Russian Hackers Target Montenegro as Country Joins NATO
Hackers linked to Russia
launched cyberattacks on the Montenegro government just months before the
country joined the North Atlantic Treaty Organization (NATO) and experts
believe these attacks will likely continue.
Despite strong opposition from Russia, Montenegro
officially
joined NATO on June 5. Russia
has threatened to retaliate
but it may have already taken action against Montenegro in cyberspace.
Attacks aimed at the Montenegro government spotted earlier
this year by security firm FireEye leveraged malware and exploits associated
with the Russia-linked threat group known as APT28, Fancy Bear, Pawn Storm,
Strontium, Sofacy, Sednit and Tsar Team.
APT28 has been known
to target Montenegro. In the
latest attacks observed by researchers, the hackers used spear-phishing emails
to deliver malicious documents pertaining to a NATO secretary meeting and a
visit by a European army unit to Montenegro.
(Related). Could
this have started a war? Does the
President believe the FBI is wrong?
Russian Hackers 'Planted False Story' Behind Mideast Crisis
US intelligence officials
believe Russian hackers planted a false news story that led Saudi Arabia and
several allies to sever relations with Qatar, prompting a diplomatic crisis,
CNN reported Tuesday.
FBI experts visited Qatar in late May to analyze an
alleged cyber breach that saw the hackers place the fake story with Qatar's
state news agency, the US broadcaster said.
Saudi Arabia then cited the false item as part of its
reason for instituting a diplomatic and economic blockade against Qatar, the
report said.
Qatar's government said the May 23 news report attributed
false remarks to the emirate's ruler that appeared friendly to Iran and Israel,
and questioned whether US President Donald Trump would last in office,
according to CNN.
… Saudi Arabia,
Egypt, the United Arab Emirates and Bahrain announced Monday they were severing
diplomatic relations and closing air, sea and land links with Qatar.
They accused the tiny Gulf state of harboring extremist
groups and suggested Qatari support for the agenda of Saudi Arabia's regional
archrival Iran. Qatar has strenuously
denied the allegations.
Although Qatar hosts the largest American military airbase
in the Middle East, Trump threw
his weight behind the Saudi-led effort to isolate the emirate in a surprise
move on Tuesday.
He suggested Qatar was funding extremism.
This would not make the Board of Directors or bank
officers or stockholders happy. I can
only hole what they say is true.
Philippine Bank Chaos as Money Goes Missing From Accounts
A major Philippine bank shut down online transactions and
cash machines on Wednesday after money went missing from accounts, triggering
fears it had been hacked even as company officials said it was an internal
computer error.
Customers of Bank of the Philippine Islands (BPI) were
shocked on Wednesday morning to see unauthorized withdrawals and deposits from
their accounts.
BPI said in a statement the problem was caused by an
"internal data processing error" that had been identified.
But it had to close its automatic teller machines (ATMs)
and told its eight million customers they could not do online transactions on
Wednesday as the bank scrambled to fix the problem.
… The bank said
the error had led to some transactions between April 27 and May 2 to be
"double posted" from Tuesday.
Santamaria said she did not know how many of the
166-year-old bank's customers were affected by the glitch. [Perhaps
they could count accounts that had been “double posted?” Bob]
For my Computer Security students.
Organizations Failing to Upgrade Systems, Enforce Patches
Duo Security provides multi-factor authentication to
business. Part of its service includes
behavioral aspects of the device, which means that Duo analyzes the state of
the devices seeking access to its corporate customers' resources. This week the company published its latest
analysis of business device security health: The 2017 Duo Trusted Access Report.
The report (PDF)
presents an analysis of 4.6 million business endpoints, including 3.5 million
mobile phones across multiple industry verticals and geographic regions. In particular, it analyzes the operating
system and browser used on computers, and the enabled security features on
mobile devices.
For my Computer Forensics students.
The Mysterious Printer Code That Could Have Led the FBI to
Reality Winner
… Obviously, the
NSA monitors and records who prints what documents. There’s an audit trail there, which one
imagines an NSA contractor would know.
… If Winner wasn’t found the way the complaint
claims, the mysterious dot code is one other way the FBI could have found her,
as the research blog Errata Security spelled
out in detail.
In fact, the
document that The Intercept
published contains these dots, and the code spells out a date—May 9—that
matches the FBI affidavit’s account of Winner’s printing. It also notes a serial number, which the NSA
could obviously match back up to a machine in their offices.
Interesting legal theory.
Perhaps Tweets are the petards
of social media?
Non profit Knight First Amendment Institute threatens to sue
Trump over blocked Twitter critics
by Sabrina
I. Pacifici on Jun 6, 2017
Poynter – “The Knight First Amendment Institute, a
nonprofit advocacy group based at Columbia University, threatened to take legal
action against President Trump if he does not unblock critics on Twitter. The demand, made in a letter to President Trump,
was sent on behalf of Holly O’Reilly and Joseph M. Papp, two Twitter users who
were blocked by the president’s account after criticizing him on the social
media network. The letter argues that President Trump’s Twitter account constitutes a
“designated public forum” and is subject to the protections of the First
Amendment. According to
precedent established by the Supreme Court, designated public forums are places
“set aside by government for expressive activities” including “parks, sidewalks and areas that have been traditionally
open to political speech and debate.” “This is a context in which the Constitution
precludes the President from making up his own rules,” said Jameel Jaffer, the
Knight Institute’s executive director, in a statement accompanying the
demand…”
(Related).
Russel Neiss created a clever bot to put the president’s
statements in the form of presidential statements. It may look amusing, but it’s not a joke. The president is the president, and what he
says in public is an official statement, not some private citizen’s late-night
Tweets.
Kicking them while they are down?
U.S. Justice Department opposes Wells Fargo on whistle-blower
suit
The U.S. Justice
Department filed a friend-of-the-court brief on Tuesday in a lawsuit brought
against Wells Fargo & Co by two former employees, who were fired after they
reported misdemeanors they had noticed to their supervisors.
The DOJ's filing concluded
that the appellate court, which had earlier dismissed the case, should revisit
and modify its analysis.
… The
filing follows a Supreme Court ruling in February that had also asked the
appellate court to review the matter, the New York Times said in a report.
Still in search of a solution, but here are some tried and
failed methods.
How Not To Fight Terrorism
… In the UK, as in
the US, money has been poured into building a massive surveillance state. New laws continually expanded the power of the
state to monitor British citizens (though the courts are pushing
back). Yet in the two most recent
attacks, collecting it all didn’t help. It probably hurt. Citizens tried
to report suspicions they had about the perpetrators, but couldn’t get
anyone’s attention. When everyone’s a
potential target, it’s hard to find the
needle in the haystack, and building bigger haystacks with artificial
intelligence-driven needle detectors isn’t working. Following up on tips is everyday policing, but
budget cuts to social programs include reductions
in the number of police who can respond to their communities.
For my students who have not been paying attention.
… One study by marketing agency Mediakix found that, on
average, Facebook users spend 35 minutes each day on the platform — adding
up to almost five and a half years of your life.
… It’ll come as no
surprise that over 90 percent of Facebook’s revenue comes from ads. And around 80 percent of that ad revenue comes
specifically from mobile ads.
… In 2012,
Facebook acquired Instagram for $1 billion. Facebook was essentially purchasing the 15
minutes per day that the average Instagram user spends on the app.
Perspective. “We
can, therefore we must?”
Pew – The Internet of Things Connectivity Binge: What Are the
Implications?
by Sabrina
I. Pacifici on Jun 6, 2017
“Despite wide concern about cyberattacks, outages and
privacy violations, most experts believe the Internet of Things will continue to
expand successfully the next few years, tying machines to machines and linking
people to valuable resources, services and opportunities.”
“The Internet of Things (IoT) is in full flower. The expanding collection of connected things
goes mostly unnoticed by the public – sensors, actuators and other items
completing tasks behind the scenes in day-to-day operations of businesses and
government, most of them abetted by machine-to-machine “computiction” – that
is, artificial-intelligence-enhanced communication. The most public items in the burgeoning IoT
are cars, voice-activated assistants,
appliances and other home systems, physician-prescribed or recommended health-monitoring devices, road sensors, public-safety and security devices, smart meters and personal fitness and health trackers for
people and animals – dogs, cats, horses, cows and more. And then there are emerging IoT products that
show how the urge to create connectivity extends to such prosaic items as
toothbrushes, dental floss, hairbrushes, pillows, egg trays, wine bottle
sleeves, baby monitors and changing tables, silverware, umbrellas, all manner
of toys and sporting goods and
remote-controlled pet food dispensers, to name a
few…”
No comments:
Post a Comment