CySecurity News - Latest Information Security and Hacking Incidents: National Security

CFPB Regulations Data Brokers Micro-Targeting National Security Privacy

National Security at Risk: The CFPB’s Battle Against Data Brokers

Data brokers work in secrecy, collecting personal details about our lives. These entities collect, and misuse our personal information without our explicit consent.

The Rise of Data Brokers

The Consumer Financial Protection Bureau (CFPB) has taken notice, and their proposed regulations seek to hold data brokers accountable by subjecting them to the Fair Credit Reporting Act (FCRA). This move transcends mere privacy concerns—it is a matter of national security.

For instance, data brokers can facilitate targeting individuals by allowing entities to purchase lists that match multiple categories, such as “Intelligence and Counterterrorism” combined with descriptors like “substance abuse,” “heavy drinker,” or even “behind on bills.”

In other contexts, entities can buy records for pennies per person, leveraging relatively small investments into mass data collection. The concern is that adversaries, including countries like China, can use this data to identify targets for surveillance and other purposes. The government is increasingly worried about foreign governments’ access to Americans’ data.

The CFPB’s Call to Action

The Consumer Financial Protection Bureau intends to propose new regulations that will compel data brokers to follow the Fair Credit Reporting Act. Earlier this month, CFPB Director Rohit Chopra stated that the agency is looking into rules to "ensure greater accountability" for companies that buy and sell consumer data, in line with an executive order signed by President Joe Biden in late February.

Chopra added that the agency is examining suggestions that would classify data brokers who sell specific categories of data as "consumer reporting agencies," requiring them to comply with the Fair Credit Reporting Act (FCRA). The statute prohibits the sharing of certain types of data with companies unless they have a legally defined purpose.

The CFBP considers the purchase and sale of consumer data to be a national security issue rather than a privacy concern. Chopra cited three large data breaches—the 2015 Anthem leak, the 2017 Equifax hack, and the 2018 Marriott breach—as instances of foreign enemies illegally collecting Americans' personal information.

The National Security Angle

He said, "When Americans' health information, financial information, and even their travel whereabouts can be assembled into detailed dossiers, it's no surprise that this raises risks when it comes to safety and security,". However, the attention on high-profile intrusions hides a more widespread, entirely legal phenomenon: data brokers' capacity to sell precise personal information to anyone willing to pay for it.

The government is increasingly concerned about foreign governments gaining access to Americans' data. In March, the House passed legislation that would bar data brokers from selling Americans' personally identifiable information to "any entity controlled by a foreign adversary."

Why Data Brokers Matter

According to the Protecting Americans' Data from Foreign Adversaries Act, data brokers would be facing fines from the Federal Trade Commission if they sold sensitive information — such as location or health data — to any person or business situated in a few countries. The Senate has yet to vote on the legislation.

US government agencies also depend on data brokers to keep surveillance on Americans. In 2022, the American Civil Liberties Union released a series of files exposing how the DHS (Department of Homeland Security) exploited location data to track the movement of millions of cell phones — and the users who own them — across the United States.

Unmasking the “Golden Top” Cybercrime Syndicate: Zambia’s Battle Against Deception



 

Zambia

Cyber Crime Golden Top National Security State-sponsored Hackers Zambia

Unmasking the “Golden Top” Cybercrime Syndicate: Zambia’s Battle Against Deception

Zambia has exposed a sophisticated Chinese cybercrime syndicate that preyed on unsuspecting victims across the globe. The operation, which unfolded during a multi-agency raid, led to the apprehension of 77 individuals, including 22 Chinese nationals.

This case sheds light on the intricate web of cybercriminal activities and underscores the importance of international cooperation in combating fraud.

The Deceptive Web

The story begins with a seemingly innocuous Chinese-run company named “Golden Top Support Services.” Operating in Zambia, this company had recruited young Zambians, aged between 20 and 25, under the guise of call center agents.

However, their actual task was far from ordinary. These recruits engaged in scripted conversations with mobile users across various platforms, including WhatsApp, Telegram, and chatrooms. Their mission? To deceive unsuspecting victims.

The Sim Box Connection

During the raid, authorities seized several crucial pieces of evidence. The most intriguing find was a collection of “Sim boxes.” These seemingly innocuous devices can route calls in a way that bypasses legitimate phone networks. In the hands of cybercriminals, SIM boxes become powerful tools for fraudulent activities, including internet scams.

The scale of the operation was staggering. Over 13,000 SIM cards—both domestic and international—highlighted the extensive reach of the syndicate. The illicit operations extended beyond Zambia’s borders, targeting people in countries as diverse as Singapore, Peru, the United Arab Emirates (UAE), and other African nations. The global nature of the deception underscores the need for cross-border collaboration in tackling cybercrime.

The Human Cost

The victims of this elaborate scheme were ordinary individuals who fell prey to the syndicate’s well-crafted narratives. Whether promising financial windfalls, romantic connections, or business opportunities, the cybercriminals manipulated emotions and trust. The consequences were devastating—financial losses, shattered dreams, and broken trust.

The International Dimension

The involvement of Chinese nationals in this operation raises questions about the role of foreign actors in cybercrime. While the Zambian nationals have been charged and released on bail, the 22 Chinese men and a Cameroonian remain in custody. The case highlights the need for international cooperation in tracking down and prosecuting cybercriminals.

Lessons Learned

Vigilance: The fight against cybercrime requires constant vigilance. Authorities must stay ahead of evolving tactics and technologies used by criminals.

Collaboration: Cybercrime knows no borders. International cooperation is essential to dismantle syndicates that operate across multiple countries.

Education: Public awareness campaigns can help individuals recognize red flags and protect themselves from deception.

Legal Frameworks: Countries must strengthen their legal frameworks to address cybercrime effectively.

What's next?

Zambia’s unmasking of the “Golden Top” cybercrime syndicate serves as a wake-up call for nations worldwide. The battle against deception requires collective efforts, technological advancements, and unwavering commitment. No one is immune to cyber threats, and our shared responsibility is to safeguard trust, integrity, and justice.

Data Brokers are Preparing to Challenge Privacy Legislation



 

US Congress

Cyber Security Data Brokers National Security Privacy Bill Threat Intelligence US Congress

Data Brokers are Preparing to Challenge Privacy Legislation

Congress has been attempting to crack down on data brokers, and they are fighting back. In late March, the House voted unanimously to ban the sale of Americans' data to foreign rivals. And a data-collecting provision is included in the bill reauthorizing Section 702 of the Foreign Intelligence Surveillance Act (FISA), the contentious act that authorises the National Security Agency, which is set to expire later this month.

Negotiations over FISA's reauthorization became so heated that House Speaker Mike Johnson pulled the bill from consideration in February. The most contentious issue was an amendment proposed by Rep. Warren Davidson (R-OH) that would bar data brokers from selling customer data to law enforcement and require a warrant to access Americans' information, according to Politico's Influence newsletter in February.

National security hawks in Congress and local law enforcement groups joined forces to oppose the amendment, with the National Sheriffs' Association alleging in a letter to Congress that it would "kneecap law enforcement".

"On House amendments, the Sheriffs of this great country don't usually keep score. But on this one, we will keep score and know who our friends are by their votes against Congressman Davidson's amendment, which further erodes the rule of law in our country and empowers the cartels," the letter stated.

With FISA about to expire at the end of the month, Congress will undoubtedly bring it up again. Some legislators have indicated that they are unlikely to support the bill unless privacy updates are included. "We must have these amendments. Rep. Jim Jordan (R-OH), leader of the House Judiciary Committee, told Politico in February that "there's no way we're not going to have them.”

Data brokers also seem to be entering the fight. Politico's Influence newsletter revealed that early this year, when the amendment was being discussed in the House, Relx, the parent company of data analytics company LexisNexis, based in the United Kingdom, hired the lobbying firm Venable.

Recently, criticism of other Relx subsidiaries' data collecting and distribution policies has also surfaced. The New York Times revealed in March that a number of automakers were providing LexisNexis Risk Solutions with driving records of their clients, who then sold the data to insurance firms.

Security Concerns Arise Over Chinese-Manufactured Surveillance Cameras Deployed at Romanian Military Locations



 

Security Concerns

Chinese-made surveillance cameras Cyber Security cybersecurity risks Dahua data vulnerabilities Hikvision National Security NATO alliance Romanian military sites Security Concerns

Security Concerns Arise Over Chinese-Manufactured Surveillance Cameras Deployed at Romanian Military Locations

A routine procurement made by the Romanian military on January 16 for surveillance equipment manufactured in China has sparked concerns regarding national security implications.

Valued at under $1,000, an employee of the Romanian Defense Ministry purchased an eight-port switch and two surveillance cameras from Hikvision, a Chinese company with purported ties to the Chinese military. Notably, both the United States and Britain have blacklisted Hikvision due to identified data and security vulnerabilities.

Although there is currently no evidence of breaches at the Deveselu military base, an investigation by RFE/RL's Romanian Service revealed that Hikvision and Dahua, another Chinese company partly owned by the government, supply surveillance equipment to at least 28 military facilities and numerous other public institutions involved in national security across Romania.

While Romanian authorities assert that the equipment is used in closed-circuit systems without internet connectivity, experts argue that vulnerabilities in firmware could still pose risks, enabling remote access, data interception, and network attacks. Despite these concerns, Romania does not impose restrictions on the use of Hikvision or Dahua equipment, unlike some NATO allies such as the United States and Britain.

Both Hikvision and Dahua refute allegations of being security risks and claim to promptly address vulnerabilities. However, critics like Romanian parliament member Catalin Tenita argue that existing legislation could justify banning these companies' products.

The Romanian Defense Ministry maintains that its surveillance systems are secure, emphasizing strict testing and evaluation procedures. Similarly, the Deveselu Naval Facility, operated by U.S. forces, declined to comment on Romanian military purchases but emphasized their commitment to regional security.

NATO, while not formally banning third-country equipment, encourages vigilance against potential security risks. Secretary-General Jens Stoltenberg cautioned against reliance on Chinese technology in critical infrastructure, echoing concerns about Hikvision and Dahua's involvement.

Despite assurances from Romanian authorities, the history of vulnerabilities associated with Hikvision and Dahua equipment raises concerns among experts. Romanian institutions, including law enforcement and intelligence agencies, defend their procurement decisions, citing compliance with national legislation and technical specifications.

Some Romanian lawmakers, like Senator Adrian Trifan, advocate for further investigation and scrutiny into the prevalence of Hikvision and Dahua equipment in national security sites, underscoring the need for immediate clarification and review of procurement procedures.

China Backed Actors are Employing Generative AI to Breach US infrastructure



 

Network Breach

Chinese Hackers Cyber Security Generative AI National Security Network Breach

China Backed Actors are Employing Generative AI to Breach US infrastructure

Cybercriminals of all skill levels are utilising AI to hone their skills, but security experts warn that AI is also helping to track them down.

At a workshop at Fordham University, National Security Agency head of cybersecurity Rob Joyce stated that AI is assisting Chinese hacker groups in bypassing firewalls when infiltrating networks.

Joyce warned that hackers are using generative AI to enhance their use of English in phishing scams, as well as to provide technical help when penetrating a network or carrying out an attack.

Two sides of the same coin

2024 is expected to be a pivotal year for state-sponsored hacking groups, particularly those operating on behalf of China and Russia. Taiwan's presidential election begins in a few days, and China will want to influence the result in its pursuit of reunification. However, attention will be centred around the upcoming US elections in November, as well as the UK's general election in the second half of 2024.

China-backed groups have begun developing highly effective methods for infiltrating organisations, including the use of artificial intelligence. "They're all subscribed to the big name companies that you would expect - all the generative AI models out there," adds Joyce. "We're seeing intelligence operators [and] criminals on those platforms.”

In 2023, the US saw a surge in attacks on major energy and water infrastructure facilities, which US officials attributed to groups linked to China and Iran. One of the attack techniques employed by the China-backed 'Volt Typhoon' group is to get clandestine access to a network before launching attacks using built-in network administration tools.

While no specific examples of recent AI attacks were provided, Joyce states, "They're in places like electric, transportation pipelines, and courts, trying to hack in so that they can cause societal disruption and panic at the time and place of their choosing."

China-backed groups have gained access to networks by exploiting implementation flaws - vulnerabilities caused by poorly managed software updates - and posing as legitimate users of the system. However, their activities and traffic inside the network are frequently odd.

Joyce goes on to say that, "Machine learning, AI and big data helps us surface those activities [and] brings them to the fore because those accounts don't behave like the normal business operators on their critical infrastructure, so that gives us an advantage."

Just as generative AI is expected to help narrow the cybersecurity skills gap by offering insights, definitions, and advice to industry professionals, it may also be reverse engineered or abused by cybercriminals to guide their hacking activities.

US Focus on Cybersecurity, But Contractors Lag Behind in Preparedness



 

U.S.

CMMC 2.0 Compliance contractors Cyber Security Cyber Threats Cybersecurity Data protection defense industry National Security Sensitive Information Technology U.S.

US Focus on Cybersecurity, But Contractors Lag Behind in Preparedness

The leaders of the Five Eyes, a coalition of English-speaking intelligence agencies, have emphasized the critical nature of safeguarding sensitive information in cyberspace, especially in light of the escalating tensions with The People’s Republic of China, which they have dubbed as the paramount threat of this era. Recent cyber intrusions by Chinese hackers, who pilfered 60,000 State Department emails, underscore the urgency of this issue. Additionally, defense intelligence has also been a target. Surprisingly, many companies holding such vital intelligence are unaware of their role in national security.

Almost a decade ago, the Department of Defense (DoD) introduced the Defense Federal Acquisition Regulation Supplement (DFARS) to protect the nation's intellectual property. Despite being included in over a million contracts, enforcement of DFARS has been lax. The DoD is on track to release the proposed rule for Cybersecurity Maturity Model Certification (CMMC) 2.0 in November, a pivotal step in ensuring the defense industrial base adheres to robust security measures.

While security controls like multifactor authentication, network monitoring, and incident reporting have long been stipulated in government contracts with the DoD, contractors were previously allowed to self-certify their compliance. This system operated on trust, without verification. Microsoft has noted an escalation in nation-state cyber threats, particularly from Russia, China, Iran, and North Korea, who are exploiting new avenues such as the social platform Discord to target critical infrastructure.

With over 300,000 contractors in the defense industrial base, there exists a substantial opportunity for hackers to pilfer military secrets. Mandating cybersecurity standards for defense contractors should significantly reduce this risk, but there is still much ground to cover in achieving compliance with fundamental cybersecurity practices. A study by Merrill Research revealed that only 36% of contractors submitted the required compliance scores, a 10% drop from the previous year. Those who did submit had an average score well below the full compliance benchmark.

Furthermore, the study highlighted that contractors tend to be selective in their adherence to compliance areas. Only 19% implemented vulnerability management solutions, and 25% had secure IT backup systems, both crucial elements of basic cybersecurity. Forty percent took an extra step by denying the use of Huawei, a company identified by the Federal Communications Commission as a national security risk.

This selectiveness suggests that contractors recognize the risks but do not consistently address them, perhaps due to the lack of auditing for compliance. It is important to understand that the government's imposition of new rules on defense contractors is not unilateral; CMMC 2.0 is the result of a decade-long public-private partnership.

Enforcement of CMMC 2.0 is vital for safeguarding sensitive defense information and national security assets, which have been in jeopardy for far too long. Adversaries like China exploit any vulnerabilities they can find. Now that the DoD has established a compliance deadline, it is imperative for defense contractors to adopt the requirements already embedded in their contracts and fully implement mandatory minimum cybersecurity standards.

Preserving American technological superiority and safeguarding military secrets hinges on the defense industry's commitment to cybersecurity. By embracing the collaborative vision behind CMMC 2.0 and achieving certification, contractors can affirm themselves as custodians of the nation's security.

Cybersecurity Crisis Deepens in Phillipines as Hackers Leak State Secrets



 

State Secrets

Cyber Attacks Data Leak Nation-State Attack National Security Phillipines Private Data State Secrets

Cybersecurity Crisis Deepens in Phillipines as Hackers Leak State Secrets

The security of millions of people is at risk due to the Philippines' lax cybersecurity regulations, which have allowed government websites to be compromised in a recent string of cyberattacks.

According to the South China Morning Post, hackers attacked the Philippine Health Insurance Corporation (PhilHealth), compromising the data of millions of people, including Filipino employees working overseas.

The state insurer's reluctance to go with $300,000 triggered the breach. Furthermore, the homepage of the House of Representatives was defaced, highlighting the government's weaknesses in the digital world.

A hacker going by the moniker DiabloX Phantom claimed that he had gained access to five critical government agencies and downloaded a substantial amount of data. His intention was to expose the vulnerabilities in the government's cybersecurity.

The hacker gained access to the forensics database held by the Philippine National Police, which contained sensitive case files, and the servers of the Philippine Statistics Authority, which is in charge of issuing national identification cards.

He also attacked the websites of the Technical Education and Skills Development Authority (Tesda), Clark International Airport, and the Department of Science and Technology.

Among his techniques were using open subdomains, propagating malware via email, making use of weak passwords, and taking advantage of vulnerabilities left by earlier hackers.

As stated by DiabloX Phantom, he focused on highlighting the government's cybersecurity flaws rather than sell the information he had acquired, reported to the South China Morning Post.

He waited for a government reaction to deal with these problems. Cybersecurity specialists in the Philippines independently confirmed his assertions. Some hackers want to reveal system weaknesses, get fame for their expertise, or just have fun with cyber activities, but there isn't a single person or organisation behind all of the breaches.

Past violations of cybersecurity

Cybersecurity incidents are not unusual, as evidenced by the recent breaches in the Philippines.

The personal information of up to 55 million Filipino voters was made public in 2016 by the "Comelec leak". No one was prosecuted or held accountable for this breach, despite its magnitude.

Vulnerabilities must be fixed immediately, such as weak passwords, poor personnel training, and inadequate monitoring. Taking care of these problems is essential to preserving private information and millions of people's privacy.

White House Panel Recommends Restricting the FBI's Access to spy Data



 

US Congress

Data Spying FBI National Security Privacy US Congress

White House Panel Recommends Restricting the FBI's Access to spy Data

A team of national security experts created by the Biden administration has advised that the FBI be restricted from accessing surveillance data that captures communications by Americans. The Presidential Intelligence Advisory Board gave the basis for this proposal as frequent failings by the agency.

Foreign Intelligence Surveillance Act Section 702

The panel examined Section 702 of the Foreign Intelligence Surveillance Act, which permits the US intelligence agency to collect information on non-US citizens believed to be located outside the US. The section is slated to expire on December 31 unless Congress renews it. The board determined that this portion is a vital national security tool.

However, the program also records conversations with or about US citizens and businesses. US intelligence services can then search the data trove by entering Americans' names, phone numbers, and email addresses in what is known as "US person queries." Critics call this method of eavesdropping on Americans' personal information — and even their communications — a "back-door search."

Congressional Renewal in Question

With reforms, the surveillance authority will be renewed by Congress. Republicans have joined Democrats, civil liberties groups, and industry titans such as Alphabet Inc.'s Google and Apple Inc. in criticizing Section 702.

The White House will review all of the board's recommendations, according to a senior administration official who briefed reporters on the condition of anonymity, with particular attention being paid to the first: dropping the FBI's ability to examine the Section 702 database for proof of crimes that aren't associated with national security.

Findings of the Panel

Nonetheless, the advisory group ruled that "Section 702 authorities are critical to national security and do not jeopardize civil liberties, so long as the necessary culture, processes, and oversight are in place."

The board observed that the Federal Bureau of Investigation, which receives 4% of the data captured under Section 702, engaged in frequent noncompliance with the law's standards. This problem board members attributed to carelessness rather than purposeful data misuse.

National Security Advisor Jake Sullivan and Deputy Jon Finer stated that the provision "should be reauthorized without new and operationally damaging restrictions on reviewing intelligence lawfully collected by the government, and with measures that build on proven reforms to enhance compliance and oversight, among other improvements."

This development draws attention to the ongoing debate over privacy and national security. While surveillance programs are necessary for national security, it is critical to guarantee that they do not violate civil liberties. The White House panel's recommendation to limit FBI access to surveillance data is a step in the right direction toward reconciling these two interests.

How Congress reacts to these recommendations and whether Section 702 is renewed remains to be seen. In any event, this development highlights the significance of transparency and accountability in government monitoring activities.

Homeland Security Employs AI to Analyze Social Media of Citizens and Refugees



 

US Organisations

AI Tool Cyber Security National Security Social Media US Organisations

Homeland Security Employs AI to Analyze Social Media of Citizens and Refugees

The Customs and Border Protection (CBP) division of the US Department of Homeland Security (DHS) is using intrusive AI-powered systems to screen visitors coming into and leaving the nation, according to a document obtained by Motherboard through a freedom of information request this week.

According to this study, the CBP keeps track of US citizens, migrants, and asylum seekers and, in some instances, uses artificial intelligence (AI) to connect people's social media posts to their Social Security numbers and location information.

AI-Powered government surveillance tool

Babel X is the name of the monitoring technology that the government department uses. Users can enter details, such as a target's name, email address, or phone number, about someone they want to learn more about.

The algorithm then provides a wealth of additional information about that person, including what they may have posted on social media, their employment history, and any related IP addresses.

Software dubbed Babel X, created by a company called Babel Street, combines data that is both publicly and commercially available in more than 200 languages and is allegedly AI-enabled.

In fact, Babel Street announced plans to purchase AI text analysis business Rosette in November of last year. The company said that this would aid its Babel X tool with "identity resolution," which might improve national security and the battle against financial crime.

Freedom activists concerned

Babel data will be used/captured/stored in support of CBP targeting, vetting, operations, and analysis, according to the paper made public by CBP, and will be kept on the organisation's computer systems for 75 years.

According to senior staff attorney at the Knight First Amendment Institute Carrie DeCell, "the US government's ever-expanding social media dragnet is certain to chill people from engaging in protected speech and association online."

“And CBP’s use of this social media surveillance technology is especially concerning in connection with existing rules requiring millions of visa applicants each year to register their social media handles with the government. As we’ve argued in a related lawsuit, the government simply has no legitimate interest in collecting and retaining such sensitive information on this immense scale."

Patrick Toomey, the ACLU's deputy project director for the national security project, told Motherboard that the document "raises a number of questions about what specific purposes CBP is using social media monitoring for and how that monitoring is actually conducted" in addition to providing important new information.

Digitally Crafted Swatting Service Is Wreaking Havoc Across United States



 

United States

Cyber Security Malicious Campaign National Security Swatting Calls Swatting Service United States

Digitally Crafted Swatting Service Is Wreaking Havoc Across United States

A Telegram user who claimed to have left bombs in places like high schools by using a digitally synthesised voice has been linked to a series of swatting calls that have occurred over several months across the United States.

According to Vice, the user going by the alias "Torswats" on the messaging app Telegram provides a paid service to make swatting calls. Swatting is the act of lying to law authorities about a bomb threat or falsely accusing another person in a specific location of committing a crime or storing illegal materials.

Customers may purchase "extreme swattings" for $50, which typically involve cops handcuffing a suspect and searching their home, and for $75, Torswats can reportedly lock down a school. In accordance with a story from Vice, Torswats would take bitcoin as payment, give loyal clients a discount, and will haggle over prices for well-known targets.

“Hello, I just committed a crime and I want to confess. I placed explosives in a local school,” says the voice on a tape of a Torswats call with law police.

Torswats' voice is artificial intelligence generated digitally, however, it's not immediately clear whether this is the same technology that has made some voice performers obsolete by so expertly simulating human vocalisations. Vice found two recordings out of 35 that didn't employ a digital voice. Torswats threatened to detonate a bomb at Hempstead High School in Dubuque, Iowa, according to a phone call tape obtained by Vice. Local media reported on the threat.

Torswats allegedly also targeted a CBD store in Florida, a business in Maryland, and homes in Virginia, Massachusetts, Texas, and California.

Steve Bernd, FBI Seattle's public affairs officer, said, "The FBI takes swatting extremely seriously because it puts innocent people at harm." Since at least ten years ago, police have been discussing the "swatting" issue, and more recent headlines have been made about other incidents.

Indictments for extortion and threats were issued against a Seattle man just last month after more than 20 swat calls to the police were made by him. It is said that the man would broadcast these calls live to a certain Discord group.

Customers are Being Used as Cyber "Crash Test Dummy," Says CISA Director



 

User Privacy

Cyber Security Cyberwarfare National Security Online Safety User Privacy

Customers are Being Used as Cyber "Crash Test Dummy," Says CISA Director

The CEO of the Cybersecurity and Infrastructure Security Agency, Jen Easterly, referred to the current state of commercial cybersecurity as "unsustainable," and she argued that businesses, consumers, and the government as a whole needed to change their expectations so that users, not the major software and hardware manufacturers, would be held accountable for insecure products.

A policy from the Biden administration that will place more of an emphasis on controlling the security and safety design decisions made by technology makers is anticipated to be released in the coming days.

In a speech given on February 27 at Carnegie Mellon University, Easterly claimed that American lawmakers, consumers, and users of third-party products had allowed software programmes rife with flaws or hardware that was vulnerable on practically every level to become the standard.

“We’ve normalized the fact that the cybersecurity burden is placed disproportionately on the shoulders of consumers and small organizations, who are often least aware of the threat and least capable of protecting themselves. We’ve normalized the fact that security is relegated to the IT people in smaller organizations, or to a chief information security officer and enterprises,” stated Easterly. “But few have the resources and influence or accountability to incentivize adoption of products in which safety is appropriately prioritized against cost, and speed to market and features.”

Easterly pointed out that Beijing's decades-long campaign of cyber-enabled espionage and intellectual property theft has been far more detrimental to U.S. economic and national security, even if those intrusions aren't similarly visible to the naked eye. While the U.S. reacted collectively with shock and anger at the sight of a surveillance balloon launched by China that crossed over American borders earlier this month, she noted that Beijing's campaign has been far more damaging to the U.S.

The public hears about hundreds of significant breaches of corporations each year through the mainstream media, legislation requiring breach disclosure, ransomware leak sites, and other sources. They are but a portion of the issue because there are a great number of other invasions that go unnoticed or unreported.

Until the commercial sector prioritises security and safety on the front end, eliminating occasions like "Patch Tuesday" as an anachronism, adversaries like Russia and China, ransomware groups, and hackers will continue to take advantage of that paradigm.

“The cause, simply put, is unsafe technology products, and because the damage caused by these unsafe products is distributed and spread over time, the impact is much more difficult to measure, but like the balloon, it’s there,” said Easterly. “It’s a school district shut down, a patient forced to divert to another hospital, another patient forced to cancel a surgery. A family defrauded of their savings, a gas pipeline shutdown, a 160-year-old college forced to close its doors because of a ransomware attack, and that’s just the tip of the iceberg.”

Role of large businesses

The biggest firms, or "those most capable and in greatest position to do so," should be held accountable by society for protecting technology, according to Easterly. This includes standardising basic security features, such as logging, identity protection, and access controls, into base rate packages rather than as an added feature in higher priced tiers. It also includes having a "radically" transparent disclosure process for vulnerabilities as well as internal statistics around the use of multifactor authentication and other basic protections.

She also suggested a number of legislative options for Congress to take into consideration, such as prohibiting manufacturers from structuring their contracts and terms of service to disclaim all liability for security incidents resulting from the use of their products, establishing higher security standards for software used in specific critical infrastructure sectors, and creating a legal framework to provide Safe Harbor from liability for businesses that do take meaningful security measures.

Later, during a Q&A session, Easterly said she might be in favour of excluding from legal liability businesses that have been attacked by well-funded and knowledgeable nation-states, but she emphasised that these attacks represent just a small portion of the malicious cyber activity that affects American citizens and businesses every day.

Although executives from firms like Google and Microsoft have made public statements endorsing similar principles of moving towards security by design and implemented some initiatives, it is still unknown how much they will ultimately embrace the regulations that Easterly and the Biden administration have in mind. Any legislation would need to clear the Republican-controlled House, which is no easy task, if it were to be pursued during the following two years.

While regulation is anticipated to play a significant role in the Biden administration's cyber strategy, it is just one of many pillars of action that were mentioned in earlier draughts, and Easterly emphasised that regulation won't be able to address all of our problems on its own. Many of the same issues can also be solved through other means, such as using the government's purchasing power to encourage better baseline security among its hundreds of thousands of contractors, continuing collaborative initiatives like the Joint Cyber Defense Collaborative, and encouraging wider adoption of safer software development techniques like memory safe languages and software bills of material.

Easterly cautioned that, despite how challenging this effort will be, continuing with the status quo will cause American consumers and businesses much more harm in the long run – in both the cyber and physical spheres.

"Imagine a world where none of the things we talked about today come to pass, where the burden of security continues to be placed on consumers or technology manufacturers continue to create unsafe products or upsell security as a costly add-on feature, where universities continue to teach unsafe coding practices, where the services that we rely on every day remain vulnerable. This is a world that our adversaries are watching carefully and hoping never changes,” she concluded.

FCC Commissioner Brendan Carr Calls Out for Tik Tok Ban in US



 

User Privacy

Chinese App Data Leak Mobile Security National Security User Privacy

FCC Commissioner Brendan Carr Calls Out for Tik Tok Ban in US

The US government should take action to ban TikTok rather than negotiate with the social media app, Brendan Carr, one of five commissioners at the Federal Communications Commission, told a local media outlet in an interview.

With more than 200 million downloads in the U.S. alone, the app’s immense popularity is concerning because ByteDance, a Chinese company, owns it. That means there’s potential for data on US residents to flow back to China. However, the FCC has no power to ban TikTok directly, but Congress previously acted after Carr raised concerns regarding Chinese telecom firms, including Huawei.

TikTok is currently in negotiations with Council on Foreign Investment in the U.S. (CFIUS), a multi-agency government body charged with reviewing business deals involving foreign ownership, to determine whether it can be divested by ByteDance to an American firm and remain operational in the United States.

Earlier this year in September, the New York Times reported, that a deal was taking shape but not yet in its final form and that Department of Justice official Lisa Monaco was concerned the deal did not provide enough insulation from China.

"I don’t believe there is a path forward for anything other than a ban," Carr said, citing recent incidents regarding how TikTok and ByteDance managed American consumer's data. “Perhaps the deal CFIUS ends up cutting is an amazing, airtight deal, but at this point, I have a very, very difficult time looking at TikTok’s conduct thinking we’re going to cut a technical construct that they’re not going to find a way around.”

A few months ago, Carr sent letters to Apple and Google asking the tech giants to remove TikTok from their respective app stores. The commissioner is now calling for a nationwide ban despite the efforts made by both parties – the US government and TikTok – to come to an agreement.

“Commissioner Carr has no role in or direct knowledge of the confidential discussions with the US government related to TikTok and is not in a position to discuss what those negotiations entail” a TikTok spokesperson responded. “We are confident that we are on a path to reaching an agreement with the US government that will satisfy all reasonable national security concerns.”

For now, it’s still business as usual for a Chinese app in the US, though it may be a good idea for creators to have a backup plan in case of a ban. YouTube Shorts is a good option, and it pays better too.

NIA Starts Probe into Malware Attacks on Social Media of Defense Personnels



 

State Sponsored Hackers

cyber attack Data Privacy Facebook National Security Privacy State Sponsored Hackers

NIA Starts Probe into Malware Attacks on Social Media of Defense Personnels

NIA (National Investigation Agency) has started an inquiry into the use of fake Facebook profile through which various defense personnel was contacted and their devices hacked using malware for personally identifiable information. NIA suspects that the main account was being handled from Pakistan. Vijaywada Counter Intelligence Cell first found the spying campaign in 2020, after which it registered a case under several provisions of IPC, Official Secrets Act, Information Technology Act, and UAPA (Unlawful Activities Prevention Act).

According to the allegation, confidential information related to national security was hacked via remotely deploying a hidden malware into electronic devices, which includes mobile phones and computers, belonging to defense personnels and other defense agencies via a FB account with the profile name "Shanti Patel." Actors handling the account added concerned personnel via private Facebook messenger chats on the web.

The victims' devices were hacked using malware to get unauthorized access to confidential data of computer resources and steal sensitive information with an aim to carry out acts of terrorism and threaten the unity, integrity, and sovereignty of India. As per the report from Counter Intelligence Cell, the threat actors distributed the malware by sending a folder that contained photos of a woman to the defense personnels. The evidence suggests that malware originated somewhere from Islamabad. A similar case happened last year where the police arrested army personnel in Rajasthan, the accused was posted in Sikkim.

The Hindu reports "on October 31, 2020, following a tip-off from the Military Intelligence, the Rajasthan police nabbed one Ramniwas Gaura, a civilian working with a Military Engineering Services (MES) unit. The accused had been contacted using a Facebook profile by someone using pseudonyms Ekta and Jasmeet Kour. They then remained in touch on Whatsapp. "In the recent years, multiple attacks targeting defense agencies using social media have surfaced." The handlers usually send money to the information providers through the ‘hawala’ channel. Several preventive measures have been taken by the agencies concerned,” an official said," says the Hindu.

What is "Sunburst"? A look into the Most Serious Cyberattack in American History



 

Russian Hackers

America cyber espionage Cyberattack National Cyber Security National Security Russia Russian Hackers

What is "Sunburst"? A look into the Most Serious Cyberattack in American History

A number of organisations have been attacked by what has been chronicled as one of the most severe acts of cyber-espionage in history named "Sunburst", the attackers breached the US Treasury, departments of homeland security, state, defence and the National Nuclear Security Administration (NNSA), part of Department of Energy responsible for safeguarding national security via the military application of nuclear science. While 4 out of 5 victims were US organisations, other targets include the UK, the UAE, Mexico, Canada, Spain, Belgium, and Israel.

The attack came in the wake of the recent state-sponsored attack on the US cybersecurity firm FireEye. The company's CEO, Kevin Mandia said in his blog that the attackers primarily sought information pertaining to certain government customers.

FireEye classified the attack as being 'highly sophisticated and customized; on the basis of his 25 years of experience in cybersecurity, Mandia concluded that FireEye has been attacked by a nation with world-class offensive capabilities.

Similarly, last Sunday, the news of SolarWinds being hacked made headlines for what is being called as one of the most successful cyber attacks yet seen. As the attack crippled SolarWinds, its customers were advised to disengage the Orion Platform, which is one of the principal products of SolarWinds – used to monitor the health and performance of networks.

Gauging the amplitude of the attack, the US Department of Homeland Security's Cybersecurity and Infrastructure Agency (CISA) described the security incident as a "serious threat", while other requesting for anonymity labelled it as the "the most serious hacking incident in the United State's history". The attack is ongoing and the number of affected organisations and nations will unquestionably rise. The espionage has been called as "unusual", even in this digital age.

As experts were assessing how the perpetrator managed to bypass the defences of a networking software company like SolarWinds, Rick Holland came up with a theory, "We do know that SolarWinds, in their filing to the Security and Exchange Commission this week, alluded to Microsoft, which makes me think that the initial access into the SolarWinds environment was through a phishing email. So someone clicked on something they thought was benign - turned out it was not benign."

Meanwhile, certain US government officials have alleged Russia for being behind these supply chain attacks, while Russia has constantly denied the allegations as the Russian Embassy wrote on Facebook, "Malicious activities in the information space contradicts the principles of the Russian foreign policy, national interests and our understanding of interstate relations,".

"Russia does not conduct offensive operations in the cyber domain." The embassy added in its post to the US.

NSA Issued Warning Against Russian State-Sponsored Attackers for Exploiting VMware Access



 

Security patches

cyber attack National Cyber Security National Security Security patches

NSA Issued Warning Against Russian State-Sponsored Attackers for Exploiting VMware Access

An advisory warning has been issued by the United States National Security Agency (NSA) on 7th December that Russian malicious actors are posing a big threat to VMware by installing malware on corporate systems and accessing protected data.

The attack came two weeks after the virtualization software company publicly disclosed vulnerabilities. According to the company malicious actor (s) is accessing —VMware workspace one, Connector, Identity Manager, and Identity Manager Connector products for Windows and Linux. However, the identities of malicious actors and when all of this started have not been disclosed.

What is VMware?

VMware is an American Software Company that provides cloud computing and virtualization software and services. VMware was one of the commercially successful companies to virtualize the x86 architecture.

Its desktop software runs on Microsoft Windows, Linux, and macOS, while its enterprise software hypervisor for servers, VMware ESXi, is a bare-metal hypervisor that runs directly on server hardware without requiring an additional underlying operating system.

When The Threat Surfaced?

It was about in late November when Vmware had addressed the attacking threat and pushed temporary workarounds to dig deeper into the issue. However, the ‘escalation-of-privileges ‘bug resolution had to wait till the 3rd of December 2020 to get resolved.

The same day witnessed the United States Cybersecurity and Infrastructure Security Agency (CISA) releasing a brief bulletin to encourage administrators to review, apply, and patch as soon as possible.

Meanwhile, as per the National Security Advisor, VMware didn’t clearly disclose that the bug was being actively exploited by the attackers, which led to adversaries leveraging the vulnerability for launching attacks to steal data and exploit shared authentication systems.

''The misuse via shell injection led to the installation of a web shell and follow up malicious activity where Security Assertion Markup Language (SAML) in the form of authentication assertions generated and sent to Microsoft Active Directory Federation Services, which allow actors access to protected data," the agency said.

What is SAML?

Security Assertion Markup Language or SAML an Open standard for exchanging authentication and authorization data between parties, in particular, between an identity provider and a service provider. SAML is an XML-based markup language for security assertions (statements that service providers use to make access-control decisions).

Besides insisting on the organizations to update compromised systems to the latest version, the agency is also moving forward towards securing strong management.

As of now, the threat hasn’t gone anywhere; the US National Security Advisory has advised the agencies to monitor all the systems, scan server logs for the presence of "exit statements" that indicate possible malicious activity.

Australia: TikTok Undergoing Scrutiny Over Data Security Concerns



 

Tik Tok

data security National Security Privacy Tik Tok

Australia: TikTok Undergoing Scrutiny Over Data Security Concerns

Chinese video-sharing social networking platform, TikTok is undergoing scrutinization in Australia over data security and privacy concerns, according to the government sources.

TikTok is a free app where users can post a minute long videos of short dances, lip-sync, and comedy using a multitude of creative tools at their disposal. The platform differs from other social media platforms in ways where it allows navigation through videos by scrolling up and down instead of usual tapping or swiping.

Recently, the Bytedance owned, TikTok became a hot topic of discussion in both the offices of Home Affairs as well as Attorney-General; reportedly, the issue of privacy concerns drew more attention in the wake of the video-sharing giant opening an office in Australia.

Lately, the platform had been making headlines for 'national security concerns' which was one of the major reasons for Prime Minister Scott Morrison to examine TikTok, he stated that if there will be a need to take more actions than what the government had already been taking, then they won't be shy about it.

Meanwhile, the inquiries carried out by Labor Senator Jenny McAllister put forth a need to scrutinize the app further, given a total of 1.6 million Australians were on TikTok.

In conversation with ABC radio, she told, "Some of these approaches to moderating content might be inconsistent with Australian values,"

"For example, removing material about Tiananmen Square, or deprioritizing material about Hong Kong protests," she added.

In a letter to Australian politicians, Lee Hunter, general manager for TikTok Australia said, it's "critical you understand that we are independent and not aligned with any government, political party or ideology."

Threats to U.S. Space Systems Multiply Rapidly; a Novel Approach Emerges For Protection



 

United States

cyber attack National Security Satellite Technology United States

Threats to U.S. Space Systems Multiply Rapidly; a Novel Approach Emerges For Protection

The increasing vulnerability of U.S. space systems lately has incited its rivals to begin with their development of mechanisms for disabling space assets as a method of 'hobbling the joint force' and subverting the economic performance of the nation.

The purpose of this progression is the dependence of America's military forces which are spread across the world for communications, navigation, reconnaissance, and weather forecasts and that the most critical infrastructure sectors in the U.S. economy depend on space frameworks for fundamental administrations.

As of late certain reports from intelligence agencies indicate that enemies have now started focusing not only on satellites, but also on the ground stations that control them, the links between the satellites and the stations, and the ability of the users to access certain services, like the Global Positioning System.

The reports depict various ways in which the U.S. space capabilities may be debased, from electronic jamming of signs to high-power lasers that visually impair sensors to physical attacks on control centers.

It is clearly evident that the dangers to the U.S. space system are increasing consistently, and cyber-attacks offer the broadest exhibit of alternatives to the greatest grouping of troublemakers.

Against that background, just the previous month a national-security contractor ManTech, came up with a 'novel approach' to deal with protecting military, intelligent, and commercial space assets against cyber-attacks.

Dubbed as Space Range, and it permits users to 'replicate' space networks in a controlled environment with the goal that their vulnerability to cyber aggression can be evaluated. The $2 billion company headquartered in Northern Virginia, has been doing this kind of work for quite a while. It had created the defense department's first cyber test range in 2009, and three years ago even launched an Advanced Cyber Range Environment.

Space Range, which began on May 4, is unique in the sense that it permits profoundly talented cyber experts to attacks exact replicas of satellites, ground stations, uplinks/downlinks, and so forth in a hyper-realistic environment that is air-gapped from the outside world.

As a company press release puts it that gives players the “ability to find hidden vulnerabilities, misconfigurations and software bugs on precise network replications.” The entire framework depends on a software-defined infrastructure model that can be reconfigured in hours as opposed to weeks.

That good news when time and money of the users is concerned, however, the most significant feature of Space Range is that it offers engineers and operators a protected and legitimate setting where to practically investigate the 'hardening' of their overhead resources against cyber-attack.

Nevertheless, with space quickly turning into a field of extraordinary competition, there isn't a lot of uncertainty that the Pentagon's recently introduced Space Force will be 'robustly funded' going ahead.

ManTech's Space Range will in no time, probably transform into a significant tool in assisting the government and industry to figure out where training and hardening outlays should be concentrated.

Minister of the Republic of Tatarstan explained how the "sovereign Internet" in Tatarstan works



 

WhiteHat Hackers

Cyber Security National Cyber Security National Security Tatarstan WhiteHat Hackers

Minister of the Republic of Tatarstan explained how the "sovereign Internet" in Tatarstan works

Airat Khairullin, the Minister of Digital Development of Public Administration, Information Technologies and Communications of the Republic of Tatarstan, told about the main directions of the Ministry's work, the center for digital transformation of the Republic of Tatarstan, as well as about the work of the sovereign Internet in Tatarstan and correspondence in messengers.

"If someone tomorrow decides to physically block the DNS server system for Russia, our IP routing may be disrupted. Therefore, we are talking about allowing traffic to be routed at the junction of Russian and foreign providers."

According to him, Tatarstan has already created the appropriate infrastructure for the sustainable protection of the Internet from external attacks. Thus, all 10 thousand social objects of the Republic are connected to the Internet through the Data Processing Center (DPC) in the IT Park. There is a second data center for disaster resilience in the Council State.

"And technically, if the DPC of the IT Park is destroyed by fire or flood, we have a fault tolerance point, and within this logic, it is also a sovereign Internet," he said.
In an interview with journalists, Khairullin also shared that he uses popular messengers, including the Telegram blocked in Russia.

The Minister also commented on the statement of Pavel Durov regarding the insecurity of using WhatsApp and calls to remove it.

"Any application carries a vulnerability. The question of compromises is to be completely without a phone and use pigeon mail or use messengers," said Khairullin.

On November 12, the Prime Minister of the Republic signed a decree on the establishment of the Tatarstan Digital Technology Center. The new institution was created to improve the quality of life of Tatarstan citizens, accelerate the receipt of public services, as well as simplify the interaction between the state, society and business.

Recall that Khairullin previously said that 7 cyberattacks occur on the DPS every day. Therefore, to improve the security system next year, the Ministry of Digital Affairs of the Republic of Tatarstan has planned a competition for white hat hackers who will have to try to find the shortcomings and vulnerabilities of the Republican website of public services and hack it. The exact date when this experiment will take place has not yet been determined.

Social Media Regulations: Need 3 Months To Frame Rules, Centre Informs SC



 

Social Media

Cyber Security Cyber Security News National Security Social Media

Social Media Regulations: Need 3 Months To Frame Rules, Centre Informs SC

NEW DELHI: The Centre on Monday informed the Supreme Court that it would need 3 more months to finalize the process of updating and notifying the intermediary guidelines for social media in India, as per the reports by PTI. These new rules will be aimed at curbing the alleged exploitation of various social media platforms like Facebook and WhatsApp; major issues like fake news, hate speech, defamatory posts, and anti-national activities will be regulated by the updated guidelines which are expected by the last week of January.

After the top courts inquired about the steps taken on this subject, an affidavit had been filed, in which the government said that the country witnessed an exponential increase in the kind of posts and messages that incite hatred, disrupts social harmony and threatens country’s integrity, and therefore, a greater control over the internet is required to safeguard national security.

On the basis of the appeals filed by social media giants like WhatsApp, Facebook, and Twitter, who argued that the cases will probably have national security implications, the court assembled all the related cases and transferred them to the High Courts. After the government provides the court a draft of revised intermediaries guidelines, the next hearing will take its course, which is expected on January 15.

The Internet has become a powerful tool which can potentially cause “unimaginable disruption to the democratic polity”, The Ministry of Electronics and Information Technology told the court.

Although technology has facilitated economic growth and progress, it also heightened the concerns regarding social harmony and national security. “As the internet has emerged as a potent tool to cause unimaginable disruption to the democratic polity, it was felt that the extant rules be revised for effective regulation of intermediaries, keeping in view the ever-growing threats to individual rights and the nation’s integrity, sovereignty, and security,” remarked the ministry in the affidavit. “After collating and analyzing all the details from stakeholder participation and inter-ministerial consultation, the deponent has bonafide belief that a further period of three months would be required for finalizing and notifying the final revised rules in accordance with law.”

Prior to Tamil Nadu’s agreement on transferring the cases to the top courts, the Attorney Journal said, “WhatsApp and Facebook after coming to India can't say they can't decrypt information.”

The Head of the FSB spoke about the threat of massive terrorist hacker attacks



 

Russia

Cyber Attacks National Cyber Security National Security Russia

The Head of the FSB spoke about the threat of massive terrorist hacker attacks

Director of the FSB Alexander Bortnikov said that terrorist can disguise their hacking attacks under the actions of special services of specific States and this threatened to political and military conflicts. He stated this at the XVIII international meeting of heads of intelligence, security and law enforcement agencies in Sochi.

According to the FSB, terrorist groups create and develop their own cyber units.

Bortnikov called on intelligence agencies of other countries to support Russia's demand to deposit encryption keys for mobile devices. Fighting terrorism is ineffective as long as they use closed channels of communication on the Internet, he explained.

"The main tool of communication between bandits are still Internet Messengers with high crypto protection. In this regard, we consider it a serious problem that a number of the world's leading IT companies do not want to cooperate with intelligence agencies in the field of information security,” Bortnikov said.

He also called on the special services to join efforts in identifying and blocking terrorist and extremist materials on the Internet and to establish cooperation with leading technology companies for this purpose.

Bortnikov also noted that the capabilities of terrorists in the future can grow due to the growing availability of artificial intelligence technologies. And with their help, the militants will be able to analyze large amounts of information, including illegally obtained databases.

In addition, the FSB Director said that international terrorists are increasingly using "confidential cryptocurrencies" to financially fuel their criminal activities. According to Bortnikov, terrorists create shell companies that legally participate in trading on stock exchanges, invest in real estate and various sectors of the economy. At the same time, criminals are increasingly using not bitcoin, but so-called “confidential cryptocurrencies”, which guarantee the anonymity of transactions.

Also, Alexander Bortnikov said about the threat of massive terrorist attacks using unmanned aerial vehicles. According to Bortnikov, the use of unmanned aerial vehicles capable of delivering various cargoes by terrorists will become a "real challenge" for the world's intelligence services.

It is important to add that this year the FSB has identified 39 terrorist attacks in preparation and eliminated 32 terrorists.

Search This Blog

Sections

Popular Posts

Blog Archive

Labels

About Me

Showing result(s) for