Tag Archive for: appears

Russia Appears to Carry Out Hack Through System Used by U.S. Aid Agency

/in


Hackers linked to Russia’s main intelligence agency surreptitiously seized an email system used by the State Department’s international aid agency to burrow into the computer networks of human rights groups and other organizations of the sort that have been critical of President Vladimir V. Putin, Microsoft Corporation disclosed on Thursday.

Discovery of the breach comes only three weeks before President Biden is scheduled to meet Mr. Putin in Geneva, and at a moment of increased tension between the two nations — in part because of a series of increasingly sophisticated cyberattacks emanating from Russia.

The newly disclosed attack was also particularly bold: By breaching the systems of a supplier used by the federal government, the hackers sent out genuine-looking emails to more than 3,000 accounts across more than 150 organizations that regularly receive communications from the United States Agency for International Development. Those emails went out as recently as this week, and Microsoft said it believes the attacks are ongoing.

The email was implanted with code that would give the hackers unlimited access to the computer systems of the recipients, from “stealing data to infecting other computers on a network,” Tom Burt, a Microsoft vice president, wrote on Thursday night.

Last month, Mr. Biden announced a series of new sanctions on Russia and the expulsion of diplomats for a sophisticated hacking operation, called SolarWinds, that used novel methods to breach at least seven government agencies and hundreds of large American companies.

That attack went undetected by the U.S. government for nine months, until it was discovered by a cybersecurity firm. In April, Mr. Biden said he could have responded far more strongly, but “chose to be proportionate” because he did not want “to kick off a cycle of escalation and conflict with Russia.”

The Russian response nonetheless seems to have been escalation. The malicious activity was underway as recently as the past week. That suggests that the sanctions and whatever additional covert actions the White House carried out — part of a strategy of creating “seen and unseen” costs for Moscow — has not choked off the…

Source…

New Mac ransomware is even more sinister than it appears

/in
Scrabble letters sitting atop laptop computer spell Ransomware.

Enlarge (credit: Getty Images)

The threat of ransomware may seem ubiquitous, but there haven’t been too many strains tailored specifically to infect Apple’s Mac computers since the first full-fledged Mac ransomware surfaced only four years ago. So when Dinesh Devadoss, a malware researcher at the firm K7 Lab, published findings on Tuesday about a new example of Mac ransomware, that fact alone was significant. It turns out, though, that the malware, which researchers are now calling ThiefQuest, gets more interesting from there. (Researchers originally dubbed it EvilQuest until they discovered the Steam game series of the same name.)

In addition to ransomware, ThiefQuest has a whole other set of spyware capabilities that allow it to exfiltrate files from an infected computer, search the system for passwords and cryptocurrency wallet data, and run a robust keylogger to grab passwords, credit card numbers, or other financial information as a user types it in. The spyware component also lurks persistently as a backdoor on infected devices, meaning it sticks around even after a computer reboots, and could be used as a launchpad for additional, or “second stage,” attacks. Given that ransomware is so rare on Macs to begin with, this one-two punch is especially noteworthy.

“Looking at the code, if you split the ransomware logic from all the other backdoor logic the two pieces completely make sense as individual malware. But compiling them together you’re kind of like what?” says Patrick Wardle, principal security researcher at the Mac management firm Jamf. “My current gut feeling about all of this is that someone basically was designing a piece of Mac malware that would give them the ability to completely remotely control an infected system. And then they also added some ransomware capability as a way to make extra money.”

Read 11 remaining paragraphs | Comments

Biz & IT – Ars Technica

The NSA Appears To Have Shut Down Its Bulk Collection Of Phone Records

/in

The program considered so “essential” NSA defenders said it couldn’t even be slightly modified is apparently no longer in use. During a recent Lawfare podcast, national security advisor Luke Murry dropped a bit of a bombshell. Charlie Savage summarizes Murry’s comments:

The National Security Agency has quietly shut down a system that analyzes logs of Americans’ domestic calls and texts, according to a senior Republican congressional aide, halting a program that has touched off disputes about privacy and the rule of law since the Sept. 11 attacks.

[…]

Mr. Murry brought up the pending expiration of the Freedom Act, but then disclosed that the Trump administration “hasn’t actually been using it for the past six months.”

“I’m actually not certain that the administration will want to start that back up,” Mr. Murry said.

Murry is referring to the Section 215 bulk data collection. Exposed by the Snowden leaks, Section 215 was modified by the USA Freedom Act, which went into effect June 2015. The biggest modification was where the records were stored. The NSA could no longer collect all phone records from providers and search through the data at its leisure. Instead, it had to provide telcos with lists of targeted numbers. The data remained in the hands of service providers, with the NSA only having access to suspicion-supported phone records.

The alterations to the Section 215 program resulted in the NSA purging a bunch of records that didn’t fit the new parameters. The NSA finally let go of a few of its haystacks, conveniently destroying records integral to multiple lawsuits against the agency. The USA Freedom Act modifications — combined with the NSA’s long history of abusing its collection authorities — seem to have made it impossible for the NSA to continue utilizing its phone records collection program.

The bulk records collection is now in the hands of telcos, resulting in a slimmed-down dataset the NSA didn’t seem particularly enthused to have. Apparently the program is as useless as critics have said it is. The NSA has gone at least six months without asking for data via this authority. This program is due for renewal at the end of this year, but the comments made to Lawfare suggest the NSA may be content to let it expire.

Marcy Wheeler suggests a few underlying motivations for the NSA’s abandonment of the Section 215 collection — and one might be the Supreme Court’s extension of Fourth Amendment protections to cell site location info.

[This] suggests that the problem with the records may not be the volume or the content turned over, but some problem created either by the specific language of the law or (more likely) the House Report on it or by the Carpenter decision. Carpenter came out on June 22, so technically after the NSA claims to have started deleting records on May 23. It also may be that the the NSA realized something was non-compliant with its collection just as it was submitting the 6th set of 180-day applications, and didn’t want to admit to the FISC that it had been breaking the law (which is precisely what happened in 2011 when the government deleted all its PRTT records).

Wheeler says the NSA may have been asking for location data as well to better track the phones it targeted. The IC may have seen the writing on the third-party wall following the Supreme Court’s oral arguments in November 2017. This may account for its plug-pulling a month ahead of the decision’s release.

Or it may be something far less respectful of the Constitution. It could be the NSA has found another way to collect this same data without having to run it by the newly-adversarial FISA court. As Wheeler points out, Section 215 may have been restricted but the powers granted by Executive Order 12333 continue to expand.

Whatever the real motivation, it appears the domestic surveillance program that never prevented a terrorist attack will continue to never prevent terrorist attacks. The upside is we may not be throwing any more tax dollars at a national security program that adds nothing to our nation’s security.

Permalink | Comments | Email This Story

Techdirt.

Congressional hopeful appears at cybersecurity conference – Hornell Evening Tribune

/in

Congressional hopeful appears at cybersecurity conference  Hornell Evening Tribune

Denver, Colo. — Declaring that “Technology alone will not fix the challenge of cyberwarfare,” policy expert Tracy Mitrano called for diplomatic solutions in a …

“cyber warfare news” – read more