Zoom Bombing, don’t be Fooled

So, there are several online conference video chat platforms now being used while businesses continue to operate even while doing the stay at home thing. We are aware of course of the common Skype platform, Uber Conference and gaining huge popularity is Zoom.

Warning to the healthcare industry: Since the United States has launched full tele-health platforms, all parties involved in the session(s) should watch carefully the platform(s) for cyber weirdness. All the same warnings and watchful eyes should be applied to the military across the spectrum as forces too are working from remote locations.

How to Record Zoom Meeting on PC, iPhone

In recent days, I have seen reports of Zoom conference/meeting events getting bombed by rogue players. Every nation while struggling to overcome the pandemic, governments and companies are quite vulnerable to breaches of cyber security due to limited employee resources. What better time for bad actors (read China) to attack?

Zoom has also seen a sharp increase in usage, but the attention the teleconferencing solution is receiving continues to be decidedly mixed. TechCrunch reports that researcher Patrick Wardle has found two local security flaws in Zoom’s macOS client.

***

While Zoom has certainly drawn investors’ eyes in a good way, it’s also attracted the ministrations of white hat researchers, cybercriminals, the plaintiffs’ bar, and state attorneys general. The platform’s encryption isn’t really end-to-end, the Intercept reports. Instead, it uses familiar transport encryption, which gives Zoom itself the potential to access its users’ traffic. The FBI’s Boston Field Office has issued a detailed warning about the ways in which criminals (conventional criminals out for gain, sleazy hacktivists, and skids out for the lulz) have been able to meddle with Zoom sessions. Check Point describes the ways in which criminals have registered domains that include the name “zoom;” these domains are of course up to no good at all. Zoom was also discovered to have been sharing analytic data with Facebook, a practice Zoom halted after it came to public attention, but not in time to forestall a class action suit under California’s Unfair Competition Law, Consumers Legal Remedies Act, and Consumer Privacy Act. And the New York Times reports that all of this news has prompted New York State’s Attorney General to ask Zoom for an explanation of its privacy and security policies.

So, as I was researching for this piece, I received an email from a distant buddy that read in part:

The government has sought the assistance of outside software experts to move online meetings. In one particular instance, my email buddy noted the following”

I have a Zoom warning. We had a Council meeting this afternoon and it had to end immediately. Fortunately, the Council was 99% finished with the meeting. The reason for ending the meeting is because we were Zoom Bombed (yup this is really the name for it). A participant joined the meeting late and his name was Mr. Off. His first name was Jack and he had a middle name “Me”. You can imaging the video. It was horrible. There were three hosts of the meeting that could control participants. The hosts could not see this participant so they didn’t think anything was wrong. Clearly, the hack knows how to enter a meeting without the controlling hosts knowing what is going on. I saw it and ordered the meeting end immediately. The Chair couldn’t see it and was wondering what to heck was wrong with me. It took about 5 more long seconds for me to yell at people to leave the meeting. We all jumped back on the meeting in five minutes and Mr. Off joined the meeting again.

I will add that only half the participants actually saw the act. We also caught it in time to not have it go live on cable or YouTube. Another participant actually viewed video of three other participants that no one else could see and were likely ready to Bomb the meeting.

In the future, we will use passwords for participants. This is unfortunate for the public because they wont be able to join the Zoom part of the meeting. They will still be able to watch it live on local cable and YouTube. We will set up an email and telephone for public comment if the agenda item requires public comment.

I highly recommend you use passwords for future meetings.

Seems we have a new kind of cyber terrorism going on here….espionage at a silent/covert level. Perhaps we can get some kind of press release from the NSA or something.

 

 

Rogue Nations Competing with the X-37B

The Air Force’s X-37B Orbital Test Vehicle Mission 5 successfully landed at NASA’s Kennedy Space Center Shuttle Landing Facility Oct. 27, 2019. The X-37B OTV is an experimental test program to demonstrate technologies for a reliable, reusable, unmanned space test platform for the U.S. Air Force. (Courtesy photo) source

America’s four greatest adversaries are investing in systems that can take out satellites on orbit, including funding laser systems, nuclear power and satellites that shadow American space vehicles.

Russia, China, Iran and North Korea are each researching counterspace capabilities — kinetic or nonkinetic ways to taking out systems in space — according to the annual Global Counterspace Capabilities report, released by the Secure World Foundation.

Defense News was given an exclusive preview of the report, which will available later today and was edited by Brian Weeden and Victoria Samson.

For the first time, the report includes data on the space situational awareness (SSA) capabilities of countries — that is, the ability of nations to track what is moving in various orbits. Japan and India are two nations investing heavily in that area, according to the report, while Iran appears to lag behind.

“This is important because you can’t protect [against] what you can’t see,” said Samson, the organization’s Washington office director. “This doesn’t mean that developing an SSA capability is an indication of an offensive counterspace program, as there are many reasons why you would want that capability. But it is needed if you want to go offensive.”

  The Indian Space Research Organisation’s (ISRO) GSAT-9 on board the Geosynchronous Satellite Launch Vehicle (GSLV-F09), launches in Sriharikota in the state of Andhra Pradesh on May 5, 2017. / AFP PHOTO / ARUN SANKAR (Photo credit should read ARUN SANKAR/AFP/Getty Images)

She also highlighted the fact that in the last year, four of the countries with counterspace investments — India, Japan, France and the U.S. — have launched new military organizations specifically to deal with space-related issues, including a focus, at least in part, on counterspace efforts. In addition, the NATO alliance declared space an “operational domain” in December.

The vast majority of counterspace capabilities continue to reside with Russia, China and the United States, but other nations are funding programs as well. France, India, Japan, Iran and North Korea are all known to be at least investing some money in counterspace efforts, whether through ballistic missile programs or non-kinetic means such as cyberattacks.

The most prominent counterspace example of the last year came from India, which in March controversially launched a missile at one of its satellites, blowing it up and spewing shrapnel around low-earth orbit.

So is a counterspace arms race underway? The authors say no, at least in the context of the nuclear arms race where each country is trying to match the other capability for capability.

Instead, “this is about developing a range of offensive and defensive capabilities to go after an opponent’s space assets while protecting your own,” said Weeden, the organization’s director of program planning. “And I think that’s unfortunately inevitable because more and more countries are using space for military purposes. That drives increased interest in how to counter those uses.”

Added Samson, “it now seems that if you want to be considered a major space power, it’s not enough to have your own satellites, or the ability to launch them, or even the ability to launch other country’s satellites. You want your own counterspace capability.”

The big three

When Pentagon and White House officials talked about the need for a Space Force last year, leaders emphasized a growing threat in space.

“For all their posturing about who’s ‘weaponizing’ space, the big three are all working on a lot of the same technologies and doing a lot of the same things,” particularly rendezvous and proximity operations (RPO) where satellites can maneuver near another nation’s system, said Weeden.

The big three in this case are China, Russian and the United States.

China has run multiple maneuvers with its space-based systems that may be RPO-related, but it’s hard to know whether those capabilities are being developed for counterspace use as opposed to intelligence gathering, the report said.

When it comes to Chinese capabilities, Weeden said to focus on the ground-based anti-satellite weaponry — perhaps not a surprise, given China declared itself a player in counterspace technology by destroying one of its own satellites in 2007.

Beijing is investing in at least one, and perhaps as many as three, kinetic anti-satellite capabilities, “either as dedicated counterspace systems or as mid-course missile defense systems that could provide counterspace capabilities,” according to the report.

“It was robustly tested and appears to be operationally deployed,” Weeden said of those capabilities. “As long as the U.S. still relies on small numbers of very expensive satellites in LEO, I think it will prove to be a significant deterrent.”

While China often becomes the focus of public comments from Defense officials, Weeden said to keep an eye on Moscow, as he was “a bit shocked by the breadth of Russian counterspace programs. For all the concern and hype in the U.S. about China, Russia seems to be putting the most into counterspace.”

Those efforts include the Nudol, a ground-launched ballistic missile designed to be capable of intercepting targets in low-earth orbit; three different programs focused on RPO capabilities; the rebirth of an 1980s era program involving a large laser, to either dazzle or damage a satellite, carried about an IL-76MD-90A transport aircraft; a newly-discovered program called Ekipazh, which involves a nuclear reactor to power a large payload of on-orbit jammers; and what Weeden describes as a “massive” upgrade to SSA capabilities.

“All of that spells a very potent, more operationally-integrated, and more battle-tested package than what I’m seeing in China,” he warned. He added that he believes the public focus on China to be “part of the broader narrative the Trump administration is trying to push with China being the long-term threat they want to focus on. It also helps sell the narrative they’re trying to push on human spaceflight and exploration as well.”

As for the United States, the military has focused more on SSA and defensive counterspace capabilities, a trend Weeden says is due to America being the most reliant on space of the three countries, and hence must “protect its capabilities if it hopes to win a future conflict against Russia or China.” America’s SSA capabilities, in particular, remain well ahead of the rest of the world.

Which isn’t to say the U.S. is skipping out on counterspace investments either. America has a number of options for electronic warfare in space, including proven capabilities to jam enemy receivers within an area of operations; assets with RPO capabilities; and operational midcourse missile defense interceptors that have been demonstrated against low orbit satellites. In addition, there are plans to invest in prototyping directed energy capabilities for space.

One capability to keep an eye on is the X-37B, a spaceplane program that has made five trips into orbit and back to earth. In total, the spacecrafts have spent 2,865 days on orbit cumulatively over its five missions, with its last trip consisting of 780 days in space — more than two years.

The Air Force has been secretive about X-37B missions, often talking broadly about it conducting experiments in space; analysts have long believed that the mission set has at least something to do with counterspace capabilities. That belief was only strengthened by what happened during its last trip during which researchers believe it was used to launch a trio of small cubesats which were not registered in international tracking databases.

“The secret deployment of multiple small satellites raises additional questions about the mission of the X-37B. It suggests that the X-37B may have a mission to serve as a covert satellite deployment platform. The secrecy surrounding both the X-37B and the deployment may indicate they are part of a covert intelligence program, but it may also indicate the testing of offensive technologies or capabilities,” the authors wrote in the report. “The failure to even catalog the deployed satellites, something that is done even for classified U.S. military and intelligence satellites, calls into question the trustworthiness of the public SSA data provided by the U.S. military.”

And that creates potential diplomatic issues, at a time that the need for open discussions about space capabilities across nations should be growing, warned Samson.

“The Russians and Chinese have always pointed at the secrecy surrounding the X-37B program as evidence of malevolent intentions by the United States,” she said. “The fact that the U.S. released objects from the X-37B and didn’t register them feeds absolutely into that narrative and causes ripple effects that harm other multilateral discussions on space security and stability.”

Terrifying Facts about our Prescription Drugs

Congress, the FDA and the Pentagon is well aware of how tainted many of the drugs from China.

Priest, a retired Army colonel, delivered these remarks July 31 on Capitol Hill at a meeting of the U.S.-China Economic and Security Review Commission. The commission in-part investigates national security risks related to foreign trade and provides recommendations to Congress.

The U.S. purchases of drugs from foreign countries came under scrutiny earlier this year, when the Food and Drug Administration discovered that carcinogens in generic products used to treat high blood pressure and heart failure. Some of those drugs made their way to military treatment facilities, where veterans pick up their prescriptions.

The 10 most prescribed drugs are found here.

Made in China: new and potentially lifesaving drugs - SFGate source

The common debate on Capitol Hill has been the cost of prescription drugs, when the 800 lb. gorilla in the room has been uncontrolled ingredients in over-the-counter drugs as well as prescription that legislators have known about but ignored. The same debate continues with medical devices manufactured in China. The United States does not even produce vitamin C. Yeesh, and China has been called a drug cartel of distinction because of trafficking fentanyl.

Communist China controls 80% of American drugs - Metro ...

GoodRx, commercials often seen on TV to save money by using their APP recently published the following about bizarre ingredients:

1) Gold

Gold, of course, has been used for thousands of years in jewelry, but few know that it has therapeutic properties. Today, we have the oral anti-inflammatory medication, Ridaura (auranofin), which is used to treat rheumatoid arthritis. Likewise, an injectable gold known as gold sodium thiomalate (GST) is injected weekly or monthly into joints to treat arthritis. Fancy.

2) Saliva of a Gila monster

Ok, that’s slightly misleading. Exenatide, the active ingredient in Byetta and Bydureon, and an important medicine to control blood sugar in diabetics, is a man-made form of a protein found in the saliva of the Gila monster, a poisonous lizard native to the southwestern United States. Still weird.

3) Urine from pregnant horses

Premarin, a medication used as hormone replacement therapy to treat symptoms of menopause, comes from estrogen hormones isolated from pregnant horse urine. Yep.

4) Rooster combs

Synvisc and Synvisc-One (Hylan G-F 20), injectable medications given for knee arthritis to provide pain relief for up to six months, both contain hyaluronan, which is made from chicken combs. Hyaluronan makes joint fluid more flexible and fluid, so there’s better shock absorption in the knee. Cock-a-doodle-doo.

5) Poop

“Fecal pills”, used in fecal microbiota transplantations (FMTs), are capsules containing frozen bacteria collected from the stool of donor patients. Fecal pills taken orally have been shown to be 96% effective in treating C. diff diarrhea. A truly hard pill to swallow.

6) Formaldehyde

Yes, you heard that right. Formaldehyde, the main ingredient in embalming fluid and a common substance in household cleaning products, is used in medicine. Hiprex, which contains methenamine, is making a resurgence in popularity as an effective medication for preventing recurrent urinary tract infections. And methenamine works when it’s converted in urine to formaldehyde, the same chemical we use to embalm dead bodies.

7) Fish

While not exactly gross, the contribution of marine life to medicines is worth mentioning. Lovaza, the only pharmaceutical-grade fish oil on the market, is used to lower triglycerides, a type of fat found in your blood that can increase your risk of heart disease at high enough levels. The oils in cooked masses of fish are separated from the solids—and that’s how you get Lovaza. Ok, not so bad.

8) Urine from postmenopausal women

The urine of postmenopausal women is in many follicle stimulating hormone (FSH) preparations, including Repronex and Bravelle, which are used to treat infertility. Unlike donated blood, where the donation can be traced to one donor, these medications are made with pooled urine from multiple donors, so there’s some concern over safety. That’s why Follistim, which contains synthetic FSH is a good alternative. Pools of urine.

9) Pig pancreas

Creon (pancrelipase) is made from the pancreas of pigs and is available only with a prescription. Creon is used in patients who lack full pancreatic functionality, whether because of cystic fibrosis, chronic pancreatitis, type 1 diabetes or removal of the pancreas. Oink.

10) Pig thyroid gland

Armour thyroid comes from the dried out thyroid glands of pigs. Armour thyroid is prescribed for underactive thyroid, or hypothyroidism, and is less tightly regulated than Synthroid, a manufactured form of thyroid hormone. Oink take 2.

Setting aside for a moment how the United States has in recent days complained about China’s lack of cooperation with the United States over COVID-19, other nations have as well. Just a few day ago, the UK published an immediate report stating that China was to blame and noted that the lack of truth from China has caused the global health crisis.

So, there is an immediate movement authorized by President Trump to fast track domestic manufacture production of many top medicines not only for treating COVID-19 but other most prescribed drugs as well. The FDA is fast tracking several variations of chloroquine, which has several names including Aralen,Plaquenil or Avigan already used to treat COVID-19. Yes, however, this comes from China as well. In fact Wuhan and Shenzhen treated coronavirus patients with favipiravir with excellent success, meaning patient’s tests are negative just after 3-4 days.

***

Sen. Tom Cotton (R., Ark.) introduced legislation Thursday to repatriate pharmaceutical manufacturing from China to America, aiming to reduce a dependency that could seriously limit the U.S. coronavirus response.

The bill, which Cotton introduced with Rep. Mike Gallagher (R., Wis.), aims to severely curtail the volume of Chinese active pharmaceutical ingredients (APIs) from the U.S. medical drug supply. The PRC currently produces most of the world’s APIs—the “active ingredients” in commonly used drugs—leaving the United States and other nations critically dependent on it for medicines.

Cotton’s is just the latest proposal to onshore pharmaceutical supply chains, including a similar one from Sen. Marco Rubio (R., Fla.) and rumblings from the White House about a “buy American” executive order. Prompted by the coronavirus pandemic, many are beginning to see the cost-savings from Chinese-made pharmaceuticals as not worth the risk of undersupply during another pandemic, or during a potential conflict with America’s main geostrategic rival. More here.

 

 

Govt Report on Prevention of Nationwide Cyber Catastrophe

A good first step for sure, however there needs to be a government-wide decision on cyber attacks being an act of war and how to respond.

***

The Cyberspace Solarium Commission’s proposes a strategy of layered cyber deterrence. Our report consists of over 80 recommendations to implement the strategy. These recommendations are organized into 6 pillars:
  1. Reform the U.S. Government’s Structure and Organization for Cyberspace.
  2. Strengthen Norms and Non-Military Tools.
  3. Promote National Resilience.
  4. Reshape the Cyber Ecosystem.
  5. Operationalize Cybersecurity Collaboration with the Private Sector.
  6. Preserve and Employ the Military Instrument of National Power.

Click here to download the full report.

A much-anticipated government report aimed at defending the nation against cyber threats in the years to come opens with a bleak preview of what could happen if critical systems were brought down.

“The water in the Potomac still has that red tint from where the treatment plants upstream were hacked, their automated systems tricked into flushing out the wrong mix of chemicals,” the Cyberspace Solarium Commission wrote in the opening lines of its report.

“By comparison, the water in the Lincoln Memorial Reflecting Pool has a purple glint to it. They’ve pumped out the floodwaters that covered Washington’s low-lying areas after the region’s reservoirs were hit in a cascade of sensor hacks,” it continues.

So begins the report two years in the making from a congressionally mandated commission made up of lawmakers and top Trump administration officials, pointing to the vulnerabilities involved with critical systems being hooked up to the internet.

The report, which includes more than 75 recommendations for how to prevent the cyber doomsday it spells out, and the commission that made it were both mandated by the 2019 National Defense Authorization Act (NDAA).

The commissioners, who include co-chairmen Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wis.), highlight a range of issues to address, but zero in on election security as “priority.”

“The American people still do not have the assurance that our election systems are secure from foreign manipulation,” King and Gallagher wrote in the report. “If we don’t get election security right, deterrence will fail and future generations will look back with longing and regret on the once powerful American Republic and wonder how we screwed the whole thing up.”

The focus on shoring up election security, and the agreed-upon recommendations for how to do this, sets the report apart from the approach to the subject on Capitol Hill, where it has been a major issue of contention between Republicans and Democrats since Russian interference in the 2016 presidential election.

Beyond election security, the commissioners call for overarching government reform to address cyber vulnerabilities. Chief among these is calling on the White House to issue an updated national strategy to address cyber threats and to establish a national cybersecurity director position to coordinate efforts.

In terms of congressional action, commissioners recommend that Congress create cybersecurity committees in both the House and Senate, establish a Bureau of Cybersecurity Statistics, and establish an assistant secretary position at the State Department to lead international efforts around cybersecurity.

“While cyberspace has transformed the American economy and society, the government has not kept up,” commissioners wrote in calling for reforms.

The commission also zeroed in on “imposing costs” to adversaries who attempt to attack the U.S. online. In order to do so, it recommended that the Department of Defense conduct vulnerability assessments of its weapons systems, including nuclear control systems, and that it make cybersecurity preparedness a necessity.

The Cybersecurity and Infrastructure Security Agency, the Department of Homeland Security’s cyber agency, would be empowered as the “lead agency” at the federal level.

The report’s recommendations were debated on and pinpointed by a group of high-ranking commissioners who also included FBI Director Christopher Wray, Deputy Secretary of Defense David Norquist, Transportation Security Administration Administrator David Pekoske, Sen. Ben Sasse (R-Neb.), and Rep. James Langevin (D-R.I.).

Langevin said in a statement on Wednesday that the report is intended to shore up the nation’s cyber “resiliency for years to come.”

“Our charge in drafting this report was to prevent a cyber event of significant national consequence, and we know that the short- and long-term recommendations we crafted will better position us to realize the promise of the Internet, while avoiding its perils,” Langevin said. “The sooner our recommendations are implemented, the better positioned the country will be to prevent and respond to incidents that can disrupt the American way of life.”

The report’s recommendations may soon have real-world consequences on Capitol Hill.

Rep. John Katko (R-N.Y.), the ranking member on the House Homeland Security Committee’s cyber panel, told The Hill this week that there “definitely will be some legislation” stemming from the report’s recommendations, and that hearings would likely be held.

Katko noted that he had talked with Senate Homeland Security Committee Chairman Ron Johnson (R-Wis.) about the Senate also taking action around the report.

“This report screams of the need for bipartisan action on this, and I hope that we can leave the politics out of it, and I hope we can attack these problems quickly and effectively,” Katko said.

Rep. Cedric Richmond (D-La.), the cyber subcommittee’s chairman, opened a hearing on Wednesday by praising the report’s recommendations and saying he looked forward to working to “codifying” the ideas alongside House Homeland Security Committee Chairman Bennie Thompson (D-Miss.).

Industry groups also reacted positively to the report’s recommendations. Tom Gann, the chief public policy officer of cybersecurity firm McAfee, told The Hill in a statement that he agreed with most of the report’s findings and hoped that they are “acted upon with speed.”

Protect Our Power, a nonprofit with the goal of protecting the electric grid, also praised the report.

“These are compelling recommendations, echoing issues we have highlighted for several years now, and action is long overdue,” Jim Cunningham, executive director of the group, said in a statement. “Without a reliable supply of electricity before, during and following a disabling cyberattack, none of our critical infrastructure can function.”

While there may be legislative action soon – and praise from industry groups – both Gallagher and King emphasized in the report that their main aim was for it to open the eyes of Americans to the dangers posed by cyberattacks on critical systems.

“The status quo is inviting attacks on America every second of every day,” the co-chairmen wrote. “We all want that to stop. So please do us, and your fellow Americans, a favor. Read this report and then demand that your government and the private sector act with speed and agility to secure our cyber future.”

DOD Contractor at Pentagon Charged with Espionage

(WASHINGTON) — A linguist working for the U.S. military who kept a list of secret informants hidden under her mattress was charged with sharing the names with a romantic interest linked to the Lebanese militant group Hezbollah, the Justice Department said Wednesday.

Mariam Taha Thompson, 61, appeared in Washington’s federal court on Wednesday to face charges in an espionage case that investigators said put at risk the lives of American military members and confidential sources and represented a significant breach of classified information.

Traductora del Departamento de Defensa de EE. UU. es ...

The criminal case accuses Thompson, a contract translator, of giving to the unidentified Lebanese man the names of U.S. government sources and the information they provided. That effort, according to the government, accelerated during a six-week period from the end of December, when U.S. airstrikes targeted Iranian-backed forces in Iraq and exacerbated relations between the two countries, through the middle of last month.

Assistant Attorney General John Demers, the Justice Department’s top national security official, called the alleged conduct “a disgrace, especially for someone serving as a contractor with the United States military. This betrayal of country and colleagues will be punished.”

Thompson’s court appearance, on charges that could carry life in prison, was brief and ended with her being detained until a hearing next Wednesday. Her attorney did not return a phone message afterward.

Thompson was arrested last week at the military facility in Erbil, Iraq, where prosecutors say she worked as a contract linguist. The Defense Department said it was aware of the arrest and was cooperating with the investigation.

After the arrest, prosecutors say, Thompson acknowledged that she passed secret information to a man she was romantically interested in, but said she did not know that he had any affiliation with Hezbollah. She instead said she thought he might have been tied to the Amal political party in Lebanon, though she later said she considered the groups to be the same.

“No, I don’t know about Hizbollah. I hate Hizbollah,” Thompson told an agent, according to an affidavit unsealed Wednesday. She described members of the group, which the U.S. has designated as a foreign terrorist organization, as “terrorists” and “like the octopus. They can reach anybody.”

Thompson also told the agent that she passed along classified information by memorizing it, writing it down and transmitting it via the video feature of a secure messaging application on her cellphone. One screenshot of a video chat the FBI says it obtained showed Thompson displaying to the Lebanese man an Arabic note describing the technique an informant had used to collect information, according to the affidavit.

 

 

 

 

 

 

 

 

 

The 12 page affidavit is found here.