of dollars of military hardware in recent years, but current and former officials believe Taiwan must begin to invest in its defense more heavily, and smartly.

“Taiwan badly neglected its national defense for the first 15 years or so of this century, buying too much expensive equipment that will get destroyed in the first hours of a conflict, and too little in the way of cheaper but lethal systems—antiship missiles, smart sea mines and well-trained reserve and auxiliary forces—that could seriously complicate Beijing’s war plans,” said Matt Pottinger, a distinguished visiting fellow at Stanford University’s conservative Hoover Institution who served as a deputy national security adviser during the Trump administration.

 

 

A Very Bad Time for Facebook

Posted on by

Is Facebook Down? Facebook Goes Down | Black Box Social Media

First it was the comprehensive investigation by the Wall Street Journal for the inside corruption at the social media giant Facebook. Then, after that was exposed, the same whistleblower, Frances Haugen made a shocking appearance on 60 Minutes and explained further that Facebook was putting profits before public safety. Haugen is an algorithms expert, an engineer and a Masters Degree holder from Harvard and has worked at Facebook for many years. She disclosed tens of thousands of documents to the Securities and Exchange Commission and to the Wall Street Journal in hopes of some legislative corrections and consequence and some major fixes within the social media organization. Facebook currently has 1.908 billion daily active users (DAUs) on average and those users communicate for thousands of difference reasons across the globe including family connections, transferring money and well even some more nefarious reasons like human trafficking.

Facebook whistleblower pushed data-mining boundaries in ...

So, could it be that the major outage across all Facebook platforms including Instagram and WhatsApp. What is even more interesting is the network is also down for the third party developers that are contracted by Facebook. Could Jack Dorsey at Twitter be gloating? Perhaps, but take caution Mr. Jack.

Instagram boss Adam Mosseri likened a widespread outage affecting all Facebook-owned apps to a “snow day” in a recent tweet.

The tweet was written in response to one user’s post saying, “Instagram should stay offline forever.” Mosseri replied, “Them fighting words… but it does feel like a snow day.”

Sources told the New York Times technology reporter Ryan Mac that “no one can do any work” at Facebook, which has caused internal declarations of a “snow day.”

Mac tweeted “or maybe it’s hydrofoil day” in response, referencing a viral video showing Facebook CEO Mark Zuckerberg riding a hydrofoil surfboard on the Fourth of July.

Social-media managers outside Facebook have also called Monday a social-media “snow day” on Twitter, while apologizing for not being able to reach clients and customers.

Workplace, a communications tool owned by Facebook and used by 7 million paid subscribers, is also down. During a similar Facebook outage two years ago, small businesses lost thousands of dollars in revenue, according to a report by The Verge.

Downdetector has received more than 86,000 user reports of Facebook outages since 11:25 a.m. ET on Monday, according to its website. Of these issues, 79% were related to Facebook’s website, 12% were related to server connections, and 9% were related to the app.

Facebook said in a tweet, “We’re aware that some people are having trouble accessing our apps and products. We’re working to get things back to normal as quickly as possible, and we apologize for any inconvenience.”

Companies that maintain Facebook sign-ins for their customers such as Airbnb or Strava and suffering during the outage as well.

TechRadar reports in part:

The issue may affect other Facebook products, too: some users have also reported issues with the company’s Oculus virtual reality gaming services. Noted Facebook and Twitter data miner Jane Manchun Wong warned users via tweet not to restart their Oculus devices during the outage lest they lose their games

And the outage might have affected Facebook’s real-world infrastructure as well: according to a tweet by New York Times reporter Sheera Frenkel, a Facebook employee reportedly can’t even enter company buildings due to malfunctioning badges.

Facebook outages: what’s going on?

None of the Facebook, Whatsapp, or Instagram accounts have explained what originally caused the outage, leading to speculation and analysis. At this point, most agree that this isn’t a hack or directed attack on Facebook’s infrastructure – instead, evidence shows the company’s network paths to the outside web just disappeared without explanation.

 

Is the U.S. Post Office Slow Service Because it is Becoming a Real Bank?

Posted on by

Slow mail service is on purpose.

WASHINGTON — Americans across the country could start seeing slowdowns in mail delivery as early as Friday, when the US Postal Service implements its new service standards.

The changes, which include longer first-class mail delivery times and cuts to post office hours, are part of embattled Postmaster General Louis DeJoy’s 10-year plan for the agency that he unveiled earlier this year.

'Tis the Season to Renew and Expand the US Postal Service ...
According to USPS spokesperson Kim Frum, the service changes won’t affect about 60% of first-class mail and nearly all periodicals. Within a local area, standard delivery time for single-piece, first-class mail will remain at two days.

However, mail traveling longer distances will take longer to arrive in some cases, due to the USPS increasing transit time.

“These changes would position us to leverage more cost-effective means to transport First-Class packages via ground rather than using costly air transportation, which is also less reliable due to weather, flight traffic, availability constraints, competition for space, and the added hand-offs involved,” Frum said.

Many Democrats have called for the ouster of DeJoy, a major donor to the GOP and former President Donald Trump.

But as there is Federal government scrutiny on the private banking system(s), crypto-currency and all alternate forms of monetary exchange such as PayPal, Facebook, Venmo, Zelle or ApplePay…now it is the US. Postal System that is entering the industry.

The Postal Service Should Not Offer Banking Services | Op ...

The U.S. Postal Service has launched a pilot program to offer customers financial services, an unexpected first step toward realizing a longstanding progressive goal of postal banking.

USPS is testing the program at just four post offices on the East Coast. It will enable individuals to deposit payroll or business checks of up to $500 onto a single-use debit card for a flat fee of $5.95. The offering is far short of the much more comprehensive suite of financial services many advocates and left-leaning lawmakers have sought for years, but still takes USPS in a surprising direction under the leadership of embattled Postmaster General Louis DeJoy.

Postal management worked with the American Postal Workers Union to set up the pilot. APWU has also long advocated for postal banking, including by negotiating it into a previous collective bargaining agreement.

The four sites, located in Washington, D.C.; Falls Church, Virginia; Baltimore; and the Bronx, New York, will not accept any checks larger than $500. The debit cards, to which USPS is referring as “gift cards,” will allow users to withdraw cash from an ATM for a fee or purchase goods online or at retail stores. The American Prospect first reported the pilot.

The initial sites and services are meant to be a “proof-of-concept” test for the Postal Service, APWU officials said. The union is hopeful that USPS will expand the pilot in early 2022, both in terms of services offered and locations where they are available. The easiest areas for expansion would be to allow for gift cards for checks of more than $500. Thousands of post offices already offer Visa gift cards, and management concluded there would be few legal hurdles to simply accepting another form of payment for them. The cards USPS currently has in stock are capped at $500, hence the current maximum. Management is looking to both raise the cap on those and allow for the bundling of multiple cards.

Other services in discussion are a bill pay product, making the cards branded to the Postal Service and reloadable, and wire transfers from one post office to another. USPS has expressed an openness to setting up its own ATMs, though that may require additional statutory authority and is therefore only expected much further down the road. USPS offered banking services for more than 50 years, but stopped in 1967.

Tatiana Roy, a USPS spokeswoman, said that offering “affordable, convenient and secure” services was aligned with DeJoy’s 10-year plan to fix the mailing agency’s finances. The Postal Service this month implemented another key element of DeJoy’s plan, slowing down delivery times for about 40% of First-Class mail while also raising prices above the normal inflation-based rate.

The banking pilot “is an example of how the Postal Service is leveraging its vast retail footprint and resources to innovate,” Roy said.

APWU renewed its push for banking services earlier this year and management took a serious interest. While the union sought a wider array of services in more locations, management told the labor group that “the best way to get started was to get started.”

“It’s a baby step but we’re thrilled to be moving in the right direction,” one union official said.

USPS and APWU have not set specific figures for the number of sites to which the pilot could expand, but those discussions are ongoing. Before Monday when the program gained attention in national media outlets, USPS only announced the availability of the check cashing service through signs in the four affected post offices. The Postal Service is in the midst of soliciting proposals from the private sector for check verification services.

Research from the University of Michigan has found that one-in-four U.S. Census tracts, which are home to 21 million people, do not have any banks within their borders. Advocates for postal banking have highlighted that the private sector often charges high fees for check cashing services and that historically disadvantaged communities are disproportionately impacted by them. APWU has suggested expanding the pilot to all of the Bronx, all of Puerto Rico or to an entire rural county.

Postal management has put together a training session for impacted employees to get them up to speed on the pilot. An APWU official said its members were excited by the new task and recognized it could play a vital role in the future of the Postal Service.

The push for postal banking has gained steam in recent years, even becoming a part of the official platform of the Democratic Party. A House-backed funding bill for fiscal 2022 would require USPS to implement a banking pilot in five rural and five urban ZIP codes. Democratic lawmakers have also put forward legislation to create a public banking system backed by the Federal Reserve, which users would access at post offices. Porter McConnell, co-founder of the Save the Post Office Coalition, praised USPS for launching the pilot but said it was “not enough.”

“Given that experts and elected officials have been calling on the USPS to pilot postal banking for years, these pilots are long overdue,” said McConnell, the daughter of Senate Minority Leader Mitch McConnell, R-Ky. “They are late to this party, but they have at least rung the doorbell.”