95733801
submission
chicksdaddy writes:
Why are all those DJI Drones so cheap? The Department of Homeland Security has one terrifying explanation: they're being dumped on the US market in part to conduct surveillance on US critical infrastructure and industry for use by the Chinese government — including use in future attacks, The Security Ledger reports.
DHS issued a bulletin in August that commercial drones made by the China-based firm Da Jian Innovations (DJI) may be providing “U.S. critical infrastructure and law enforcement data” to the Chinese government and favored industries in that country, according to a copy of an August, 2017 Intelligence Bulletin (https://info.publicintelligence.net/ICE-DJI-China.pdf) published by the website Public Intelligence.
The report cites an unnamed sources in Immigration and Customs Enforcement, the US Army and local law enforcement, as well as an unnamed “source within the unmanned aerial systems (UAS) industry” saying that DJI is providing U.S. critical infrastructure and law enforcement data to the Chinese government. The company is also “selectively targeting government and privately owned entities within these sectors to expand its ability to collect and exploit sensitive U.S. data.” The data could help the Chinese government “coordinate physical or cyber attacks against critical sites” and appears to have been used to aid Chinese companies looking to invest in the US assets like vineyards, DHS warned.
Among the allegations in the report: that, starting in 2015, DJI slashed the prices on its Category One (small) drones by up to 70% and began dumping them on the US market. Drones that previously cost upwards of $3,000 were sold for $900 by DJI, effectively pushing French and US competitors like Parrot and Yuneec of the US out of business. Within a year, DJI drone imports to the US tripled from 2,873 in 2016 to 10,321 in 2017.
At the same time, the company began aggressively targeting executives in industries like electricity and transportation, as well as critical sectors like water. Executives at key firms received invitations to multi-day DJI sponsored symposia and test facilities in Silicon Valley to push commercial applications of the drone technology.
But investing in DJI technology may be a short-term solution with long-term costs. The bulletin related the experience of a large family owned wine producer in California who purchased DJI UAS technology to survey its vineyards and monitor grape production, using a drone-mounted infrared scanner capable of calculating nitrogen levels of plants. “Soon afterwards, Chinese companies began purchasing vineyards in the same
area.
According to the report, Chinese firms purchasing vineyards in California were able to use DJI data to their own benefit and profit. DHS warns that use of the same technology with cash crops “could allow China the opportunity to influence the cash crop market and futures.” The source of that information was an Immigration and Customs Enforcement (ICE) official.
95275675
submission
chicksdaddy writes:
China's national vulnerability database does a better job disclosing information on software security holesexcept when those holes are being used in targeted attacks by Chinese APT groups. That, according to a report out Thursday by the firm Recorded Future.(https://www.recordedfuture.com/chinese-mss-vulnerability-influence/)
Disclosure of vulnerabilities associated with malicious software used by China-affiliated advanced persistent threat (APT) groups were delayed considerably compared to disclosure of the same hole in the U.S. National Vulnerability Database (NVD). However, low severity vulnerabilities that were not used in offensive cyber operations were more likely to be disclosed on China’s national vulnerability database (CNNVD) before or at the same time as disclosure on the US NVD.
“High-threat vulnerabilities were consistently published substantially later (anywhere from 21 to 156 days later) than low-threat vulnerabilities,” Recorded Future found. In fact, NVD beat CNNVD in publishing information on 97 percent of the vulnerabilities commonly exploited by malware linked to Chinese APT groups. Statistically, the probability that NVD would beat CNNVD to publication for that big a share of CVEs is incredibly small — less than .00001 percent, Recorded Future said.
Their conclusion? “We believe CNNVD publication was likely delayed by the (Chinese Ministry of State Security) because Chinese APT groups were actively exploiting those vulnerabilities.”
95144227
submission
chicksdaddy writes:
North Korean hackers have stepped up their attacks on U.S. defense contractors in an apparent effort to gain intelligence on weapon systems and other assets that might be used against the country in an armed conflict with the United States and its allies, The Security Ledger is reporting. (https://securityledger.wpengine.com/2017/11/exclusive-eye-weapons-systems-north-korean-hackers-target-us-defense-contractors/)
Security experts and defense industry personnel interviewed by The Security Ledger say that probes and attacks by hacking groups known to be associated with the government of the Democratic People’s Republic of Korea (DPRK) have increased markedly as hostilities between that country and the United States have ratcheted up in the last year. The hacking attempts seem to be aimed at gaining access to intellectual property belonging to the companies, including weapons systems deployed on the Korean peninsula.
“As the situation between the DPRK and the US has become more tense, we’ve definitely seen an increase in number of probe attempts from cyber actors coming out of the DPRK,” an official at an aerospace and defense firm told Security Ledger. The so-called “probes” were targeting the company’s administrative network and included spear phishing attacks via email and other channels. The goal was to compromise computers on the corporate network.
According to the official, the attackers were not able to penetrate a separate and more secure network on which the company stores information on its weapons systems and other sensitive information. He asked that his name and his company’s name not be mentioned because he did not have permission to speak about the matter publicly.
So far, the attacks have targeted "weakest links" within the firms, such as Human Resources personnel and general inquiry mailboxes, rather than targeting technical staff directly. However, experts who follow the DPRK's fast evolving cyber capabilities say that the country may have more up their sleeve.
“Their first modus operandi would be data gathering – figuring out what the threat is and what the capabilities of the system are,” Priscilla Moriuchi the Director of Strategic Threat Development at the firm Recorded Future told The Security Ledger. Subsequent campaigns might attempt to achieve more subtle aims, such as influencing the performance of the weapons system in the event of a conflict. “They might try to influence the development of the system using a supply chain attack,” Moriuchi said.
In past attacks, North Korean hackers have been bent more on destruction than supply chain attacks or the kinds of intellectual property transfers typically associated with China. But that is changing. In recent weeks, for example, North Korean hackers are believed to have broken into a shipyard operated by the firm Daewoo and stolen plans for naval technologies including 60 “classified documents including blueprints and technical data for submarines and vessels equipped with Aegis weapon systems” according to a report by The Wall Street Journal. (https://www.wsj.com/articles/north-korean-hackers-stole-submarine-secrets-from-daewoo-lawmaker-says-1509447847)
95119725
submission
chicksdaddy writes:
The Security Ledger reports (https://securityledger.wpengine.com/2017/11/equifax-says-breach-cost-87m/) that Equifax has finally put a number on the cost of a breach that affected some 140 million individuals: $87.5 million.
The disclosure, made as part of the company’s quarterly filing (http://secfilings.com/searchresultswide.aspx?link=1&filingid=12372543) with the US Securities and Exchange Commission, is the first public disclosure of the direct costs of the incident, which saw the company’s stock price plunge by more than 30% and wiped out billions of dollars in value to shareholders.
Around $55.5m of the $87.5m in breach related costs stems from product costs — mostly credit monitoring services that it is being offering to affected individuals. Professional fees added up to another $17.1m for Equifax and consumer support costs totaled $14.9m, the company said.
Equifax also said it has spent $27.3 million of pretax expenses stemming from the cost of investigating and remediating the hack to Equifax’s internal network as well as legal and other professional expenses.
The costs are likely to continue. Equifax is estimating costs of $56 million to $110 million in “contingent liability” in the form of free credit monitoring and identity theft protection to all U.S. consumers as a good will gesture. The costs provided by Equifax are an estimate of the expenses necessary to provide this service to those who have signed up or will sign up by the January 31, 2018 deadline. So far, however, the company has only incurred $4.7 million through the end of September.
Among the risk factors the company cited going forward were the "impact of the cybersecurity incident and the resulting government investigations, litigation and other impacts on our business and results of operations."
95038977
submission
chicksdaddy writes:
The security firm Volexity reported on Monday (https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/) that it uncovered a massive campaign of digital surveillance and web-based attacks directed at ASEAN and other civil society groups in Vietnam, Cambodia and other countries, including ASEAN, the Association of Southeast Asian Nations. (http://asean.org/asean/asean-member-states/)
Volexity researchers discovered malicious code lurking on main website for ASEAN and more than 80 other websites, many belonging to small media, human rights and civil society organizations, as well as individuals who had been critical of the Vietnamese government. The malicious code allowed the hacking group, dubbed OceanLotus, to track, profile and target visitors to the websites, Volexity said.
OceanLotus is believed to be an Advanced Persistent Threat (or APT) group, also known as APT 32, that appears to be operating out of Vietnam. And, while that country is not typically listed among the top producers of offensive cyber campaigns, Volexity said OceanLotus “has rapidly advanced its capabilities and is now one of the more sophisticated APT actors currently in operation.”
94931771
submission
chicksdaddy writes:
If you want to understand the ground shaking change that the EU's General Data Protection Rule (GDPR) will have when it comes into force in May of 2018, look no further than hotel giant Hilton Domestic Operating Company, Inc., formerly known as Hilton Worldwide, Inc. a.k.a. “Hilton.”)
On Tuesday, the New York Attorney General Eric T. Schneiderman slapped a $700,000 fine on the hotel giant for two, 2015 incidents in which the company was hacked, spilling credit card and other information for 350,000 customers. (https://ag.ny.gov/press-release/ag-schneiderman-announces-700000-joint-settlement-hilton-after-data-breach-exposed)
Schneiderman also punished Hilton for its response to the incident. The company first learned in February 2015 that its customer data had been exposed through a UK based system belonging to the company, which was observed by a contractor communicating with “a suspicious computer outside Hilton’s computer network.” Still, it took Hilton until November 24, 2015 — over nine months after the first intrusion was discovered — to notify the public.
That kind of lackluster response has become pretty typical among Fortune 500 companies (see also: Equifax). And why not? The $700,000 fine from the NY AG is a palatable $2 per lost record — and a mere rounding error for Hilton, which reported revenues of $11.2 billion in 2015, the year of the breach. That means the $700,000 fine was just %.00006 of Hilton’s annual revenue in the year of the breach. Schneiderman's fine was less 'brining down the hammer' than a butterfly kiss for Hilton's C-suite, board and shareholders.
But things are going to be different for Hilton and other companies like it come May 2018 when provisions of the EU’s General Data Protection Rule (or GDPR) go into effect, as Digital Guardian points out on their blog. Under that new law, data “controllers” like Hilton (in other words: organizations that collect data on customers or employees) can be fined up to 4% of annual turnover in the year preceding the incident for failing to meet the law’s charge to protect that data. (http://www.eugdpr.org/)
What does that mean practically for a company like Hilton? Well, the company’s FY 2014 revenue (or “turnover”) was $10.5 billion. Four percent of that is a cool $420 million dollars — or $1,200, rather than $2, for every customer record lost. Needless to say, that’s a number that will get the attention of the company’s Board of Directors and shareholders.
94789529
submission
chicksdaddy writes:
The NotPetya malware infection shut down pharmaceutical giant Merck’s production of the pediatric vaccine GARDASIL last June, forcing the company to borrow the drug from a stockpile maintained by the U.S. Centers for Disease Control and Prevention to meet demand, The Security Ledger reports. (https://securityledger.com/2017/10/notpetya-infection-left-merck-short-key-vaccine-gardasil/)
The anecdote was contained in a quarterly filing by Merck with the U.S. Securities and Exchange Commission (SEC) on Friday (http://secfilings.com/searchresultswide.aspx?link=1&filingid=12342781). That filing also showed that the company continues to suffer financial fallout from the outbreak of the NotPetya malware in June, reducing both sales and revenue for the quarter by hundreds of millions of dollars.
In its quarterly 8-k filing, Merck said that revenue for the quarter was "unfavorably impacted" by around $135 million due to "lost sales in certain markets related to the cyber-attack." Sales in the third quarter of 2017 were also reduced by around $240 million, which Merck chalked up to production shutdowns resulting from NotPetya.
In a chilling insight into the extent of the disruption the malware caused to Merck's operations, the company disclosed that part of its quarterly losses were linked to the interruption of its production of GARDASIL, a vaccine used to prevent Human Papillomavirus (HPV) which is linked to certain cancers and other diseases. To make up for what it described as "overall higher demand than originally planned," Merck was forced to borrow the vaccine from a stockpile maintained by the U.S. Centers for Disease Control (CDC), the company said.
94754163
submission
chicksdaddy writes:
The Department of Homeland Security is warning (https://ics-cert.us-cert.gov/advisories/ICSA-17-285-04) about two, serious security holes in software that runs millions of embedded systems and could leave them open to remote hacks, The Security Ledger reports.
The MQX real time operating system (or RTOS) from the firm NXP Semiconductors (https://www.nxp.com/support/developer-resources/run-time-software/mqx-software-solutions/mqx-real-time-operating-system-rtos:MQXRTOS) is used by NXP ColdFire micro controllers, a common component of embedded devices including industrial control systems used in power plants and water treatment facilities, according to Billy Rios, the founder and CEO of the firm Whitescope. It is also the operating system used by a wide range of other micro controllers including Kinetis, i.MX processors, and Vybrid model processors.
Deral Heiland of the firm Rapid7 said that a classic buffer overflow flaw in the MQX DHCP client cited by DHS in its advisory is serious. Devices running vulnerable versions of MQX could only be remotely hacked if they were reachable by the public Internet and were listening for DHCP communications — a dangerous scenario, but not out of the question, Heiland said. Modern operating systems like Windows have built in protections against buffer overflows. But embedded devices typically have fewer protections. "You'd have to dig into the specifics of each processor to see if they have any protections like address space randomization, but they often don't exist in embedded devices," he said. That makes buffer overflows — an older class of attacks — quite potent on those devices.
The bigger danger, said Heiland, may be devices that are not publicly addressable, but that can serve as stepping stones or staging platforms for attackers who already have access to a sensitive corporate environment.
94540205
submission
chicksdaddy writes:
Large, tech savvy corporations recognize that the static password is dead. Still, they can't seem to stop using and relying on them. That's the conclusion of a panel discussion at the Akamai EDGE (https://edge.akamai.com) event in Las Vegas last week, where executives at some of the U.S.’s leading corporations, agreed that the much maligned password won’t be abandoned any time soon, even as data breaches and follow-on attacks like automated “credential stuffing” make passwords more susceptible than ever to abuse, The Security Ledger reports. (https://securityledger.com/2017/10/in-post-password-era-passwords-are-the-problem/)
“We reached the end of needing passwords maybe seven years ago, but we still use them,” said Steve Winterfeld, Director of Cybersecurity, at clothing retailer Nordstrom. “They’re still the primary layer of defense.” “It’s hard to kill them,” noted Shalini Mayor, who is a Senior Director at Visa Inc. “The question is what to replace them with.”
This, even though the cost of using passwords is high and getting higher, as sophisticated attacks attempt to compromise legitimate accounts using so-called “credential stuffing” techniques, which use automated password guessing attacks against web-based applications.
Large retailers and other vendors often perceive what Patrick Sullivan, the Director of Security Technology and Strategy at Akamai likened to a “disruption in the force” well before major breaches are disclosed as stolen credentials from those hacks are used to try to break into their own system. However, the sheer number of breaches make spotting the source of a particular leaked credential all but impossible.
Stronger and more reliable alternatives to passwords already exist, but the obstacles to using them are often prohibitive. Shalani said Visa is “looking at” biometric technologies like Apple’s TouchID as a tool for making payments securely. Such technologies – from fingerprint scans to facial and retinal scans – promise more secure and reliable factors than alphanumeric passwords, the executives agreed. But customers often resist the technologies or find them error prone or too difficult to use.
94327945
submission
chicksdaddy writes:
In a sign that things are going from bad to worse for Moscow-based antivirus software maker Kaspersky Lab, office supplies giant Office Depot, once one of the biggest sellers of Kaspersky Lab* antivirus software, is now offering to remove it from customers’ computers for free, the Security Ledger reports. (https://securityledger.com/2017/10/cold-war-special-office-depot-offers-free-kaspersky-lab-removal/)
The move is just the latest evidence of growing doubts about the security of the company’s antivirus software following reports that the U.S. Department of Homeland Security instructed federal agencies to abandon the software (https://www.nbcnews.com/news/us-news/dhs-orders-feds-dump-software-russia-linked-kaspersky-lab-n801071) and Congressional hearings focused on Kaspersky’s alleged ties to Russian intelligence planned for later in October. (http://www.reuters.com/article/us-usa-kaspersky-hearing/u-s-house-committee-calls-new-hearing-on-kaspersky-software-idUSKBN1CB2K6)
Signs on display at Office Depot and OfficeMax stores inform customers that “due to the recent news over Kaspersky Total Security software,” Office Depot and OfficeMax “will be providing FREE in store software removal.”
Office Depot spokeswoman Julianne Embry confirmed the program offering free Kaspersky software removals in an e-mail to The Security Ledger.
“As of September 14, Office Depot stopped selling the Kaspersky Total Security software. In addition, we feature in our Office Depot and OfficeMax stores a special offer for any customer who purchased this software, regardless of where it was purchased,” Embry wrote. Office Depot said it will install antivirus software from McAfee LiveSafe product for free to replace the Kaspersky and “perform a free diagnosis of their computer to make sure it is virus-free.” Ouch. The offer runs through November 4, Embry said.
94130569
submission
chicksdaddy writes:
The security firm that discovered the CCleaner attack thinks there may be other common applications that have been secretly compromised and used to gain access to corporate networks, The Security Ledger is reporting (https://securityledger.com/2017/09/firm-that-discovered-ccleaner-compromise-there-may-be-others/).
Engineers at the firm Morphisec (https://www.morphisec.com/) are going back over “false positives” reported by their customers to determine if any of those reports may have been evidence of compromises of other common applications like CCleaner, Chief Technology Officer Michael Gorelik told The Security Ledger. “It’s something we’re doing right now. We’re revalidating stuff that we caught within the last several months,” he said. While Gorelik declined to say whether they had found evidence that other, similar attacks had taken place, he said the initial findings of the investigation were “very interesting.”
“They’re very interesting events and when you go deeper they become more interesting,” he said. He said he was certain there were other so-called supply chain attacks like CCleaner, but declined to say whether his firm had uncovered evidence of other such attacks, in addition to CCleaner, that targeted Morphisec customers.
Morphisec makes an endpoint protection technology that prevents in-memory attacks, but doesn’t rely on malicious code “signatures” to work. He said his firm became aware of the CCleaner attack only after a manufacturing firm located in Singapore demanded an explanation of why its software was blocking a legitimate application, CCleaner. A subsequent investigation by Morphisec researchers led to discovery that the application had malicious code implanted prior to distribution to millions of individuals and companies globally.
The attackers who were behind the CCleaner operation compromised and modified the systems used to build the CCleaner application. Malicious software was inserted into an important Visual Studio runtime file that is bundled with the CCleaner application and that loads and runs on victim systems before the execution of the CCleaner software. The change went unnoticed and Piriform signed the compiled software, putting the company’s stamp of approval on the compromised code.
As many as 2 million copies of that update were shipped and 700,000 computers may have been hit with the first stage of the attack. A tiny handful of firms, many of them technology firms, were hit with a “second stage” attack that was much more sophisticated and that was aimed at stealing Intellectual property, according to Cisco Systems. Those included Cisco itself as well as Intel, Samsung, Sony and HTC.
Now the hunt is on to determine if other reports of "false positives" were actually real attacks that were being blocked. Gorelik said the work is a priority, but that his firm — a start up with 40 employees — has only so much time to do independent research while it works to stay on top of product development and customer support. "It's not very easy," he said. "We're a small company. "
93374703
submission
chicksdaddy writes:
Patch or hack? That's the question the FDA says that doctors and patients need to weigh before they apply a (now) FDA-approved patch from St. Jude Medical (Abbott) for six implantable pacemakers.
In a safety warning published on Tuesday (https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm), the FDA said that patients using any of six pacemaker and CRT-P (cardiac resynchronization therapy pacemaker) devices manufactured by St. Jude Medical should consider applying a software update to fix the security holes, some of which could cause harm to patients.
“Patients and their health care providers (should) discuss the risks and benefits of the cybersecurity vulnerabilities and the associated firmware update designed to address such vulnerabilities at their next regularly scheduled visit,” the FDA said.
The risks associated with applying the patch are low. Abbott and FDA said there is a .003 percent chance of "complete loss of device functionality" and a .161 percent chance that the device will lose its currently programmed device settings. However, the risks associated with hacking are also characterized as remote. In a letter to physicians (https://www.sjm.com/~/media/galaxy/hcp/resources-reimbursement/technical-resources/product-adviseries-archive/cybersecurity-pacemaker-firmware/pacemaker-firmware-update-doctor-letter-aug2017-us.pdf), Abbott — citing the Department of Homeland Security — said that only a "highly complex" attack could compromise the devices. However, that runs contrary to statements by the firm MedSec, which analyzed the St. Jude devices (https://securityledger.com/2016/08/the-big-short-alleged-security-flaws-fuel-bet-against-st-jude-medical/) and found that many attacks — though they would require physical proximity to the device — would not be difficult to carry out and could cause harm to patients.
So, who to believe?
93168181
submission
chicksdaddy writes:
Could cyber attacks have played a role in recent collisions between commercial vessels and the USS McCain and USS Fitzgerald? The short answer is 'yes,' The Security Ledger writes (https://securityledger.com/2017/08/analysis-there-is-both-means-and-motive-for-cyber-attacks-on-navy-vessels/).
While human error is still the leading candidate for the two incidents, which resulted in multiple fatalities and severe damage to the two ships, the means and motive to use cyber attacks to disable the two vessels exist, the article notes, citing a large body of private and public sector research on the security of maritime systems, as well as more recent reports of "in the wild" GPS spoofing attacks on merchant vessels. Among the notable instances:
A 2013 report from a research team at the University of Texas successfully “spoofed” an $80 million private yacht using a GPS spoofing device to send misleading information to crew about the boat’s position and movements in the water. (https://news.utexas.edu/2013/07/30/spoofing-a-superyacht-at-sea)
What is believed to be the first “in the wild” GPS spoofing attack (https://www.marad.dot.gov/msci/alert/2017/2017-005a-gps-interference-black-sea/). In June, the U.S. Maritime Administration has issued a safety alert about an incident in the Black Sea described as “GPS interference” but elsewhere as “an apparent mass and blatant, GPS spoofing attack involving over 20 vessels.” GPS was displaying the vessels as located more than 25 nautical miles from their actual location, but crew could find no problem with the operation of the GPS devices.(http://maritime-executive.com/editorials/mass-gps-spoofing-attack-in-black-sea) The US Maritime Administration advised ships to “exercise caution when transiting this area.”
Proof of concept attacks to spoof AIS – the Automatic Identification System- technology that is installed on hundreds of thousands of ships globally and that is used for everything from ship-to-ship and ship to port communication to collision avoidance. Researchers at the 2014 Black Hat Briefings demonstrated how AIS spoofing and hijacking could be used to generate false alarms, or delay actual alerting (https://www.blackhat.com/docs/asia-14/materials/Balduzzi/Asia-14-Balduzzi-AIS-Exposed-Understanding-Vulnerabilities-And-Attacks.pdf). The technology, which was designed with pre-Internet security in mind, is insecure both in how it is implemented and in the design of the underlying protocol, researchers concluded.
Persistent reports about shoddy and outdated software and applications deployed on commercial and naval vessels — even those of recent vintage.(http://www.telegraph.co.uk/news/2017/06/27/hms-queen-elizabeth-running-outdated-windows-xp-software-raising/)
As for motive, the article considers the motivations of two likely actors, given the location of the collisions: North Korea and China. For the former, the article notes that all four ships involved in collisions since January have been equipped with Aegis anti-ballistic missile technology, which would be used to shoot down a missile test (or live attack) from the DPRK. In the case of China, the government recently complained bitterly about the USS McCain's sojourns into what China considers its territorial waters near Mischief Reef — an artificial island built by China. (http://www.news.com.au/world/china-protests-challenges-us-warship-near-its-artificial-islands/news-story/43784e65f8ab6461cbfad7d5a748775e)
92877963
submission
chicksdaddy writes:
Do you think that shadowy Russian hackers are the biggest threat to the integrity of US elections? Think again. It turns out the bad actors in US elections may be a lot more "Senator Bedfellow" (https://en.wikipedia.org/wiki/Minor_characters_in_Bloom_County#Senator_Bedfellow) than "Fancy Bear," (https://www.crowdstrike.com/blog/who-is-fancy-bear/) according to Bev Harris, the founder of Black Box Voting. “It’s money,” Harris told The Security Ledger. (https://soundcloud.com/securityledger/episode-58-election-system-hacking-bev-harris-and-eric-hodge) “There’s one federal election every four years, but there are about 100,000 local elections which control hundreds of billions of dollars in contract signings.” Those range from waste disposal and sanitation to transportation.“There are 1,000 convictions every year for public corruption,” Harris says, citing Department of Justice statistics. “Its really not something that’s even rare in the United States.”
We just don't think that corruption is a problem, because we rarely see it manifested in the ways that most people associate with public corruption, like violence or having to pay bribes to receive promised services, Harris said. But it's still there.
How does the prevalence of public corruption touch election security? Exactly in the way you might think. “You don’t know at any given time if the people handling your votes are honest or not,” Harris said. “But you shouldn’t have to guess. There should be a way to check.”
And in the decentralized, poorly monitored U.S. elections system, there often isn't. At the root of our current problem isn’t (just) vulnerable equipment, it’s also a shoddy ‘chain of custody’ around votes, says Eric Hodge, the director of consulting at Cyber Scout, which is working with the Board of Elections in Kentucky and in other states to help secure elections systems. That includes where and how votes are collected, how they are moved and tabulated and then how they are handled after the fact, should citizens or officials want to review the results of an election. That lack of transparency leaves the election system vulnerable to manipulation and fraud, Harris and Hodge argue.
92724925
submission
chicksdaddy writes:
Hackers working on behalf of the government of Iran are using alluring social media profiles featuring a young, English photographer to entice and then compromise the systems of high value targets in the oil and gas industry, according to a report by Dell Secureworks.(https://www.secureworks.com/research/the-curious-case-of-mia-ash)
In a report released on Thursday, Secureworks’ Counter Threat Unit (CTU) said that it observed an extensive phishing campaign beginning in January and February 2017 that used a polished social media profile of a young, English woman using the name “Mia Ash” to conduct highly targeted spear-phishing and social engineering attacks against employees of Middle Eastern and North Africa firms in industries like telecommunications, government, defense, oil and financial services. The attacks are the work of an advanced persistent threat group dubbed COBALT GYPSY or “Oil Rig” that has been linked to other sophisticated attacks.
The attacks, which spread across platforms including LinkedIn and Facebook, as well as email, were highly successful. In some cases, the attacks lasted months – and long after the compromise of the employee – with the targets engaged in a flirtation with a woman they believed was a young, attractive female photographer.
The Mia Ash persona is a fake identity based loosely on a real person -a Romanian photographer and student who has posted her work prolifically online. (http://bittersweetvenom.deviantart.com/art/Growing-Orchids-327937251) According to this report by Security Ledger (https://securityledger.com/2017/07/operation-lonely-guy-iranians-use-alluring-profiles-to-phish-across-social-media/), the persona was created specifically with the goal of perform reconnaissance on and establishing relationships with employees of targeted organizations. Victims were targeted with the PupyRAT Trojan, an open source, cross-platform remote access trojan (RAT) used to take control of a victim’s system and harvest credentials like log ins and passwords from victims, and lured with malware laden documents such as "photography surveys" (really?). One target was even instructed to make sure to open the document from work because it will 'work better,' Secureworks said.
