Information Warfare – how the internet is undermining our life and all humanity.

Here’s how Internet of Things malware is undermining privacy
https://www.privateinternetaccess.com/blog/2019/04/heres-how-internet-of-things-malware-is-undermining-privacy/

Surveillance Capitalism – Integrity of Democracy – really NOTHING IS WHAT IT SEEMS.

IoT vendors ignore basic security best practices, CITL research finds
Adding flags for security features when building IoT firmware binaries would dramatically improve the security of IoT devices across the board. Almost no one is doing it, and the problem is getting worse, not better, according to new research from the CITL mass fuzzing project.
https://www.itworld.com/article/3436877/iot-vendors-ignore-basic-security-best-practices-citl-research-finds.html

Huge Survey of Firmware Finds No Security Gains in 15 Years
We found no consistency in a vendor or product line doing better or showing improvement. There was no evidence that anybody is making a concerted effort to address the safety hygiene of their products – Sarah Zatko
https://securityledger.com/2019/08/huge-survey-of-firmware-finds-no-security-gains-in-15-years/

On average, updates were more likely to remove hardening features than add them.” Hi, we fixed your bug and made it easier to exploit the next one you find. https://twitter.com/WeldPond/status/1166029178845769728

Five vendors accounted for 24.1% of vulnerabilities in 2019 so far

Five vendors accounted for 24.1% of vulnerabilities in 2019 so far

Secret Service Investigates Breach at U.S. Govt IT Contractor
https://krebsonsecurity.com/2019/09/secret-service-investigates-breach-at-u-s-govt-it-contractor/

FIN7’s IT admin pleads guilty for role in billion-dollar cybercrime crew
https://www.cyberscoop.com/fin7-fedir-hladyr-guilty-carbanak/

Report reveals play-by-play of first U.S. grid cyberattack
A first-of-its-kind cyberattack on the U.S. grid created blind spots at a grid control center and several small power generation sites in the western United States, according to a document posted yesterday from the North American Electric Reliability Corp.
https://www.eenews.net/stories/1061111289

Weakness in Intel chips lets researchers steal encrypted SSH keystrokes
https://arstechnica.com/information-technology/2019/09/weakness-in-intel-chips-lets-researchers-steal-encrypted-ssh-keystrokes/

“We published a thing today!
It’s on how DHS collects, uses, & shares individuals’ social media data in the name of national security. It’s the most comprehensive treatment we’re aware of,  it does a deep dive into ICE, CBP, USCIS,  TSA. @FaizaPatelBCJ
https://www.brennancenter.org/publication/social-media-monitoring

“Baltimore’s IT office warned between 2016 and 2017 that a pair of aged servers were “a natural target for hackers” If they were attacked? “There is no way of estimating the financial loss that could occur.” The city won’t say if the warning was acted on
https://www.baltimoresun.com/maryland/baltimore-city/bs-md-ci-old-servers-20190530-story.html

To secure itself, the West needs to figure out where all its gadgets are coming from. Here’s why that’s so difficult.” Excellent take on supply chain security, @ForeignPolicy. Also important: transparency, critical infrastructure and how software elements are combined.
https://twitter.com/LiisaPast/status/1124121388384571393

Employees from Israeli spyware vendor Ability arrested in probe of ‘significant’ issues
https://www.cyberscoop.com/ability-inc-spyware-sec-arrests/

The Spycraft Revolution – Foreign Policy
https://foreignpolicy.com/2019/04/27/the-spycraft-revolution-espionage-technology/

Kevin Mallory: Ex-CIA agent jailed for spying for China
https://www.bbc.com/news/world-us-canada-48319058

The Shadow War’: How a Chinese spy stole some of the Pentagon’s most sensitive secrets
https://www.cnn.com/2019/05/14/politics/shadow-war-chinese-spy/index.html

It Sure Looks Like Jeffrey Epstein Was a Spy—But Whose?
https://observer.com/2019/07/jeffrey-epstein-spy-intelligence-work/

James LaPorta on Twitter: “Why I could never be a member of the @CIA – this tradecraft would call into question my loyalty to the job and I may have a conversation with Human Resources and my labor
https://twitter.com/JimLaPorta/status/1168533709923987456

Infamous surveillance tech vendor makes pledge to follow UN human rights policy
https://www.zdnet.com/article/surveillance-tech-vendor-makes-pledge-to-follow-un-human-rights-policy/

How Dutch Company

A year-long investigation by BBC Arabic and a Danish newspaper has uncovered evidence that the UK defence giant BAE Systems has made large-scale sales across the Middle East of sophisticated surveillance technology, including to many repressive governments. These sales have also included decryption software which could be used against the UK and its allies. While the sales are legal, human rights campaigners and cyber-security experts have expressed serious concerns these powerful tools could be used to spy on millions of people and thwart any signs of dissent. The investigation began in the small Danish town of Norresundby, home to ETI, a company specialising in high-tech surveillance equipment.
https://www.zdnet.com/article/surveillance-tech-vendor-makes-pledge-to-follow-un-human-rights-policy/

Israel accused of planting mysterious spy devices near the White House
https://www.politico.com/story/2019/09/12/israel-white-house-spying-devices-1491351

Employees from Israeli spyware vendor Ability arrested in probe of ‘significant’ issues
https://www.cyberscoop.com/ability-inc-spyware-sec-arrests/

Materials of@NSAGov NCCP course “Principles of Cyber Law and Policy”, created by Penn State University (50MB .zip, April 2019) cyberwar.nl/d/norobots/201 licensed under CC-BY-4.0; publicly shareable. Source (d/l free after reg.): clark.center/details/kkuczy
https://t.co/Xs3ZA3Grl9?amp=1
The War Nerd (@TheWarNerd)
Power’s Pathetic Libyan War Excuse
Blackwater founder Erik Prince’s new private security firm (Frontier Services Group) has reportedly sent mercenaries into Libya to fight alongside warlord Khalifa Haftar. You know who else has sent mercenaries to fight alongside Haftar? Russia.
https://twitter.com/RVAwonk/status/1123056549755330560

ELECTIONS

C’mon People Election security isn’t that hard!!!! God Damn It !!!
An Op-Ed From the Future on Election Security
https://www.lawfareblog.com/op-ed-future-election-security

By Alex Stamos
Lawfare.com
September 4, 2019

There have been many pieces, in Lawfare and elsewhere, about the weaknesses in America’s political and election systems. In my career as a security executive, I sometimes found it difficult to communicate risk to non-expert audiences when focusing on a specific vulnerability. It is often more effective to paint a dire but realistic scenario relying on the proven capabilities of real adversaries combined with a variety of known, systemic issues.
Below is a potential Lawfare piece from New Year’s Day 2021, following a not-quite-worst-case scenario of election interference using real vulnerabilities in U.S. electoral systems, as well as social media, traditional media and the political sphere. For a more thorough discussion of weaknesses and recommended mitigations, please see the election security report from my colleagues and me at Stanford’s Cyber Policy Center.

***

Jan. 1, 2021

New Year’s Day is traditionally spent recovering from the previous night’s revelry. This year, the United States awakens to the greatest New Year’s hangover in the country’s almost 245-year history: a crisis of constitutional legitimacy as all three branches of government continue to battle over who will take the presidential oath of office later this month. This coming Wednesday, Jan. 6, a joint session of Congress will meet for what is a traditionally perfunctory counting of the Electoral College votes. With lawsuits still pending in seven states, both major-party candidates claiming victory via massive advertising campaigns and the president hinting that he might not accept the outcome of the vote, it’s time to reflect on how everything went so very wrong.
The first signs of external interference were seen in the spring of 2020. As the Democratic primary field narrowed, a group of social media accounts that had voiced strong support for particular candidates early on pivoted from supporting their first-choice candidates to alleging that the Democratic National Committee (DNC) had unfairly rigged the primary. The uniform nature of these complaints raised eyebrows, and an investigation by Twitter, Google and Facebook traced the accounts back to American employees of a subsidiary of the Sputnik News Agency—an English-language media entity owned by the Russian state. Yet as these groups were careful not to run political ads and to use U.S. citizens to post the content, there was no criminal predicate for deeper law enforcement investigations.
The activity around the election intensified in the summer, when medical records for the son of the presumptive Democratic nominee were stolen from an addiction treatment center and seeded to the partisan online media. But that wasn’t all: Less than 24 hours later, embarrassing photos from the phone of the incumbent president’s single, Manhattanite daughter were released on the dark web. While the FBI has remained silent on the matter, citing an ongoing investigation, the New York Times recently quoted anonymous NSA officials attributing the first leak to Russia’s SVR intelligence service and the latter to the Chinese Ministry of State Security. As to why Russia and China appear to be backing opposing candidates, America’s adversaries do not necessarily share the same geopolitical goals, and it is clear that the Chinese are no longer willing to sit on the sidelines of U.S. politics while the Russians interfere. <snip>

Donate by mail | Elizabeth Warren
https://elizabethwarren.com/give-by-mail/
In this second clip, the interviewer displays the widespread attitude that led to the ’08 crash.”The houses around me are rising in price. It makes sense that I should be able to harness some of that rising real estate value” Warren proceeds to give him a quick economics lesson
https://twitter.com/TheLoveBel0w/status/1125601225192411138
“Apple’s continued capricious, opaque administration of the App Store is scandalous and a stain on the company. May ⁦@ewarren⁩’s call to prevent tech companies from competing against their own stores become law!
https://twitter.com/dhh/status/1122170652151037952
Hackers Could Steal a Tesla Model S by Cloning Its Key Fob—Again
https://www.wired.com/story/hackers-steal-tesla-model-s-key-fob-encryption/

WATCH THE GREAT HACK

Leave a Reply

Your email address will not be published. Required fields are marked *