Destructive Hacks Strike Saudi Arabia, Posing Challenge to
Trump
State-sponsored hackers have conducted a series of destructive
attacks on Saudi Arabia over the last two weeks, erasing data and wreaking
havoc in the computer banks of the agency running the country’s airports and
hitting five additional targets, according to two people familiar with an
investigation into the breach.
… Although a probe
by Saudi authorities is still in its early stages, the people said digital
evidence suggests the attacks emanated from Iran. That could present President-elect Donald
Trump with a major national security challenge as he steps into the Oval
Office.
The use of offensive cyber weapons by a nation is
relatively rare and the scale of the latest attacks could trigger a tit-for-tat
cyber war in a region where capabilities have mushroomed ever since an attack
on Saudi Aramco in 2012.
Unlike the Aramco attack or the one by North Korea against
Sony Pictures in 2014, the latest was perpetrated by detonating a cyber weapon
inside the networks of several targets at once, the people said.
… The ferocity of
the attacks appears to have caught Saudi officials by surprise. Thousands of computers were destroyed at the
headquarters of Saudi’s General Authority of Civil Aviation, erasing critical
data and bringing operations there to a halt for several days, according to the
people familiar with the investigation.
Air travel, airport operations and navigation systems
weren’t disrupted by the attack, the authority said in response to questions. The attack affected office administration
systems only, it said.
… As a candidate,
Trump said little about cyber security but he has taken a consistently hard
line on relations with Iran, including saying he would tear up the nuclear
accord.
Possible
Motive
Investigators
piecing together the computer destruction are trying to determine a motive for
the attacks, which occurred between Trump’s election and key OPEC meetings, the
people said.
“Anyone
who did this attack knows it has implications for the nuclear deal,” said James
Lewis, director of the strategic technologies program at the Center for
Strategic and International Studies in Washington.
What is going on here?
Will they simply declare victory on Monday? Or will they need to invade the Ukraine to put
a stop to it?
Russia Says Foreign Spy Agencies Preparing Cyberattacks on
Banks
Russia accused foreign spy agencies of preparing
cyberattacks in dozens of cities to try to undermine its banking system.
Attacks may
begin on Monday with the goal “of destabilizing the financial system
of the Russian Federation, including the activities of a number of major
Russian banks,” the Federal Security Service, the successor body to the
Soviet-era KGB, said in a website statement Friday.
The attackers plan to use servers based in The Netherlands
that belong to a Ukrainian hosting
company, BlazingFast, the security agency known as the FSB said.
… The FSB didn’t
identify the spy agencies it said are involved in preparing the attack on
Russian lenders. Its announcement comes
amid tensions over Ukrainian missile-defense drills taking place near Crimea,
which Russia annexed in 2014.
… BlazingFast has
“plenty of clients leasing our servers” and the company hasn’t been contacted by
law enforcement, Chief Executive Officer Anton Onopriychuk said by phone in
Kiev on Friday.
“We will conduct an internal investigation, but it will
take a lot of time, as it’s like looking for a needle in a haystack,” he said. “That’s why I can neither confirm nor deny
this information at the moment.”
Not all small breaches have equally small consequences.
Dell Cameron reports:
A misconfigured storage device
discovered by a security researcher in October left exposed thousands of internal files belonging to an
explosives-handling company.
The files, which have since been
secured, reportedly included details about facilities in three U.S. states
where explosives are stored.
The leaky file repository
belonged to Allied-Horizontal Wireline
Services(AHWS), a leading wireline company with more than 400 employees and
70 wireline units throughout the United States.
Read more on The
Daily Dot.
Phillet of Phishing network?
Legal raids in five countries seize botnet servers, sinkhole
800,000+ domains
At one point, Avalanche
network was responsible for two-thirds of all phishing attacks.
… A Europol
release on the operation provided more details, stating:
[Five] individuals were arrested,
37 premises were searched, and 39 servers were seized. Victims of malware infections were identified
in over 180 countries. Also, 221 servers
were put offline through abuse notifications sent to the hosting providers. The operation marks the largest-ever use of
sinkholing to combat botnet infrastructures and is unprecedented in its scale,
with over 800 000 domains seized, sinkholed or blocked.
The domains seized have been "sinkholed" to
terminate the operation of the botnet, which is estimated to have spanned over hundreds of thousands of compromised computers
around the world.
Another hack my ‘designated hackers’ can demonstrate to my
Computer Security class.
Bug Allows Activation Lock Bypass on iPhone, iPad
Researchers have found a bug that can be used to
bypass Apple’s Activation Lock feature and gain access to the homescreen of
locked iPhones and iPads running the latest version of iOS.
… When a locked
device is started, users are prompted to connect to a Wi-Fi network. If the “Other Network” option is selected, the
user must enter the name of the network and choose a security protocol (e.g.
WEP, WPA2, etc.). Depending on which
protocol is selected, a username and/or a password must also be entered.
The problem, as researchers discovered, is that there is
no limitation on the number of characters that can be entered into the name,
username and password fields. By
entering very long strings into these fields, an attacker can trigger a crash
that exposes the device’s homescreen.
…and so it begins.
FBI, GCHQ Get Foreign Hacking Authority
Changes to Rule 41 of the federal rules of criminal
procedure come into force today, giving the FBI (with a judicially granted
search warrant) authority to hack computers in any jurisdiction, and potentially
overseas. This happened just two days
after the UK's Investigatory Powers Act (IPA) was granted royal assent and
became law. The latter gives Britain's
Government Communications Headquarters (GCHQ) the legal authority to 'mass
hack' outside of the UK.
It’s the ‘case detail’ that I find interesting.
How Often Does The News Media Bring FOIA Lawsuits?
by Sabrina
I. Pacifici on Dec 1, 2016
The FOIA Project at the Transactional Records Access
Clearinghouse: “Just how active is the news media in taking federal agencies to
court when they don’t promptly turn over the records being sought? Hard data to reliably answer this question has
been extremely limited. FOIAproject.org
today announces an ambitious initiative aimed at filling this void. Starting with the case-by case records on
virtually every FOIA suit now available on FOIAproject.org, the project team examined
and classified each of nearly nine thousand individual names of plaintiffs for
cases filed in federal district court since the beginning of FY 2001. The result is what we have dubbed “The News
Media List” now available at: http://foiaproject.org/plaintiff-media-list/. This never-before available interactive tool
not only identifies each media organization and reporter, but also provides
direct access to a variety of details about every case. For more recent cases, a useful synopsis is given, along with descriptors of the
specific issues involved. Click on a
“case detail” link to pull up the court docket, the actual complaint and court
opinions (where available), and an up-to-date listing of the events and
proceedings that have taken place. To
see who the most active FOIA media filers are, using this interactive tool you
can sort by media name, or by time period and media category…”
Perspective. Even politicians
are becoming interested.
Blockchain tech is our financial future — America can get
ahead of it
It may not have the sexiest of titles, but the new
Congressional Blockchain Caucus could not have come at a better time.
Created by two lawmakers this fall, the bipartisan caucus is designed to raise legislators’
awareness of blockchain technology, an innovative software protocol that logs transactions in an
online ledger distributed across multiple computer networks, allowing parties
to validate the transfer of assets.
It’s a fast-growing business: financial firms are investing $1 billion in blockchain technology this year,
and blockchain startups have received hundreds of millions in venture capital funding since 2013.
… The U.S. Federal Reserve, the People's Bank of China, the Bank of England and Central Bank of Russia have in recent months all signaled
their interest in the technology.
Jobs for my techies.
And an article for my Software Architecture class. Starbucks is another company you don’t think
of as tech-driven.
As Schultz Steps Down, Next Starbucks CEO Brings Tech Savvy
After turning Starbucks Corp. into the world’s largest
coffee chain, Chief Executive Officer Howard Schultz will hand the reins to a
lieutenant who could solidify its role as a technology company.
… The move is a
nod to the company’s growing reputation for innovation: It introduced the
world’s first successful mobile-payment service, beating out the likes of Apple
Inc. and Google Inc., and gets an increasingly large portion of its revenue
from that source.
… Starbucks’
digital and technology prowess has put it ahead of its peers, allowing it to
serve more customers faster. Same-store
sales rose 5 percent in the Americas region in the most recent quarter. Mobile payments accounted for about 25 percent
of U.S. transactions in that period.
Starbucks built on its tech leadership with an order-ahead
feature, which lets customers select and pay for drinks in advance. They then can pick up the beverages at a shop
without waiting in line.
(Related)
… In fact, our latest research with MIT, in which we interviewed more
than 1,000 CEOs (from 131 countries and 27 industries, in organizations of
varying sizes), shows that 90% of executives believe their businesses are being
disrupted or reinvented by digital business models, and 70% believe they do not
have the right skills, leader, or operating structure to adapt. It’s not a good position to be in.
Pretty obvious they were out of touch, wasn’t it?
Margaret
Sullivan on How Trump Trounced the Media
For all my students.
From your favorite Math tutor.
Facebook’s advice to students interested in artificial
intelligence
Math. Math. Oh and perhaps some more math.
… Tech companies
often advocate STEM (science, technology, engineering and math), but
today’s tips are particularly pointed. The
pair specifically note that students should eat their
vegetables take Calc I, Calc II, Calc III, Linear Algebra,
Probability and Statistics as early as possible.
From this list, probability and statistics are perhaps the
most interesting. From what I remember
about high-school, those two subjects are regularly dismissed as too-obvious
strategies for skirting the informal AP Calculus preference of top
colleges and universities (AP Statistics is often thought of as a cop-out by
students).
No comments:
Post a Comment