Tag Archive for: Broad

Tool created to aid cleanup from Microsoft hack in broad use | Govt-and-politics




Tool created to aid cleanup from Microsoft hack in broad use

FILE – In this Jan. 28, 2020 file photo a Microsoft computer is among items displayed at a Microsoft store in suburban Boston. A tool designed to help businesses protect themselves from further compromises after a global hack of Microsoft email server software has been downloaded more than 25,000 times since it was released last week. That’s according to the White House’s National Security Council. As a result, the number of vulnerable systems has fallen by 45 percent. (AP Photo/Steven Senne, File




WASHINGTON (AP) — A tool designed to help businesses protect themselves from further compromises after a global hack of Microsoft email server software has been downloaded more than 25,000 times since it was released last week, the White House’s National Security Council said Monday.

As a result, the number of vulnerable systems has fallen by 45%, according to an NSC spokesperson.

The one-click Microsoft tool was created to protect against cyberattacks and to scan systems for compromises and fix them. It was developed after a massive hack affecting an estimated tens of thousands of users of servers running Microsoft’s Exchange email program.

The breach was discovered in early January and was attributed to Chinese cyber spies targeting U.S. policy think tanks. Then in late February, five days before Microsoft Corp. issued a patch on March 2, there was an explosion of infiltrations by other intruders, piggybacking on the initial breach.

The White House earlier this month described the hack as an “active threat” that was being addressed by senior national security officials. The administration’s response…

Source…

Hackers’ broad attack sets cyber experts worldwide scrambling to defend networks

(Reuters) -Suspected Russian hackers who broke into U.S. government agencies also spied on less high-profile organizations, including groups in Britain, a U.S. internet provider and a county government in Arizona, according to web records and a security source.

More details were revealed on Friday of the cyber espionage campaign that has computer network security teams worldwide scrambling to limit the damage as a senior official in the outgoing administration of U.S. President Donald Trump explicitly acknowledged Russia’s role in the hack for the first time.

Secretary of State Mike Pompeo said on the Mark Levin radio show “I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity.”

Networking gear maker Cisco Systems Inc said a limited number of machines in some of its labs had been found with malicious software on them, without saying if anything had been taken. A person familiar with the company’s ongoing probe said fewer than 50 were compromised.

In Britain, a small number of organizations were compromised and not in the public sector, a security source said.

Shares in cyber security companies FireEye Inc, Palo Alto Networks and Crowdstrike Holdings rose on Friday as investors bet that the spate of disclosures from Microsoft Corp and others would boost demand for security technology.

Reuters identified Cox Communications Inc and Pima County, Arizona government as victims of the intrusion by running a publicly available coding script here from researchers at Moscow-based private cybersecurity firm Kaspersky. The hack hijacked ubiquitous network management software made by SolarWinds Corp. Kaspersky decrypted online web records left behind by the attackers.

The breaches of U.S. government agencies, first revealed by Reuters on Sunday, hit the Department of Homeland Security, the Treasury Department, State Department and Department of Energy. In some cases the breaches involved monitoring emails but it was unclear what hackers did while infiltrating networks, cybersecurity experts said.

 

Source…

Russian government spies are behind a broad hacking campaign that has breached U.S. agencies and a top cyber firm


The Russian hackers, known by the nicknames APT29 or Cozy Bear, are part of that nation’s foreign intelligence service and breached email systems in some cases, said the people familiar with the intrusions, who spoke on the condition of anonymity because of the sensitivity of the matter. The same Russian group hacked the State Department and the White House email servers during the Obama administration.

The FBI is investigating the campaign and had no comment Sunday.

All of the organizations were breached through the update server of a network management system called SolarWinds, according to four people familiar with the matter.

The company said Sunday in a statement that monitoring products it released in March and June of this year may have been surreptitiously tampered with in a “highly-sophisticated, targeted . . . attack by a nation state.”

The scale of the Russian espionage operation is potentially vast and appears to be large, said several individuals familiar with the matter. “This is looking very, very bad,” said one person. SolarWinds is used by more than 300,000 organizations across the world. They include all five branches of the U.S. military, the Pentagon, State Department, Justice Department, NASA, the Executive Office of the President and the National Security Agency, the world’s top electronic spy agency, according to the firm’s website.

SolarWinds is also used by the top 10 U.S. telecommunications companies.

“This is a big deal, and given what we now know about where breaches happened, I’m expecting the scope to grow as more logs are reviewed,” said John Scott-Railton, a senior researcher at Citizen Lab at the University of Toronto’s Munk School of Global Affairs and Public Policy. “When an aggressive group like this gets an open sesame to many desirable systems, they are going to use it widely.”

Also compromised was a leading cybersecurity firm, FireEye, which last week reported it was breached. The Washington Post reported that APT29 was the group behind that hack.

It is not clear what information was accessed from the government agencies, though FireEye disclosed it has lost hacking tools that the company uses to test clients’…

Source…

FBI Serves Incredibly Broad Warrant To 8chan, Demanding Info On All Users Who Responded To A Shooter’s Post

Internet hellhole 8chan has been hit with a federal search warrant. The site, created to serve those who felt 4chan’s nearly-nonexistent moderation was too restrictive, has been front and center recently due to its hosting of manifestos by mass shooters who apparently frequented the site.

In this case, an investigation into a shooting at a California mosque has led the FBI to the pages of 8chan. Postings at the site — along with some at Facebook — have linked the shooter to the Christchurch shooting in New Zealand. According to the affidavit [PDF], the FBI believes the California mosque shooter was “inspired and/or educated” by the New Zealand’s shooters manifesto and actions.

The Poway shooter is already in custody, so the value of the information sought here is questionable. While the info may have some value in establishing the shooter’s state of mind, as well as his connection to other crimes, the warrant does bear some resemblance to a fishing expedition.

From the affidavit, it appears the feds have no shortage of evidence to use against the shooter:

Using various search methods, Whitney Buckingham an SDSD system data miner, found a manifesto on Pastebin.com written by a person identifying himself as John Earnest. In the manifesto, which he named “An Open Letter”, Earnest made many anti-Semitic and anti-muslim statements. One such statement which is a direct quote is, “As an individual, I can only kill so many Jews.” He states he is not a terrorist but that he hates anyone who he sees as a threat to his country. Earnest took credit for a fire that had been set at mosque in Escondido a few weeks earlier. His exact statement was “I scorched a mosque in Escondido with gasoline a week after Brenton Tarrant’s sacrifice and they never found shit on me. Additionally, he wrote “I spray-painted on the parking lot. I wrote ‘For Brenton Tarrant -t./pol/.”

Tarrant is the New Zealand shooter Earnest apparently tried to emulate. Obviously, the threat of copycat killers is always a concern following mass shootings, but what the government is demanding here has the potential to sweep up dozens of users who did nothing but reply to threads involving the arrested shooter.

Agents seek IP address and metadata information about Earnest’s original posting and the postings of all of the individuals who responded to the subject posting and/or commented about it. Additionally, agents seek information about any other posting coming from the IP address used by Earnest to post the subject posting.

This seems like a lot of people to be investigating for just being in the wrongest place on the internet at the wrong time. The justification for this is speculation that others who viewed the post will either become shooters themselves or somehow conspired with the shooter to carry out this horrible crime in which Earnest was the only shooter.

As discussed above, Earnest made a posting in which he thought to draw attention to his forthcoming attack on the Chabad of Poway, share his views through his open letter, and offer people the opportunity to observe the attack itself. Several people responded, both individuals who were taken aback about the posting as well as people who were sympathizers. As a result, some of the individuals may be potential witnesses, co-conspirators and/ or individuals who are inspired by the subject posting. Based on agents’ training and experience, following attacks such as those conducted by Earnest, other individuals are inspired by the attacks and may act of their own accord.

By its own admission, the FBI is seeking information about posters “taken aback” by Earnest’s post — users unlikely to be “inspired” by the shooting or his co-conspirators. Apparently, the FBI doesn’t trust 8chan to make that assessment, so it’s asking for everything so it can sort through it and draw its own conclusions, engage in its own “non-custodial” interviews, subpoena a number of other service providers for more info, etc.

In fact, the FBI would prefer Ch.net — the host for 8chan — just hand over everything demanded by the warrant without getting involved at all.

In order to accomplish the objective of the search warrant with a minimum of interference with the business activities of Ch.net, to protect the rights of the subject of the investigation and to effectively pursue this investigation, authority is sought to allow Ch.net to make a digital copy of the entire contents of the accounts subject to seizure.

However you may feel about 8chan and its denizens (and I hope those feelings are mostly negative), this is not a justifiable demand for information. The FBI wants everything on everyone in that thread, even as it states some of the users it’s targeting were appalled by what they were seeing. This makes everyone in the thread a suspect and treats anonymous users of this site as inherently suspicious, no matter what their posts actually say.

Permalink | Comments | Email This Story

Techdirt.