Cybersecurity and Cyberwarfare

The use of computers and the Internet in conducting warfare in cyberspace.

Russian Hackers Stole NSA Data on U.S. Cyber Defense

Apparently, hackers working for the Russian government stole details of how the US penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material and put it on his home computer. The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab.

The theft, which hasn’t been disclosed, is considered by experts to be one of the most significant security breaches in recent years. It offers a rare glimpse into how the intelligence community thinks Russian intelligence exploits a widely available commercial software product to spy on the US. The incident occurred in 2015 but wasn’t discovered until spring of 2016, apparently.The stolen material included details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the US.

Russia Targets NATO Soldier Smartphones, Western Officials Say

Russia has opened a new battlefront with North Atlantic Treaty Organization (NATO), according to Western military officials, by exploiting a point of vulnerability for almost all allied soldiers: their personal smartphones. Troops, officers and government officials of NATO member countries said Russia has carried out a campaign to compromise soldiers’ smartphones.

The aim, they say, is to gain operational information, gauge troop strength and intimidate soldiers. Russian officials deny that Moscow stages such attacks. US and other Western officials said they have no doubt Russia is behind the campaign. They said its nature suggests state-level coordination, and added that the equipment used, such as sophisticated drones equipped with surveillance electronics, is beyond the reach of most civilians.

Yahoo says every account — all 3 billion of them — was affected by 2013 breach

All 3 billion Yahoo accounts were affected by a 2013 data breach — three times as many as the company first reported. In December, Yahoo disclosed that hackers stole information that could be connected to more than 1 billion accounts, an incident that was then believed to be the most users affected in a single breach. The company updated that tally Oct 3, saying on its website that outside forensic experts analyzed “recently obtained additional information” that shows “all accounts that existed at the time of the August 2013 theft were likely affected.” The stolen data could include names, email addresses, phone numbers, dates of birth, passwords that have been scrambled, or “hashed,” and encrypted or unencrypted security questions or answers, the company said.

President Trump signed presidential directive ordering actions to pressure North Korea

Early in his administration, President Donald Trump signed a directive outlining a strategy of pressure against North Korea that involved actions across a broad spectrum of government agencies and led to the use of military cyber-capabilities, according to US officials.

As part of the campaign, US Cyber Command targeted hackers in North Korea’s military spy agency, the Reconnaissance General Bureau, by barraging their computer servers with traffic that choked off Internet access. The effects were temporary and not destructive, officials said. Nonetheless, some North Korean hackers griped that lack of access to the Internet was interfering with their work. A senior administration official said, “What I can tell you is that North Korea has itself been guilty of cyberattacks, and we are going to take appropriate measures to defend our networks and systems.”

Thousands of Macs and PCs may be vulnerable to a sophisticated kind of computer attack

An analysis of more than 70,000 Mac computers being used in businesses and organizations has revealed a firmware vulnerability that could be exploited by a determined, well-resourced attacker such as a foreign government. Thousands of computers, if not more, are potentially in danger. While Apple devices were the focus of the study released Sept 29 by the firm Duo Security, experts at the company said that Windows-based machines are even more likely to be at risk, because of the range of manufacturers involved in building those types of PCs.

The flaw outlined by Duo Security researchers Rich Smith and Pepijn Bruienne concerns Apple's Extensible Firmware Interface, or EFI, which helps computers boot up and run the main operating systefam. Because all subsequent hardware and software operations are dependent on the EFI, allowing hijackers to gain control of it could prove disastrous.

Senate Panel Reviews FTC Data Security Enforcement Powers

The recent Equifax Inc data breach prompted Sens at a Sept 26 hearing to question whether the Federal Trade Commission has the proper authority to effectively enforce data security standards. How to better define the Federal Trade Commission’s authority to oversee corporate data security is a long-standing issue, and U.S. credit bureau Equifax’s breach compromising the personal data of 143 million consumers has, at least for the moment, further raised interest in the subject.

The Senate Commerce Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security heard testimony on proposals to improve the FTC’s handling of consumer protection issues, including its role in overseeing data security efforts. Subcommittee Chairman Jerry Moran (R-KS) said that there will be a full committee hearing on the Equifax data breach in “mid-October.” Subcommittee Ranking Member Richard Blumenthal (D-CT) said that he will soon introduce legislation to allow the FTC to investigate any data breaches, exercise oversight, and issue penalties.

Russian Interference in 2016 US Election, Bots, & Misinformation

Earlier this summer we outlined some of our work to combat bots and networks of manipulation on Twitter. Since then, we have received a number of questions about how malicious bots and misinformation networks on Twitter may have been used in the context of the 2016 U.S. Presidential elections. Sept 28, Twitter Vice President for Public Policy Colin Crowell met with staff from Senate Select Committee on Intelligence and House Permanent Select Committee on Intelligence to discuss these issues.

Of the roughly 450 accounts that Facebook recently shared as a part of their review, we concluded that 22 had corresponding accounts on Twitter. All of those identified accounts had already been or immediately were suspended from Twitter for breaking our rules, most for violating our prohibitions against spam. In addition, from those accounts we found an additional 179 related or linked accounts, and took action on the ones we found in violation of our rules. Neither the original accounts shared by Facebook, nor the additional related accounts we identified, were registered as advertisers on Twitter. However, we continue to investigate these issues, and will take action on anything that violates our Terms of Service.

Enough is enough: How to stop Russia’s cyber-interference

[Commentary] Actual policy actions to protect our vote from outside interference have been next to nil. That needs to change now.

First, and most obviously, our cybersecurity must be strengthened. We need greater education on how to prevent cyberattacks; more coordination between layers for cybersecurity at the individual, group and government levels; and new government regulation mandating upgrades in cybersecurity for everyone and everything involved in the electoral process. Second, information about Russian state propaganda — not censorship of these content providers — must be provided to the American people. Third, foreign purchase of advertisements aimed at influencing elections must be prohibited. Fourth, Americans who colluded with Russian (or any foreign) actors to influence the outcome of our elections must be punished.

[Michael McFaul is director of the Freeman Spogli Institute for International Studies and a Hoover fellow at Stanford University. He was previously special assistant to President Obama at the National Security Council from 2009-2012 and former U.S. ambassador to Russia from 2012-2014]

Phish For the Future

This report describes “Phish For The Future,” an advanced persistent spearphishing campaign targeting digital civil liberties activists at Free Press and Fight For the Future. Between July 7th and August 8th of 2017 we observed almost 70 spearphishing attempts against employees of internet freedom NGOs Fight for the Future and Free Press, all coming from the same attackers.

US asks China not to enforce cyber security law

The United States has asked China not to implement its new cyber security law over concerns it could damage global trade in services. China ushered in a tough new cyber security law in June, following years of fierce debate around the move that many foreign business groups fear will hit their ability to operate in the country. The law requires local and overseas firms to submit to security checks and store user data within the country. The United States, in a document submitted for debate at the World Trade Organization Services Council, said if China’s new rules enter into full force in their current form, as expected by the end of 2018, they could impact cross-border services supplied through a commercial presence abroad.

“China’s measures would disrupt, deter, and in many cases, prohibit cross-border transfers of information that are routine in the ordinary course of business,” it said. “The United States has been communicating these concerns directly to high level officials and relevant authorities in China,” the US document said, adding it wanted to raise awareness among WTO members about the potential impact on trade. “We request that China refrain from issuing or implementing final measures until such concerns are addressed.”