Friday, December 02, 2016
Many countries will test our new president to see what they can get away with. This article suggests cyber-attacks may be part of the testing.
Destructive Hacks Strike Saudi Arabia, Posing Challenge to Trump
State-sponsored hackers have conducted a series of destructive attacks on Saudi Arabia over the last two weeks, erasing data and wreaking havoc in the computer banks of the agency running the country’s airports and hitting five additional targets, according to two people familiar with an investigation into the breach.
… Although a probe by Saudi authorities is still in its early stages, the people said digital evidence suggests the attacks emanated from Iran. That could present President-elect Donald Trump with a major national security challenge as he steps into the Oval Office.
The use of offensive cyber weapons by a nation is relatively rare and the scale of the latest attacks could trigger a tit-for-tat cyber war in a region where capabilities have mushroomed ever since an attack on Saudi Aramco in 2012.
Unlike the Aramco attack or the one by North Korea against Sony Pictures in 2014, the latest was perpetrated by detonating a cyber weapon inside the networks of several targets at once, the people said.
… The ferocity of the attacks appears to have caught Saudi officials by surprise. Thousands of computers were destroyed at the headquarters of Saudi’s General Authority of Civil Aviation, erasing critical data and bringing operations there to a halt for several days, according to the people familiar with the investigation.
Air travel, airport operations and navigation systems weren’t disrupted by the attack, the authority said in response to questions. The attack affected office administration systems only, it said.
… As a candidate, Trump said little about cyber security but he has taken a consistently hard line on relations with Iran, including saying he would tear up the nuclear accord.
Investigators piecing together the computer destruction are trying to determine a motive for the attacks, which occurred between Trump’s election and key OPEC meetings, the people said.
“Anyone who did this attack knows it has implications for the nuclear deal,” said James Lewis, director of the strategic technologies program at the Center for Strategic and International Studies in Washington.
What is going on here? Will they simply declare victory on Monday? Or will they need to invade the Ukraine to put a stop to it?
Russia Says Foreign Spy Agencies Preparing Cyberattacks on Banks
Russia accused foreign spy agencies of preparing cyberattacks in dozens of cities to try to undermine its banking system.
Attacks may begin on Monday with the goal “of destabilizing the financial system of the Russian Federation, including the activities of a number of major Russian banks,” the Federal Security Service, the successor body to the Soviet-era KGB, said in a website statement Friday.
The attackers plan to use servers based in The Netherlands that belong to a Ukrainian hosting company, BlazingFast, the security agency known as the FSB said.
… The FSB didn’t identify the spy agencies it said are involved in preparing the attack on Russian lenders. Its announcement comes amid tensions over Ukrainian missile-defense drills taking place near Crimea, which Russia annexed in 2014.
… BlazingFast has “plenty of clients leasing our servers” and the company hasn’t been contacted by law enforcement, Chief Executive Officer Anton Onopriychuk said by phone in Kiev on Friday.
“We will conduct an internal investigation, but it will take a lot of time, as it’s like looking for a needle in a haystack,” he said. “That’s why I can neither confirm nor deny this information at the moment.”
Not all small breaches have equally small consequences.
Dell Cameron reports:
A misconfigured storage device discovered by a security researcher in October left exposed thousands of internal files belonging to an explosives-handling company.
The files, which have since been secured, reportedly included details about facilities in three U.S. states where explosives are stored.
The leaky file repository belonged to Allied-Horizontal Wireline Services(AHWS), a leading wireline company with more than 400 employees and 70 wireline units throughout the United States.
Read more on The Daily Dot.
Phillet of Phishing network?
Legal raids in five countries seize botnet servers, sinkhole 800,000+ domains
At one point, Avalanche network was responsible for two-thirds of all phishing attacks.
… A Europol release on the operation provided more details, stating:
[Five] individuals were arrested, 37 premises were searched, and 39 servers were seized. Victims of malware infections were identified in over 180 countries. Also, 221 servers were put offline through abuse notifications sent to the hosting providers. The operation marks the largest-ever use of sinkholing to combat botnet infrastructures and is unprecedented in its scale, with over 800 000 domains seized, sinkholed or blocked.
The domains seized have been "sinkholed" to terminate the operation of the botnet, which is estimated to have spanned over hundreds of thousands of compromised computers around the world.
Another hack my ‘designated hackers’ can demonstrate to my Computer Security class.
Bug Allows Activation Lock Bypass on iPhone, iPad
Researchers have found a bug that can be used to bypass Apple’s Activation Lock feature and gain access to the homescreen of locked iPhones and iPads running the latest version of iOS.
… When a locked device is started, users are prompted to connect to a Wi-Fi network. If the “Other Network” option is selected, the user must enter the name of the network and choose a security protocol (e.g. WEP, WPA2, etc.). Depending on which protocol is selected, a username and/or a password must also be entered.
The problem, as researchers discovered, is that there is no limitation on the number of characters that can be entered into the name, username and password fields. By entering very long strings into these fields, an attacker can trigger a crash that exposes the device’s homescreen.
…and so it begins.
FBI, GCHQ Get Foreign Hacking Authority
Changes to Rule 41 of the federal rules of criminal procedure come into force today, giving the FBI (with a judicially granted search warrant) authority to hack computers in any jurisdiction, and potentially overseas. This happened just two days after the UK's Investigatory Powers Act (IPA) was granted royal assent and became law. The latter gives Britain's Government Communications Headquarters (GCHQ) the legal authority to 'mass hack' outside of the UK.
It’s the ‘case detail’ that I find interesting.
How Often Does The News Media Bring FOIA Lawsuits?
by Sabrina I. Pacifici on Dec 1, 2016
The FOIA Project at the Transactional Records Access Clearinghouse: “Just how active is the news media in taking federal agencies to court when they don’t promptly turn over the records being sought? Hard data to reliably answer this question has been extremely limited. FOIAproject.org today announces an ambitious initiative aimed at filling this void. Starting with the case-by case records on virtually every FOIA suit now available on FOIAproject.org, the project team examined and classified each of nearly nine thousand individual names of plaintiffs for cases filed in federal district court since the beginning of FY 2001. The result is what we have dubbed “The News Media List” now available at: http://foiaproject.org/plaintiff-media-list/. This never-before available interactive tool not only identifies each media organization and reporter, but also provides direct access to a variety of details about every case. For more recent cases, a useful synopsis is given, along with descriptors of the specific issues involved. Click on a “case detail” link to pull up the court docket, the actual complaint and court opinions (where available), and an up-to-date listing of the events and proceedings that have taken place. To see who the most active FOIA media filers are, using this interactive tool you can sort by media name, or by time period and media category…”
Perspective. Even politicians are becoming interested.
Blockchain tech is our financial future — America can get ahead of it
It may not have the sexiest of titles, but the new Congressional Blockchain Caucus could not have come at a better time.
Created by two lawmakers this fall, the bipartisan caucus is designed to raise legislators’ awareness of blockchain technology, an innovative software protocol that logs transactions in an online ledger distributed across multiple computer networks, allowing parties to validate the transfer of assets.
It’s a fast-growing business: financial firms are investing $1 billion in blockchain technology this year, and blockchain startups have received hundreds of millions in venture capital funding since 2013.
… The U.S. Federal Reserve, the People's Bank of China, the Bank of England and Central Bank of Russia have in recent months all signaled their interest in the technology.
Jobs for my techies. And an article for my Software Architecture class. Starbucks is another company you don’t think of as tech-driven.
As Schultz Steps Down, Next Starbucks CEO Brings Tech Savvy
After turning Starbucks Corp. into the world’s largest coffee chain, Chief Executive Officer Howard Schultz will hand the reins to a lieutenant who could solidify its role as a technology company.
… The move is a nod to the company’s growing reputation for innovation: It introduced the world’s first successful mobile-payment service, beating out the likes of Apple Inc. and Google Inc., and gets an increasingly large portion of its revenue from that source.
… Starbucks’ digital and technology prowess has put it ahead of its peers, allowing it to serve more customers faster. Same-store sales rose 5 percent in the Americas region in the most recent quarter. Mobile payments accounted for about 25 percent of U.S. transactions in that period.
Starbucks built on its tech leadership with an order-ahead feature, which lets customers select and pay for drinks in advance. They then can pick up the beverages at a shop without waiting in line.
… In fact, our latest research with MIT, in which we interviewed more than 1,000 CEOs (from 131 countries and 27 industries, in organizations of varying sizes), shows that 90% of executives believe their businesses are being disrupted or reinvented by digital business models, and 70% believe they do not have the right skills, leader, or operating structure to adapt. It’s not a good position to be in.
Pretty obvious they were out of touch, wasn’t it?
Margaret Sullivan on How Trump Trounced the Media
For all my students. From your favorite Math tutor.
Facebook’s advice to students interested in artificial intelligenceMath. Math. Oh and perhaps some more math.
… Tech companies often advocate STEM (science, technology, engineering and math), but today’s tips are particularly pointed. The pair specifically note that students should
vegetables take Calc I, Calc II, Calc III, Linear Algebra,
Probability and Statistics as early as possible.
From this list, probability and statistics are perhaps the most interesting. From what I remember about high-school, those two subjects are regularly dismissed as too-obvious strategies for skirting the informal AP Calculus preference of top colleges and universities (AP Statistics is often thought of as a cop-out by students).