Cyber Security November 2018

This posting is here to collect security alert news in September 2018.

I post links to security vulnerability news to comments of this article.

You are also free to post related links.

558 Comments

  1. Tomi Engdahl says:

    Who is tessa88? Security Researchers Believe They Know Hacker’s True Identity
    https://www.securityweek.com/researchers-reveal-identity-hacker-behind-massive-data-breaches

    Recorded Future security researchers believe they were able to correctly identify the individual who in 2016 leaked data stolen in high profile data breaches such as LinkedIn, Twitter, Tumblr, and others.

    In early 2016, using various aliases, the individual posted on several underground forums, attempting to sell an extensive list of compromised, high-profile databases, such as LinkedIn, VKontakte, Yahoo, Yandex, Rambler, Myspace, Badoo, QIP, and Mobango.

    Mostly known as tessa88, the hacker was banned from dark web communities within several months, and ceased all communication with both the media and the public.

    Reply
  2. Tomi Engdahl says:

    Facebook Increases Rewards for Account Hacking Vulnerabilities
    https://www.securityweek.com/facebook-increases-rewards-account-hacking-vulnerabilities

    According to Facebook, researchers can earn up to $40,000 if they report an account hijacking flaw that does not require any user interaction, and $25,000 if minimum user interaction is required for the exploit to work.

    Reply
  3. Tomi Engdahl says:

    Infamous Russian Hacking Group Used New Trojan in Recent Attacks
    https://www.securityweek.com/infamous-russian-hacking-group-used-new-trojan-recent-attacks

    A well known Russian state-sponsored cyber-espionage group has used a new Trojan as a secondary payload in recent attacks targeting government entities around the globe, Palo Alto Networks reports.

    Also known as APT28, Fancy Bear, Pawn Storm, Sednit and Strontium, the Sofacy group is believed to have orchestrated the attacks targeting the 2016 presidential election in the United States.

    Reply
  4. Tomi Engdahl says:

    http://www.etn.fi/index.php/13-news/8757-espoolaislukiolaiset-loysivat-tietoturva-aukkoja

    Espoolaiset lukiolaiset ovat löytäneet lukuisia tietoturvaongelmia Espoon eri nettipalveluista. Lukiolaiset löysivät muun muassa Espoon kehitysvaiheessa olevista järjestelmistä kaikkiaan seitsemän ongelmaa, joista osa liittyi käytettävyyteen ja osa oli selkeitä tietoturvahaavoittuvuuksia

    Löydökset liittyvät loka-marraskuussa käynnissä olleeseen Hack with Espoo -nimiseen eettisen hakkeroinnin kurssiin

    Reply
  5. Tomi Engdahl says:

    Käteisautomaatin hakkerointiin ei kulu kahvitaukoa kauempaa – Suomessakin syytä huoleen
    https://www.tivi.fi/Kaikki_uutiset/kateisautomaatin-hakkerointiin-ei-kulu-kahvitaukoa-kauempaa-suomessakin-syyta-huoleen-6750192

    Pankkien turvallisuuteen erikoistuneen Positive Technologiesin asiantuntijat testasivat NCR:n, Diebold Nixdorfin ja GRGBankingin valmistamia käteisautomaatteja, kirjoittaa ZDNet.

    NCR:n ja Diebold Nixdorfin laitteita käytetään myös Suomessa Ottopisteiden automaatteina, ilmenee Oton verkkosivuilta.

    Most ATMs can be hacked in under 20 minutes
    Experts tested ATMs from NCR, Diebold Nixdorf, and GRGBanking.
    https://www.zdnet.com/article/most-atms-can-be-hacked-in-under-20-minutes/

    An extensive testing session carried out by bank security experts at Positive Technologies has revealed that most ATMs can be hacked in under 20 minutes, and even less, in certain types of attacks.

    Experts tested ATMs from NCR, Diebold Nixdorf, and GRGBanking, and detailed their findings in a 22-page report published this week.

    Reply
  6. Tomi Engdahl says:

    https://www.tivi.fi/Kaikki_uutiset/tietoturvaekspertti-neuvoo-unohda-harvoin-kaytettavat-salasanat-6750202

    Wianin neuvo on, että harvemmin käytettävät salasanat kannattaa suosiolla unohtaa, sillä ihmiset käyttävät niissä muistisääntöjä, jotka tekevät salasanoista haavoittuvaisia.

    ”Koko salasanojen ajatus lähtee siitä, että sen pitäisi olla käyttäjälle helppo mutta hakkeroijalle vaikea este. Minusta teknologia ei tue tätä, koska nykypäivän vaatimuksien vuoksi salasanat ovat usein vaikeita käyttää, mutta kyberrikollisille todella mitätön este.”

    Wian onkin ilahtunut siitä, että monet verkkokaupat vaativatkin tilin luomista vasta, jos asiakas haluaa jälkikäteen tarkastaa ostoksiaan. Muuten kauppojen käyttäjätili on pitkälti täysin turha, ja vieläpä tietoturvan kannalta vaarallinen.

    https://computersweden.idg.se/2.2683/1.710639/glom-losenord

    Reply
  7. Tomi Engdahl says:

    Tietoturva on jokaisen vastuulla – tässä neljä tapaa pitää tärkeä data turvassa
    https://www.tivi.fi/CIO/tietoturva-on-jokaisen-vastuulla-tassa-nelja-tapaa-pitaa-tarkea-data-turvassa-6750178

    Four ways to secure sensitive data
    https://www.itpro.co.uk/security/32397/four-ways-to-secure-sensitive-data

    Read our tips to ensure that your business and customer data is kept as secure as possible

    Keeping data safe has never been more critical for businesses, but implementing effective security can sometimes seem overwhelming, with a huge range of options.

    There’s no silver bullet for guaranteeing security of your organisation’s data, but a layered approach, combining tools, practices and culture can make sure that as much has been done as possible.

    Reply
  8. Tomi Engdahl says:

    Aurora / Zorro Ransomware Actively Being Distributed
    https://www.bleepingcomputer.com/news/security/aurora-zorro-ransomware-actively-being-distributed/

    A ransomware that has been distributed since the summer of 2018 has started to pick up steam in the latest variant. This new variant is currently being called Zorro Ransomware, but has also been called Aurora Ransomware in the past.

    Reply
  9. Tomi Engdahl says:

    Russia Linked Group Resurfaces With Large-Scale Phishing Campaign
    https://www.darkreading.com/attacks-breaches/russia-linked-group-resurfaces-with-large-scale-phishing-campaign/d/d-id/1333322

    APT29/Cozy Bear is targeting individuals in military, government, and other sectors via email purporting to be from US State Department.

    Reply
  10. Tomi Engdahl says:

    DirtyCOW Bug Drives Attackers to A Backdoor in Vulnerable Drupal Web Servers
    https://www.imperva.com/blog/dirtycow-bug-drives-attackers-to-a-backdoor-in-vulnerable-drupal-web-servers/
    In this post we’ll unpack a short — but no less serious — attack that affected some Linux-based systems, on October 31. Throughout the campaign, the attacker used a chain of vulnerabilities including the infamous Drupalgeddon2 and DirtyCOW, and system misconfigurations to persistently infect vulnerable Drupal web servers and take over user machines.

    https://www.wired.com/story/rowhammer-ecc-memory-data-hack/

    Reply
  11. Tomi Engdahl says:

    Fancy Bear hacker crew Putin dirty RATs in Word documents emailed to govt orgs – report
    Disguised as files about recent Lion Air crash, no less
    https://www.theregister.co.uk/2018/11/21/apt_28_cannon_trojan_palo_alto/

    Russian state-backed hacking crew Fancy Bear (aka APT28) is distributing malware-riddled files with a suggested link to the recent Lion Air crash in order to dupe government workers into downloading software nasties – and has developed a new remote-access trojan called Cannon, according to Palo Alto Networks.

    Reply
  12. Tomi Engdahl says:

    Mirai Evolves From IoT Devices to Linux Servers
    https://www.darkreading.com/attacks-breaches/mirai-evolves-from-iot-devices-to-linux-servers/d/d-id/1333329

    Netscout says it has observed at least one dozen Mirai variants attempting to exploit a recently disclosed flaw in Hadoop YARN on Intel

    servers.

    Researchers from Netscout Alert have discovered what they believe are the first non-IoT versions of Mirai malware in the wild.

    Reply
  13. Tomi Engdahl says:

    Amazon leaks users’ names and emails in ‘technical error’
    https://www.theverge.com/2018/11/21/18106306/amazon-email-address-leak-technical-error-phishing

    But it’s declined to share further details

    Reply
  14. Tomi Engdahl says:

    How Just Opening A Site In Safari Could Have Hacked Your Apple macOS
    https://thehackernews.com/2018/11/apple-macos-zeroday.html

    Earlier this week Dropbox team unveiled details of three critical vulnerabilities in Apple macOS operating system, which altogether could allow a remote attacker to execute malicious code on a targeted Mac computer just by convincing a victim into visiting a malicious web page.

    Reply
  15. Tomi Engdahl says:

    Cookie Maker: Inside the Google Docs Malicious Network
    https://www.fortinet.com/blog/threat-research/cookie-maker-inside-the-google-docs-malicious-network.html

    FortiGuard Labs recently discovered a running Google Docs malware campaign that uses the names of Fortinet and FortiGuard. When we examined the documents, we encountered a long chain of redirects inside a malicious network, and the destination of this chain was dependent on our IP and the user-agent that was used. This malicious network targets all major platforms: Windows, Android, and MacOS.

    In this article we analyze this malicious traffic workflow, as well as samples targeting the Windows platform. At the end of the article, we also analyze the attribution information to try and determine who is behind these attacks.

    Reply
  16. Tomi Engdahl says:

    Four ways to secure sensitive data
    https://www.itpro.co.uk/security/32397/four-ways-to-secure-sensitive-data

    Prioritise encryption
    Reinforce database protection
    Separate out sensitive data
    Build a culture of security

    Reply
  17. Tomi Engdahl says:

    Real Identity of Hacker Who Sold LinkedIn, Dropbox Databases Revealed
    https://thehackernews.com/2018/11/tessa88-russian-hacker.html

    Reply
  18. Tomi Engdahl says:

    Flash News

    TLDR; There’s a bug in Adobe Flash.
    https://www.ragestorm.net/blogs/?p=421

    The interpreter code of the Action Script Virtual Machine (AVM)
    does not reset a with-scope pointer when an exception is caught,
    leading later to a type confusion bug, and eventually to a remote code execution.

    Reply
  19. Tomi Engdahl says:

    Russian hacker arrested in Bulgaria for ad fraud of over $7 million
    https://www.zdnet.com/article/russian-hacker-arrested-in-bulgaria-for-ad-fraud-of-over-7-million/

    Alexander Zhukov, a supposed hacker who went online by the name of “Nastra,” is currently fighting extradition to the US.

    Reply
  20. Tomi Engdahl says:

    Emotet malware runs on a dual infrastructure to avoid downtime and takedowns
    https://www.zdnet.com/article/emotet-malware-runs-on-a-dual-infrastructure-to-avoid-downtime-and-takedowns/

    Researchers spot unique design in the server infrastructure propping up the Emotet malware.

    Reply
  21. Tomi Engdahl says:

    Talk about a cache flow problem: This JavaScript can snoop on other browser tabs to work out what you’re visiting
    Yes, even the Tor browser can be spied on by this nasty code
    https://www.theregister.co.uk/2018/11/21/unmasking_browsers_side_channels/

    Special report Computer science boffins have demonstrated a side-channel attack technique that bypasses recently-introduced privacy defenses, and makes even the Tor browser subject to tracking. The result: it is possible for malicious JavaScript in one web browser tab to spy on other open tabs, and work out which websites you’re visiting.

    This information can be used to target adverts at you based on your interests, or otherwise work out the kind of stuff you’re into and collect it in safe-keeping for future reference.

    Reply
  22. Tomi Engdahl says:

    USPS Site Exposed Data on 60 Million Users
    https://krebsonsecurity.com/2018/11/usps-site-exposed-data-on-60-million-users/

    U.S. Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf.

    Reply
  23. Tomi Engdahl says:

    What the #!/%* is that rogue Raspberry Pi doing plugged into my company’s server room, sysadmin despairs
    Online sleuths dig into the case, with surprising success
    https://www.theregister.co.uk/2018/11/20/rogue_raspberry_pi_reddit/

    It’s every sysadmin’s worst nightmare: discovering that someone has planted a device in your network, among all your servers, and you have no idea where it came from nor what it does. What do you do?

    Well, one IT manager at a college in Austria decided the best bet was to get on Reddit and see what the tech hive mind could figure out.

    Reply
  24. Tomi Engdahl says:

    A little phishing knowledge may be a dangerous thing
    Boffins find those who know about phishing more likely to be duped than the less informed
    https://www.theregister.co.uk/2018/11/19/phishing_knowledge_dangerous/

    Phishing works more frequently on those who understand what social engineering is than on those who live in blissful ignorance, or so a study of students at University of Maryland, Baltimore County suggests.

    Citing IBM data suggesting human error is a factor in 95 per cent of security incidents, researchers from the school’s department of computer science and electrical engineering conducted a phishing test to assess the relationship between demographic factors and susceptibility to phishing.

    Reply
  25. Tomi Engdahl says:

    Vision Direct ‘fesses up to hack that exposed customer names, payment cards
    Data including CVV numbers slurped up as customers submitted it to website
    https://www.theregister.co.uk/2018/11/19/vision_direct_fesses_up_to_hack_that_exposed_customer_names_and_payment_deets/

    Vision Direct has admitted customers’ personal and financial data was leaked earlier this month after hackers compromised the company’s website.

    Vision Direct stated on its website:

    The personal information was compromised when it was being entered into the site and includes full name, billing address, email address, password, telephone number and payment card information, including card number, expiry date and CVV.

    Reply
  26. Tomi Engdahl says:

    Easy Does It! A Timely Look Into Fraud TTPs in the Brazilian Financial Cybercrime Landscape
    https://securityintelligence.com/easy-does-it-a-timely-look-into-fraud-ttps-in-the-brazilian-financial-cybercrime-landscape/

    Financial cybercrime in Brazil is known as one of the most geospecific panoramas, where local cybercriminals attack local internet users. With close to 210 million residents in the country, criminals are in lavish turf. Some reports cite losses of nearly 70 billion Brazilian reals — which equates to about $18.6 billion — to fraud and online scams in 2017.

    In following the evolution of cyber activity in Brazil, IBM Security sees this threat landscape as unique, where technical sophistication is neither the norm nor a requirement.

    Reply
  27. Tomi Engdahl says:

    VEIL.AI en­ables the ef­fi­cient use of sens­it­ive data
    https://www.helsinki.fi/en/news/data-science-news/veil.ai-enables-the-efficient-use-of-sensitive-data

    The VEIL.AI service enables potentially sensitive individual-level information to be used in various research and development projects as well as commercial applications. VEIL.AI processes information without affecting the value of collected data sets, but ensuring that individuals can no longer be identified.

    VEIL.AI uses artificial intelligence to speed up the computationally heavy processes required for de-identification.

    Reply
  28. Tomi Engdahl says:

    How Hired Hackers Got “Complete Control” Of Palantir
    https://www.buzzfeednews.com/amphtml/williamalden/how-hired-hackers-got-complete-control-of-palantir?__twitter_impression=true

    Palantir hired a cybersecurity firm last year to test its digital defenses. A confidential report shows how the pro hackers were able to dominate the tech company’s network.

    Reply
  29. Tomi Engdahl says:

    Chinese facial recognition system confuses bus ad for jaywalker
    https://www.techspot.com/news/77546-chinese-facial-recognition-system-confuses-face-bus-ad.html

    The famous businesswoman was named and shamed

    Facepalm: China is well known for embracing facial recognition tech to catch lawbreakers, but these systems don’t always get it right. Earlier this week, one camera captured the image of a famous businesswoman and publicly shamed her, but she wasn’t even there at the time.

    The camera had seen her face on the side of a bus advertisement for Gree Electric and mistakenly thought she was crossing during a red light.

    Whenever the system identifies jaywalkers, it posts their photo onto a large public screen to ‘name and shame’ the perpetrators. It showed Dong’s face and name, though it incorrectly spelled her surname

    Ningbo’s traffic police wrote on Chinese microblogging site Weibo that the system had made a mistake and all record of the violation was being deleted.

    We’ve heard reports of China using facial recognition in several ways, from analyzing students’ emotions in schools to scanning for suspects via special glasses. Back in April, the system reportedly identified a suspected criminal from a crowd of 50,000 people

    Reply
  30. Tomi Engdahl says:

    Proposed Law Would Require Pistol Permit Applicants To Go Through A “Social Media Review”
    http://concealednation.org/2018/11/proposed-law-would-require-pistol-permit-applicants-to-go-through-a-social-media-review/

    Never underestimate the power of the internet, and how a governing body could one day use it to see what you’ve been up to and what your behavior looks like. Remember; The Internet Is Forever.

    If certain lawmakers get their way in New York, they’ll successfully pass a bill that would require all persons, looking to obtain a pistol permit, go through a ‘social media review’ in which their various online activities would be checked.

    The law would require applicants to hand over their login information for sites such as Facebook, so that a thorough search could be conducted. Talk about invasion of privacy.

    Proposed law would let State search gun owner’s social media and internet history
    https://www.rochesterfirst.com/news/local-news/proposed-law-would-let-state-search-gun-owner-s-social-media-and-internet-history/1610876946

    Posts from the past three years on site like Facebook, Twitter and Snapchat would be reviewed for language containing slurs, racial/gender bias, threats and terrorism.

    One year of search history on Google/Yahoo/Bing would also be reviewed.

    Reply
  31. Tomi Engdahl says:

    Gun Bill To Require Buyers To Hand Over Social Media Passwords & Search History
    https://www.zerohedge.com/news/2018-11-23/gun-bill-require-buyers-hand-over-social-media-passwords-search-history

    “There should be more restrictions on how guns are purchased. We should have more background checks,” Paul McQuillen, director of the Buffalo chapter of New Yorkers Against Gun Violence, told WKBW.

    James Tresmond, a gun rights lawyer, told the local NY station that the bill would violate multiple constitutional rights.

    Some are arguing that the subjective nature of the bill is highly concerning.

    The bill is currently in committee

    Reply
  32. Tomi Engdahl says:

    Amazon Teams Up With Government to Deploy Dangerous New Facial Recognition Technology
    http://concealednation.org/2018/11/proposed-law-would-require-pistol-permit-applicants-to-go-through-a-social-media-review/

    Amazon, which got its start selling books and still bills itself as “Earth’s most customer-centric company,” has officially entered the surveillance business.

    The company has developed a powerful and dangerous new facial recognition system and is actively helping governments deploy it. Amazon calls the service “Rekognition.”

    Reply
  33. Tomi Engdahl says:

    China blacklists millions of people from booking flights as ‘social credit’ system introduced
    https://www.independent.co.uk/news/world/asia/china-social-credit-system-flight-booking-blacklisted-beijing-points-a8646316.html

    Officials say aim is to make it ‘difficult to move’ for those deemed ‘untrustworthy’

    Reply
  34. Tomi Engdahl says:

    Man hacked into Silicon Valley execs’ phones to steal cryptocurrency: cops
    https://nypost.com/2018/11/20/man-hacked-into-silicon-valley-execs-phones-to-steal-cryptocurrency-cops/

    He’s the Billy the Kid of bitcoin.

    Twenty-one-year-old Manhattan con man Nicholas Truglia hacked into the phones of Silicon Valley bigwigs to try to steal their cryptocurrency — and in one instance, pulled it off, authorities said Tuesday.

    “It’s a new way of doing an old crime,” said deputy DA Erin West of Santa Clara Superior Court to The Post. “It’s a pervasive problem, and it involves millions of dollars.”

    Reply
  35. Tomi Engdahl says:

    Your Credit Score Isn’t a Reflection of Your Moral Character
    https://slate.com/technology/2018/11/dhs-credit-scores-legal-resident-assessment.html

    But the Department of Homeland Security seems to think it is.

    What kind of person racks up debts and doesn’t pay them? Your credit score is an attempt to answer this question. These important three-digit numbers summarize our statistical risk for lenders. The allure of the credit score is its clarity: It cuts through appearances and converts our messy lives into an easily readable metric.

    But the U.S. Department of Homeland Security wants to use credit scores for an entirely different purpose, one they were never built for and are not suited for. The agency charged with safeguarding the nation would like to make immigrants submit their credit scores when applying for legal resident status.

    Setting aside the proposal’s moral abdication when it comes to the needy, we should be troubled by another injustice: its abuse of personal metrics.

    The proposal’s “totality of circumstances” framework offers few specifics as to exactly how credit scores would figure into immigration decisions.

    Reply
  36. Tomi Engdahl says:

    US asks allies to drop Huawei, but Little asserts independence
    https://www.nzherald.co.nz/business/news/article.cfm?c_id=3&objectid=12165136

    The US government has initiated an extraordinary outreach campaign to foreign allies, trying to persuade wireless and internet providers in these countries to avoid telecommunications equipment from Chinese company Huawei, according to a Wall Street Journal report.

    The move will ramp up pressure on GCSB Minister Andrew Little and Communications Minister Kris Faafoi to ban Huawei – as security agencies in the US and Australia have already recommended.

    But Little indicates New Zealand will plot its own course, and that his government won’t interfere as Spark, Vodafone and 2degrees consider technology providers for their pending 5G upgrades.”

    Reply
  37. Tomi Engdahl says:

    Kids’ toys are the latest battleground in the online privacy wars
    https://www.vox.com/the-goods/2018/11/21/18106917/kids-holiday-gifts-connected-toys

    A consumer report sheds light on security risks associated with kids’ toys, including a popular Amazon tablet.

    Reply
  38. Tomi Engdahl says:

    CELLULAR INTERCEPTION
    Ability can intercept GSM, UMTS, LTE and CDMA networks.
    http://www.interceptors.com/cellular-interception/

    Reply
  39. Tomi Engdahl says:

    Alarm over talks to implant UK employees with microchips
    https://www.theguardian.com/technology/2018/nov/11/alarm-over-talks-to-implant-uk-employees-with-microchips

    Trades Union Congress concerned over tech being used to control and micromanage

    Reply
  40. Tomi Engdahl says:

    John P. Carlin / Politico:
    Inside US law enforcement’s hunt for British ISIS hacker Junaid Hussain, who used Twitter and other tools for spreading online propaganda and recruiting — How a British hacker joined ISIS’s top ranks and launched a deadly global cyber plot. — This text is excerpted from the book Dawn of the Code War …

    Inside the Hunt for the World’s Most Dangerous Terrorist
    https://www.politico.com/magazine/story/2018/11/21/junaid-hussain-most-dangerous-terrorist-cyber-hacking-222643

    How a British hacker joined ISIS’s top ranks and launched a deadly global cyber plot.

    For the first half of his digital life, the hacker operated with impunity, bragging in an interview that he was many steps ahead of the authorities: “One hundred percent certain they have nothing on me. I don’t exist to them, I’ve never used my real details online, I’ve never purchased anything. My real identity doesn’t exist online—and no, I don’t fear getting caught.”

    By 2015, at age 21, he knew different—he was a marked man, hunted by the United States, the No. 3 leader of the Islamic State in Iraq and Syria (ISIS) on the government’s most wanted list.

    Within the government, alarm bells rang daily, but we attempted to downplay the threat publicly. We didn’t want to elevate Hussain to another global figurehead like Osama bin Laden, standing for the twisted ideology of Islamic jihad.

    We wouldn’t even really talk about him publicly until he was dead.

    Hussain represented an online threat we long recognized would arrive someday—a tech-savvy terrorist who could use the tools of modern digital life to extend the reach of a terror group far beyond its physical location.

    In the summer of 2015, he successfully executed one of the most global cyber plots we’d ever seen: A British terrorist of Pakistani descent, living in Syria, recruited a Kosovar hacker who was studying computer science in Malaysia, to enable attacks on American servicemen and women inside the United States.

    Hussain’s path to becoming a cyber terrorist started with a simple motive: revenge.

    Hussain to found a hacker group with seven friends; they called themselves TeaMp0isoN, hacker-speak for “Team Poison,” based on their old hacking forum p0ison.org. They became notorious in 2011 for their unique brand of “hacktivism,” defacing websites, often with pro-Palestine messages

    Hussain—who originally went online by the moniker TriCk—said he started hacking at around age 11. He’d been playing a game online when another hacker knocked him offline. “I wanted revenge so I started googling around on how to hack,”

    By 13, he found the game childish, and by 15, he “became political.”

    TeaMp0isoN, hacker-speak for “Team Poison,” based on their old hacking forum p0ison.org. They became notorious in 2011 for their unique brand of “hacktivism,” defacing websites, often with pro-Palestine messages, and attacking online key websites such as BlackBerry and NATO and figures such as former Prime Minister Tony Blair—they hacked his personal assistant and then released his address book online. Hussain dismissed other “hacktivist” groups such as Anonymous, saying they symbolized the online equivalent of “peaceful protesting

    His online exploits didn’t last long: By September 2012, he had been arrested and sentenced to six months in prison for the Blair stunt.

    We knew that sooner or later terrorists would turn to the internet—the same principles that make the web great for insurgents and niche communities

    The terrorists saw the possibilities, too: Al Qaeda even released a video comparing the vulnerabilities in computer network security to weak points in aviation security before 9/11.

    Terrorism online presented a new twist—never before had the United States been involved in a conflict where the enemy could communicate from overseas directly with the American people.

    Islamic extremism had mainly developed in countries with state-controlled media, such as Egypt and Saudi Arabia, so the movement naturally invested heavily in alternative means of communication from the beginning. “Core” al Qaeda relied primarily on in-person lectures and fundraising tours

    a new, more tech-savvy generation who understood the power of images online

    It didn’t take long before this new generation began to play a key role for al Qaeda.

    When “al Qaeda in Iraq” split from “core” al Qaeda and evolved into the fighting force known as ISIS, the group’s leadership managed to dramatically evolve the multimedia efforts of other terror groups, particularly as use of social media such as Twitter exploded around the world. As ISIS advanced on Baghdad in 2014, social media showed photos of its black flag flying over the Iraqi capital, and the terrorist army tweeted 40,000 times in just a single day.

    ISIS’s large and sophisticated propaganda arm understood how to command the public’s attention

    Those horrific videos that came to be their global brand for most of the public represented only a small fraction of ISIS’s total’s multimedia efforts—most videos they produced flew below the world radar, focused instead on providing would-be jihadists an equally distorted view of how lovely it was to join the jihad and live in ISIS-controlled territory.

    That approach turned out to be common: There simply weren’t regular people who woke up one morning, read a Twitter thread and decided then and there to kill Americans. There’s not one track to radicalization, and the web doesn’t provide some magical radicalization potion. Radicalization is a process, a journey, but online propaganda and dialogue drastically lowers the barriers and complications of recruiting would-be terrorists from far away. Terrorists overseas can communicate directly, intimately and in real time with kids in our basements, here.

    These online radicals were also deeply challenging for law enforcement and intelligence agencies to identify.

    Working among a dozen cyber jihad recruiters, Hussain and his fellow terrorists declared themselves the head of the CyberCaliphate in mid-2014 and applied some of his old TeaMp0isoN tactics to ISIS, defacing websites and seizing control of home pages and social media accounts. He played a constant cat-and-mouse game with Twitter

    “Very soon carrying out 1st operation of Islamic State in North America,” Hussain responded quickly to make sure ISIS got the social media credit for the attack: “Can u make a video first?”

    Inside the government, the tide seemed overwhelming.

    It felt like we were just waiting for the next terrorist attack. Too often, it seemed like luck kept us safe—that we’d only discover a plot because a would-be terrorist spoke to the wrong person or because his device failed to work.

    Throughout that year, we lived what amounted to tactical success but strategic failure—interdicting plots one by one, but failing to stem the tide of social media inspiration emanating from ISIS.

    The summer of 2015 brought perhaps the most troubling case of all—a dangerous combination cybercrime and terrorism that revealed a new face of the global war on terror.

    “NEW: U.S. Military AND Government HACKED by the Islamic State Hacking Division!”

    It was a message I’d echo to businesses and organizations many times in the years to come: You need to report when your networks have been attacked because you never know how your intrusion, however seemingly minor, might impact a larger investigation. What to you might be a small inconvenience could, with broader intelligence, represent a terrorist, a global organized crime syndicate, or a foreign country’s sophisticated attack.

    In court proceedings, Ferizi came off as a confused youth—like many of the would-be ISIS recruits we saw.
    sentenced Ferizi to 20 years in prison

    Reply
  41. Tomi Engdahl says:

    Illinois Supreme Court Asked To Limit Lawsuits Over Biometric Privacy Violations
    http://www.nprillinois.org/post/illinois-supreme-court-asked-limit-lawsuits-over-biometric-privacy-violations#stream/0

    The Illinois Supreme Court on Tuesday heard its first-ever case on Illinois’ tough biometric privacy law, which imposes restrictions on the collection of things like retina scans and fingerprints.

    At issue is whether people can sue just for having their information collected.

    The story begins with an eighth-grade trip to Six Flags Great America.

    In order to get a season pass to the amusement park, 14-year-old Alexander Rosenbach had his thumbprint scanned.

    Family lawyer Phillip Bock argues that under Illinois’ biometric privacy law, that’s enough to sustain a lawsuit.

    “You have a property right in your own personal biometrics,” Bock told the justices during oral arguments on Tuesday.

    Reply
  42. Tomi Engdahl says:

    Technical foul: Amazon suffers data snafu days before Black Friday, emails world+dog
    $1tn biz doesn’t answer very basic questions – like how or why it happened
    https://www.theregister.co.uk/2018/11/21/amazon_data_breach/

    Reply
  43. Tomi Engdahl says:

    New Linux crypto-miner steals your root password and disables your antivirus
    Trojan also installs a rootkit and another strain of malware that can execute DDoS attacks.
    https://www.zdnet.com/article/new-linux-crypto-miner-steals-your-root-password-and-disables-your-antivirus/

    Malware targeting Linux users may not be as widespread as the strains targeting the Windows ecosystem, but Linux malware is becoming just as complex and multi-functional as time passes by.

    The latest example of this trend is a new trojan discovered this month by Russian antivirus maker Dr.Web. This new malware strain doesn’t have a distinctive name, yet, being only tracked under its generic detection name of Linux.BtcMine.174.

    Reply
  44. Tomi Engdahl says:

    Analyzing the GreyEnergy Malware: from Maldoc to Backdoor
    https://www.nozominetworks.com/2018/11/20/blog/analyzing-the-greyenergy-malware-from-maldoc-to-backdoor/

    GreyEnergy is an Advanced Persistent Threat (APT) which has been targeting industrial networks in Ukraine and other Eastern European countries for the past several years.

    https://www.nozominetworks.com/2018/10/29/blog/greyenergy-malware-targets-industrial-critical-infrastructure/

    Reply
  45. Tomi Engdahl says:

    Google, Mozilla working on letting web apps edit files despite warning it could be ‘abused in terrible ways’
    https://www.techrepublic.com/article/google-mozilla-working-on-letting-web-apps-edit-files-despite-warning-it-could-be-abused-in-terrible/

    The firms, known for their Chrome and Firefox web browsers, are heading a group that is devising a way for users to save changes they make using web apps.

    A group led by Google and Mozilla is working to make it easy to edit files using browser-based web apps but wants advice on how to guard against the “major” security and privacy risks.

    Reply
  46. Tomi Engdahl says:

    Apache Hadoop spins cracking code injection vulnerability YARN
    Loose .zips sink chips 2: Electric Boogaloo
    https://www.theregister.co.uk/2018/11/23/apache_hadoop_yarn_zip_slip_vulnerability/

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

*

*