An anonymous reader quotes a report from Motherboard: On Tuesday, 40 civil rights groups published an open letter calling on MGM Television executives to cancel the studio's upcoming reality show Ring Nation, which will feature former NSA employee and comedian Wanda Sykes presenting humorous surveillance footage captured from Ring doorbell cameras. The groups say the studio is "normalizing and promoting Amazon Ring's dangerous network of surveillance cameras," which, along with the Neighbors app, "violate basic privacy rights, fuel surveillance-based policing that disproportionately targets people of color and threatens abortion seekers, and enables vigilantes to surveil their neighbors and racially profile bystanders."

There's just one potential problem with the well-intentioned campaign: Amazon owns Ring, producer Big Fish Entertainment, and distributor MGM, and it also owns the Prime Video streaming service should it need somewhere to air it. It also has specific partnerships with thousands of police departments around the country should they happen to prove useful. This tower of vertical integration means that Ring Nation is a show designed from the ground up to leverage Amazon's vast monopoly to push its own product on Americans, and it also means that it will probably (but not definitely) be impossible to kill. There's very little chance that MGM executives will push back on the project when it's probably exactly the type of thing Amazon imagined being able to do when it spent $8.5 billion on a merger with MGM this year. "Ring Nation is not a comedy but rather a propaganda strategy to normalize and further digitize racial profiling in our communities. Truthfully the cognitive dissonance about the dangers of these tools is a real concern. It's striking to see a host who has been such a vocal supporter of racial justice protesters defend the very tech that was used to surveil activists during the uprisings in 2020," said Myaisha Hayes, campaign strategy director at Cancel Ring Nation co-organizer Media Justice, in a statement.

"The Ring Nation reality-TV series is anything but funny. It weaponizes the joy of our daily lives in an attempt to manufacture a PR miracle for scandal-ridden Amazon," Evan Greer, director of co-organizer Fight for the Future, said in a statement. "By normalizing surveillance, it will teach our children to relinquish their privacy in exchange for a quick laugh. In the coming weeks, Fight for the Future, Media Justice, and our org partners will be mobilizing our supporters and forming a loud and fearless coalition of civil rights groups to cancel Ring Nation," Greer said.

The show is set to launch on Sept. 26, though it hasn't been announced which networks will carry it.

hackingbear shares a report from Gizmodo: China claims that America's National Security Agency used sophisticated cyber tools to hack into an elite research university on Chinese soil. The attack allegedly targeted the Northwestern Polytechnical University in Xi'an (not to be confused with a California school of the same name), which is highly ranked in the global university index for its science and engineering programs. The U.S. Justice Department has referred to the school as a "Chinese military university that is heavily involved in military research and works closely with the People's Liberation Army," painting it as a reasonable target for digital infiltration from an American perspective.

China's National Computer Virus Emergency Response Center (CVERC) recently published a report attributing the hack to the Tailored Access Operations group (TAO) -- an elite team of NSA hackers which first became publicly known via the Snowden Leaks back in 2013, helps the U.S. government break into networks all over the world for the purposes of intelligence gathering and data collection. [CVERC identified 41 TAO tools involved in the case.] One such tool, dubbed 'Suctionchar,' is said to have helped infiltrate the school's network by stealing account credentials from remote management and file transfer applications to hijack logins on targeted servers. The report also mentions the exploitation of Bvp47, a backdoor in Linux that has been used in previous hacking missions by the Equation Group -- another elite NSA hacking team. According to CVERC, traces of Suctionchar have been found in many other Chinese networks besides Northwestern's, and the agency has accused the NSA of launching more than 10,000 cyberattacks on China over the past several years.

On Sunday, the allegations against the NSA were escalated to a diplomatic complaint. Yang Tao, the director-general of American affairs at China's Ministry of Foreign Affairs, published a statement affirming the CVERC report and claiming that the NSA had "seriously violated the technical secrets of relevant Chinese institutions and seriously endangered the security of China's critical infrastructure, institutions and personal information, and must be stopped immediately."

Beijing this week accused the United States of launching "tens of thousands" of cyberattacks on China and pilfering troves of sensitive data, including from a public research university. From a report: Washington has accused Beijing of cyberattacks against US businesses and government agencies, one of the issues over which ties between the two powers have nosedived in recent years. China has consistently denied the claims and in turn lashed out against alleged US cyber espionage, but has rarely made public disclosures of specific attacks. But a report released Monday by its National Computer Virus Emergency Response Center (CVERC) accused the US National Security Agency (NSA) of carrying out "tens of thousands of malicious attacks on network targets in China in recent years." It specifically accused the NSA's Office of Tailored Access Operations (TAO) of infiltrating the Northwestern Polytechnical University in the city of Xi'an.

An anonymous reader quotes a report from the Guardian: The US National Security Agency (NSA) tried to persuade its British counterpart to stop the Guardian publishing revelations about secret mass data collection from the NSA contractor, Edward Snowden, according to a new book. Sir Iain Lobban, the head of Government Communications Headquarters (GCHQ), was reportedly called with the request in the early hours of June 6, 2013 but rebuffed the suggestion that his agency should act as a censor on behalf of its US partner in electronic spying.

The late-night call and the British refusal to shut down publication of the leaks was the first of several episodes in which the Snowden affair caused rifts within the Five Eyes signals intelligence coalition, recounted in a new book to be published on Thursday, The Secret History of Five Eyes, by film-maker and investigative journalist Richard Kerbaj. According to Kerbaj, Lobban was aware of the importance of the particularly special relationship between the US and UK intelligence agencies but thought "the proposition of urging a newspaper to spike the article for the sake of the NSA seemed a step too far." "It was neither the purpose of his agency nor his own to deal with the NSA's public relations," Kerbaj writes.

In October 2013, the then prime minister, David Cameron, later threatened the use of injunctions or other "tougher measures" to stop further publication of Snowden's leaks about the mass collection of phone and internet communications by the NSA and GCHQ. However, the DA-Notice committee, the body which alerts the UK media to the potential damage a story might cause to national security, told the Guardian at the time that nothing it had published had put British lives at risk. In the new book, Kerbaj reports that the US-UK intelligence relationship was further strained when the head of the NSA, Gen Keith Alexander, failed to inform Lobban that the Americans had identified Snowden, a Hawaii-based government contractor, as the source of the stories, leaving the British agency investigating its own ranks in the search for the leaker. GCHQ did not discover Snowden's identity until he went public in a Guardian interview. "It was a chilling reminder of how important you are, or how important you're not," a senior British intelligence insider is quoted as saying in the book. The book also alleges that members of Five Eyes were outraged by the revelations but weren't prepared to challenge the Americans "out of anxiety that they could be cut off from the flow of intelligence," reports the Guardian. Only the British representatives openly questioned U.S. practices, although they too "decided to bite their tongues when it came to frustration with their U.S. counterparts..."

Sir Kim Darroch, the former UK national security adviser, is quoted in the book as saying: "The US give us more than we give them so we just have to basically get on with it."

Patrick Wardle, founder of the Objective-See Foundation, a nonprofit that creates open-source security tools for macOS, has had his code make its way into a number of commercial products over the years -- "all without the users crediting him or licensing and paying for the work," reports The Verge. Wardle, a Mac malware specialist and former employee of the NSA and NASA, will lay out his case in a presentation today at the Black Hat cybersecurity conference with Tom McGuire, a cybersecurity researcher at Johns Hopkins University. From the report: The problem, Wardle says, is that it's difficult to prove that the code was stolen rather than implemented in a similar way by coincidence. Fortunately, because of Wardle's skill in reverse-engineering software, he was able to make more progress than most. "I was only able to figure [the code theft] out because I both write tools and reverse engineer software, which is not super common," Wardle told The Verge in a call before the talk. "Because I straddle both of these disciplines I could find it happening to my tools, but other indie developers might not be able to, which is the concern."

One of the central examples in Wardle's case is a software tool called OverSight, which Wardle released in 2016. Oversight was developed as a way to monitor whether any macOS applications were surreptitiously accessing the microphone or webcam, with much success: it was effective not only as a way to find Mac malware that was surveilling users but also to uncover the fact that a legitimate application like Shazam was always listening in the background. [...] But years after Oversight was released, he was surprised to find a number of commercial applications incorporating similar application logic in their own products -- even down to replicating the same bugs that Wardle's code had.

Three different companies were found to be incorporating techniques lifted from Wardle's work in their own commercially sold software. None of the offending companies are named in the Black Hat talk, as Wardle says that he believes the code theft was likely the work of an individual employee, rather than a top-down strategy. The companies also reacted positively when confronted about it, Wardle says: all three vendors he approached reportedly acknowledged that his code had been used in their products without authorization, and all eventually paid him directly or donated money to the Objective-See Foundation. The Verge notes that Wardle's cousin Josh Wardle created the popular Wordle game, which was purchased earlier this year by The New York Times.

An anonymous reader quotes a report from MIT Technology Review: "People are realizing now: wait a minute, literally everything we do is underpinned by Linux," says Dave Aitel, a cybersecurity researcher and former NSA computer security scientist. "This is a core technology to our society. Not understanding kernel security means we can't secure critical infrastructure." Now DARPA, the US military's research arm, wants to understand the collision of code and community that makes these open-source projects work, in order to better understand the risks they face. The goal is to be able to effectively recognize malicious actors and prevent them from disrupting or corrupting crucially important open-source code before it's too late. DARPA's "SocialCyber" program is an 18-month-long, multimillion-dollar project that will combine sociology with recent technological advances in artificial intelligence to map, understand, and protect these massive open-source communities and the code they create. It's different from most previous research because it combines automated analysis of both the code and the social dimensions of open-source software.

Here's how the SocialCyber program works. DARPA has contracted with multiple teams of what it calls "performers," including small, boutique cybersecurity research shops with deep technical chops. One such performer is New York -- based Margin Research, which has put together a team of well-respected researchers for the task. Margin Research is focused on the Linux kernel in part because it's so big and critical that succeeding here, at this scale, means you can make it anywhere else. The plan is to analyze both the code and the community in order to visualize and finally understand the whole ecosystem.

Margin's work maps out who is working on what specific parts of open-source projects. For example, Huawei is currently the biggest contributor to the Linux kernel. Another contributor works for Positive Technologies, a Russian cybersecurity firm that -- like Huawei -- has been sanctioned by the US government, says Aitel. Margin has also mapped code written by NSA employees, many of whom participate in different open-source projects. "This subject kills me," says d'Antoine of the quest to better understand the open-source movement, "because, honestly, even the most simple things seem so novel to so many important people. The government is only just realizing that our critical infrastructure is running code that could be literally being written by sanctioned entities. Right now." This kind of research also aims to find underinvestment -- that is critical software run entirely by one or two volunteers. It's more common than you might think -- so common that one common way software projects currently measure risk is the "bus factor": Does this whole project fall apart if just one person gets hit by a bus? SocialCyber will also tackle other open-source projects too, such as Python which is "used in a huge number of artificial-intelligence and machine-learning projects," notes the report. "The hope is that greater understanding will make it easier to prevent a future disaster, whether it's caused by malicious activity or not."

An anonymous reader quotes a report from BleepingComputer: The National Security Agency (NSA) and cybersecurity partner agencies issued an advisory today recommending system administrators to use PowerShell to prevent and detect malicious activity on Windows machines. PowerShell is frequently used in cyberattacks, leveraged mostly in the post-exploitation stage, but the security capabilities embedded in Microsoft's automation and configuration tool can also benefit defenders in their forensics efforts, improve incident response, and to automate repetitive tasks. The NSA and cyber security centers in the U.S. (CISA), New Zealand (NZ NCSC), and the U.K. (NCSC-UK) have created a set of recommendations for using PowerShell to mitigate cyber threats instead of removing or disabling it, which would lower defensive capabilities.

Reducing the risk of threat actors abusing PowerShell requires leveraging capabilities in the framework such as PowerShell remoting, which does not expose plain-text credentials when executing commands remotely on Windows hosts. Administrators should be aware that enabling this feature on private networks automatically adds a new rule in Windows Firewall that permits all connections. Customizing Windows Firewall to allow connections only from trusted endpoints and networks helps reduce an attacker's chance for successful lateral movement. For remote connections, the agencies advise using the Secure Shell protocol (SSH), supported in PowerShell 7, to add the convenience and security of public-key authentication:

- remote connections don't need HTTPS with SSL certificates
- no need for Trusted Hosts, as required when remoting over WinRM outside a domain
- secure remote management over SSH without a password for all commands and connections
- PowerShell remoting between Windows and Linux hosts

Another recommendation is to reduce PowerShell operations with the help of AppLocker or Windows Defender Application Control (WDAC) to set the tool to function in Constrained Language Mode (CLM), thus denying operations outside the policies defined by the administrator. Recording PowerShell activity and monitoring the logs are two recommendations that could help administrators find signs of potential abuse. The NSA and its partners propose turning on features like Deep Script Block Logging (DSBL), Module Logging, and Over-the-Shoulder transcription (OTS). The first two enable building a comprehensive database of logs that can be used to look for suspicious or malicious PowerShell activity, including hidden action and the commands and scripts used in the process. With OTS, administrators get records of every PowerShell input or output, which could help determine an attacker's intentions in the environment. The full document, titled "Keeping PowerShell: Security Measures to Use and Embrace" is available here (PDF).

Several US federal agencies today revealed that Chinese-backed threat actors have targeted and compromised major telecommunications companies and network service providers to steal credentials and harvest data. BleepingComputer reports: As the NSA, CISA, and the FBI said in a joint cybersecurity advisory published on Tuesday, Chinese hacking groups have exploited publicly known vulnerabilities to breach anything from unpatched small office/home office (SOHO) routers to medium and even large enterprise networks. Once compromised, the threat actors used the devices as part of their own attack infrastructure as command-and-control servers and proxy systems they could use to breach more networks.

"Upon gaining an initial foothold into a telecommunications organization or network service provider, PRC state-sponsored cyber actors have identified critical users and infrastructure including systems critical to maintaining the security of authentication, authorization, and accounting," the advisory explains. The attackers then stole credentials to access underlying SQL databases and used SQL commands to dump user and admin credentials from critical Remote Authentication Dial-In User Service (RADIUS) servers.

"Armed with valid accounts and credentials from the compromised RADIUS server and the router configurations, the cyber actors returned to the network and used their access and knowledge to successfully authenticate and execute router commands to surreptitiously route, capture, and exfiltrate traffic out of the network to actor-controlled infrastructure," the federal agencies added. The three federal agencies said the following common vulnerabilities and exposures (CVEs) are the network device CVEs most frequently exploited by Chinese-backed state hackers since 2020. "The PRC has been exploiting specific techniques and common vulnerabilities since 2020 to use to their advantage in cyber campaigns," the NSA added. Organizations can protect their networks by applying security patches as soon as possible, disabling unnecessary ports and protocols to shrink their attack surface, and replacing end-of-life network infrastructure that no longer receives security patches.

The agencies "also recommend networks to block lateral movement attempts and enabling robust logging and internet-exposed services to detect attack attempts as soon as possible," adds BleepingComputer.

The US is readying new encryption standards that will be so ironclad that even the nation's top code-cracking agency says it won't be able to bypass them. From a report: The National Security Agency has been involved in parts of the process but insists it has no way of bypassing the new standards. "There are no backdoors," said Rob Joyce, the NSA's director of cybersecurity at the National Security Agency, in an interview. A backdoor enables someone to exploit a deliberate, hidden flaw to break encryption. An encryption algorithm developed by the NSA was dropped as a federal standard in 2014 amid concerns that it contained a backdoor. The new standards are intended to withstand quantum computing, a developing technology that is expected to be able to solve math problems that today's computers can't. But it's also one that the White House fears could allow the encrypted data that girds the U.S. economy -- and national security secrets -- to be hacked.

The U.S. National Security Agency has re-awarded a $10 billion cloud computing contract to Amazon Web Services after it was forced to review the contract. From a report: Code-named WildandStormy, the contract was initially awarded to AWS in August. Because the deal concerns national security, the full details are not known but it's believed to be part of the NSA's attempt to modernize its primary classified data repository. The repository itself is thought to be a data fusion environment into which the agency aggregates much of the intelligence information it collects. The stumbling block to AWS being awarded the contract came in October when the Government Accountability Office called on the NSA to reevaluate the proposals submitted by AWS and Microsoft Corp. after Microsoft challenged the awarding of the contract to AWS. The GAO said at the time that it "found certain aspects of the agency's evaluation to be unreasonable and, in light thereof, recommended that NSA reevaluate the proposals consistent with the decision and make a new source selection determination." In December, it was revealed that the GAO had ruled that the NSA improperly assessed technical proposals from Microsoft "in a way that was inconsistent with the terms of the solicitation." The GAO also recommended that the NSA reevaluate the proposal and potentially make a new source selection. The NSA did reevaluate the proposals and decided to re-award the contract to AWS anyway.

A former NSA computer scientist is disgusted with the current state of security practices, writes ITWire. Slashdot reader samuel_the_fool shares their report: Patching of vulnerabilities is the security industry's equivalent of thoughts and prayers, a prominent American security expert has said during a debate on the topic "Patching is useless" at a recent online conference named Hack At The Harbor. Dave Aitel, 46, a former NSA computer scientist who ran his own security shop, Immunity, for many years, said the remedies proposed by security vendors and big technology companies had served to lull people into a false sense of security all these years and ensure that all the old problems still remained.... Aitel pointed out that if there were vulnerable devices on a network, then they should be removed and substituted with others, rather than being continuously patched....

Aitel was no less severe on Linux, noting that the biggest contributor to the kernel was the Chinese telecommunications vendor Huawei Technologies, which he claimed had been indicted by the US, and asking how one could rest content if so many patches were coming from a company of this kind.

On the positive side, he had praise for ChromeOS, an operating system that is produced by Google, and recommended the use of Chromebooks rather Windows machines.

Aitel called for vulnerability management, advocating the government as the best entity to handle this. His argument was that no other entity had sufficient power to push back against the lobby of the big software vendors and the security industry.

Anomaly Six, a secretive government contractor, claims to monitor the movements of billions of phones around the world and unmask spies with the press of a button. Reader BeerFartMoron shares a report: In the months leading up to Russia's invasion of Ukraine, two obscure American startups met to discuss a potential surveillance partnership that would merge the ability to track the movements of billions of people via their phones with a constant stream of data purchased directly from Twitter. According to Brendon Clark of Anomaly Six -- or "A6" -- the combination of its cellphone location-tracking technology with the social media surveillance provided by Zignal Labs would permit the U.S. government to effortlessly spy on Russian forces as they amassed along the Ukrainian border, or similarly track Chinese nuclear submarines. To prove that the technology worked, Clark pointed A6's powers inward, spying on the National Security Agency and CIA, using their own cellphones against them.

Virginia-based Anomaly Six was founded in 2018 by two ex-military intelligence officers and maintains a public presence that is scant to the point of mysterious, its website disclosing nothing about what the firm actually does. But there's a good chance that A6 knows an immense amount about you. The company is one of many that purchases vast reams of location data, tracking hundreds of millions of people around the world by exploiting a poorly understood fact: Countless common smartphone apps are constantly harvesting your location and relaying it to advertisers, typically without your knowledge or informed consent, relying on disclosures buried in the legalese of the sprawling terms of service that the companies involved count on you never reading.

wiredmikey writes: The U.S government is sounding a loud alarm after discovering new custom tools capable of full system compromise and disruption of ICS/SCADA devices and servers. A joint advisory from the Department of Energy, CISA, NSA and the FBI warned that unidentified APT actors have created specialized tools capable of causing major damage to PLCs from Schneider Electric and OMRON Corp. and servers from open-source OPC Foundation. Privately owned ICS security firm Dragos issued a separate notice documenting what is now the seventh known industrial control system (ICS)-specific malware. "[This] is a modular ICS attack framework that an adversary could leverage to cause disruption, degradation, and possibly even destruction depending on targets and the environment," the company said.

David Spirk, the chief data officer for America's Department of Defense, "called for the Pentagon to make urgent investments to defend against potential espionage from quantum computers" that could crack the encryption on sensitive data, Bloomberg reports: "I don't think that there's enough senior leaders getting their heads around the implications of quantum," Spirk said. "Like AI, I think that's a new wave of compute that when it arrives is going to be a pretty shocking moment to industry and government alike."

"We have to pick up pace because we have competitors who are also attempting to accelerate," he added.

Spirk's comments come amid warnings that U.S. adversaries, particularly China, are aggressively pursuing advanced technologies that could radically accelerate the pace of modern warfare. China is investing in AI and quantum sciences as part of its plan to become an innovation superpower, according to the Pentagon's latest annual report to Congress on China's military power. China is "at or near the lead on numerous science fields," including AI and quantum, it said. The National Security Agency, meanwhile, said last year that the adversarial use of a quantum computer "could be devastating" to the U.S. and its national security systems. The NSA said it could take 20 years or more to roll out new post-quantum cryptography that would resist such code-cracking.

Tim Gorman, a spokesperson at the Pentagon, said the Department of Defense was taking post-quantum cryptography seriously and coordinating with Congress and across government agencies. He added there was "a significant effort" underway.

A January presidential memo further charged agencies with establishing a timeline for transitioning to quantum resistant cryptography.

A research center housing a nuclear neutron source facility held at the Kharkiv Institute of Physics and Technology in eastern Ukraine was hit by Russian forces on Sunday, per a report from the state nuclear inspectorate. Motherboard reports: In a release published Sunday evening, the inspectorate called the blast "nuclear terrorism," spelling out a list of damages: a substation, which connects the plant to the electrical grid, on which the plant runs; cables within the facility's cooling system, which effectively prevent the plant from a meltdown; a heating line between structures in the facility; surface damages to the building that houses the structure; and windows across a number of buildings within the installation. "This list of damages is not complete so far. Currently, information on the consequences of the damages is being specified by the personnel," the report reads. An updated report following further inspection located no additional damage this morning.

The Security Service of Ukraine's Kharkiv branch said destruction of the facility could lead to "environmental disaster," the Kyiv Independent reported Sunday. Russian state-owned news agency TASS reported Sunday that the attacks were in fact brought on by Ukraine, a line that has since been debunked. The reactor, known as the NSA "Neutron Source" was built with support from the Illinois-based Argonne National Laboratory in service of an agreement signed between the U.S. and Ukraine at the 2010 Nuclear Security Summit in Washington, D.C. The U.S. invested $73 million in the project, which promised that the Kharkiv Institute of Physics and Technology would be "given the opportunity to build state-of-the-art technology in nuclear research that will contribute to "solving problems of nuclear power industry and extending technical lifetime of nuclear power plants,'" according to a report from the European Union Non-Proliferation Consortium.

America's National Security Agency (NSA) released a new report "that gives all organizations the most current advice on how to protect their IT network infrastructures from cyberattacks," writes ZDNet: NSA's report 'Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance' is available freely for all network admins and CIOs to bolster their networks from state-sponsored and criminal cyberattacks. The report covers network design, device passwords and password management, remote logging and administration, security updates, key exchange algorithms, and important protocols such as Network Time Protocol, SSH, HTTP, and Simple Network Management Protocol (SNMP).

The U.S. Cybersecurity and Infrastructure Security Agency is encouraging tech leaders to view the NSA document as part of its new push for all organizations in the US and elsewhere to raise defenses after the recent disk wiper malware targeting Ukrainian organizations. The document, from NSA's cybersecurity directorate, encourages the adoption of 'zero trust' networks....

The new report follows NSA's guidance to help people and organizations choose virtual private networks (VPN). VPN hardware for securing connections between remote workers to corporate networks became a prime target during the pandemic.
Thanks to long-time Slashdot reader Klaxton for sharing the link!

America's power grid consists of 3,000 public and private sector power companies, with 55,000 substations scattered across the country. On the CBS News show 60 Minutes, reporter Bill Whitaker notes that each grid hold grid-powering transformers — then tells the story of "the most serious attack on our power grid in history" on the night of April 16, 2013: For 20 minutes, gunmen methodically fired at high voltage transformers at the Metcalf Power substation. Security cameras captured bullets hitting the chain link fence.

Jon Wellinghoff: They knew what they were doing. They had a specific objective. They wanted to knock out the substation.

At the time, Jon Wellinghoff was chairman of FERC, the Federal Energy Regulatory Commission, a small government agency with jurisdiction over the U.S. high voltage transmission system.... [T]he attackers had reconnoitered the site and marked firing positions with piles of rocks. That night they broke into two underground vaults and cut off communications coming from the substation.

Jon Wellinghoff: Then they went from these vaults, across this road, over into a pasture area here. There were at least four or five different firing positions.

Bill Whitaker: No real security?

Jon Wellinghoff: There was no security at all, really.

They aimed at the narrow cooling fins, causing 17 of 21 large transformers to overheat and stop working.

Jon Wellinghoff: They hit them 90 times, so they were very accurate. And they were doing this at night, with muzzle flash in their face.

Someone outside the plant heard gunfire and called 911. The gunmen disappeared without a trace about a minute before a patrol car arrived. The substation was down for weeks, but fortunately PG&E had enough time to reroute power and avoid disaster.

Bill Whitaker: If they had succeeded, what would've happened?

Jon Wellinghoff: Could've brought down all of Silicon Valley.

Bill Whitaker: We're talking Google, Apple; all these guys--

Jon Wellinghoff: Yes, yes. That's correct.

Bill Whitaker: Who do you think this could have been?

Jon Wellinghoff: I don't know. We don't know if they were a nation state. We don't know if they were domestic actors. But it was somebody who did have competent people who could in fact plan out this kind of a very sophisticated attack....

A few months before the assault on Metcalf, Jon Wellinghoff of FERC commissioned a study to see if a physical attack on critical transformers could trigger cascading blackouts... The report was leaked to the Wall Street Journal. It found the U.S. could suffer a coast-to-coast blackout if saboteurs knocked out just nine substations....

In 2016, an eco terrorist in Utah shot up a large transformer, triggering a blackout. He said he'd planned to hit five substations in one day to shut down the West Coast. In 2020, the FBI uncovered a white supremacist plot called "lights out" to simultaneously attack substations around the country.
While the threats can also come from the internet, America's deputy national security advisor for cyber (formerly at the NSA) tells the reporter "We've taken any information we have about malicious software or tactics that the Russian government has used, shared that with the private sector with very practical advice of how to protect against it."

The reporter later spoke to the president's homeland security advisor, who points out there's no specific national regulation for the power plants, arguing that one of the system's strengths is "the resources for energy are different in different regions."

But they also acknowledged the federal government is now setting standards "in a variety of arenas."

An anonymous reader quotes a report from Motherboard: A Chinese cybersecurity company accused the NSA of being behind a hacking tool used for ten years in a report published on Wednesday. The report from Pangu Lab delves into malware that its researchers first encountered in 2013 during an investigation into a hack against "a key domestic department." At the time, the researchers couldn't figure out who was behind the hack, but then, thanks to leaked NSA data about the hacking group Equation Group -- widely believed to be the NSA -- released by the mysterious group Shadow Brokers and by the German magazine Der Spiegel, they connected the dots and realized it was made by the NSA, according to the report.

"The Equation Group is the world's leading cyber-attack group and is generally believed to be affiliated with the National Security Agency of the United States. Judging from the attack tools related to the organization, including Bvp47, Equation group is indeed a first-class hacking group," the report read, referring to the name of the tool the researchers found. "The tool is well-designed, powerful, and widely adapted. Its network attack capability equipped by 0day vulnerabilities was unstoppable, and its data acquisition under covert control was with little effort. The Equation Group is in a dominant position in national-level cyberspace confrontation." Further Reading: Anatomy of Top-Tier Suspected NSA Backdoor Code (The Register)

Hackers backed by the Russian government have breached the networks of multiple US defense contractors in a sustained campaign that has revealed sensitive information about US weapons-development communications infrastructure, the federal government said on Wednesday. Wired reports: The campaign began no later than January 2020 and has continued through this month, according to a joint advisory by the FBI, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency. The hackers have been targeting and successfully hacking cleared defense contractors, or CDCs, which support contracts for the US Department of Defense and intelligence community. "During this two-year period, these actors have maintained persistent access to multiple CDC networks, in some cases for at least six months," officials wrote in the advisory. "In instances when the actors have successfully obtained access, the FBI, NSA, and CISA have noted regular and recurring exfiltration of emails and data. For example, during a compromise in 2021, threat actors exfiltrated hundreds of documents related to the company's products, relationships with other countries, and internal personnel and legal matters."

The exfiltrated documents included unclassified CDC-proprietary and export-controlled information. This information gives the Russian government "significant insight" into US weapons-platforms development and deployment timelines, plans for communications infrastructure, and specific technologies being used by the US government and military. The documents also include unclassified emails among employees and their government customers discussing proprietary details about technological and scientific research.

The hackers have used a variety of methods to breach their targets. The methods include harvesting network passwords through spear phishing, data breaches, cracking techniques, and exploitation of unpatched software vulnerabilities. After gaining a toehold in a targeted network, the threat actors escalate their system rights by mapping the Active Directory and connecting to domain controllers. From there, they're able to exfiltrate credentials for all other accounts and create new accounts. The hackers make use of virtual private servers to encrypt their communications and hide their identities, the advisory added. They also use "small office and home office (SOHO) devices, as operational nodes to evade detection."

NSO Group's controversial Pegasus spyware should be banned in the European Union, the bloc's in-house privacy watchdog warned on Tuesday. From a report: "The ban on the development and the deployment of spyware with the capability of Pegasus in the EU would be the most effective option to protect our fundamental rights and freedoms," the European Data Protection Supervisor said in a statement on Tuesday. The warning comes amid increasing scrutiny of abuses of surveillance technologies meant to help intelligence and law enforcement agencies fight serious crime and terrorism. While the EU regulator doesn't make decisions for member countries, its influence at the top echelons of the bloc's institutions may encourage other authorities to crack down on surveillance software.