A Ukrainian group calling itself Cyber Hunta released emails October 28 from aides close to Vladimir Putin that show Russia heavily influencing the separatist movement in Ukraine. The incident could be reprisal by the United States for Russian political hacking, which would be big enough news on its own, but there was plenties more happening the coming week. The security community began intense debriefing in the wake of last week’s DDoS attack on the internet infrastructure company Dyn, which was powered largely by an Internet of Things botnet. It turns out that most of the devices used to mount the attack weren’t customer IoT devices in homes but enterprise products like webcams and DVRs built for commercial utilize. As everyone scrambles to figure out what to do about the sorry state of IoT security, some are looking to Internet Service Providers to help protect and shrink the existing population of vulnerable devices.
Speaking of sorry situations, WIRED published exclusive insights this week into last year’s disastrous Office of Personnel Management hack. Meanwhile, law enforcement used a audio cannon against pipeline protesters on Standing Rock Reservation in North Dakota( and updates were coming to the world from livestreams on social media ), the Clinton campaign wants states to get serious about reducing cyberbullying, and Trump has a disinformation campaign going to attain voters skeptical of the upcoming election results. Oh, and researchers are utilizing entirely mind-blowing physics hackers to take over Android phones. Whew.
But theres more! Each Saturday we round up the news tales that we didnt break or cover in depth but still deserve your attention. As always, click on the headlines to read the full tale in each connect posted. And remain safe out there.
On Thursday, a Ukrainian group calling itself Cyber Hunta released 1GB of emails from key aides close to Vladimir Putin that show Russia heavily influencing the separatist movement in Ukraine. Russia has denied involvement with that faction, which destabilized Ukraine and paved the style for the Russian takeover of Crimea, but the emails contradict the Kremlin’s official position. The email dump contained data downloaded directly from Russian aides’ Outlook accounts. Dedicated the Obama administration’s recent indications that it would retaliate in some way against Russia for its political hacking in the US, this new incident seems like it could be a alerting strike. The true nature of Cyber Hunta is not yet known, though, and a senior US intelligence official told NBC that the US” had no role” in the leak.
A hacker charged with stealing nude photos and other data from celebrities’ personal storage accounts in 2014 was sentenced to 18 months in prison the coming week. Ryan Collins, a 36 -year-old Pennsylvania resident, had pleaded guilty to felony charges in May. He admitted to phishing over 600 people–many, like Jennifer Lawrence and Rihanna, in the entertainment industry-to get their login credentials for different digital services. The Department of Justice tells that it does not have evidence that Collins leaked the data, but called his strategy “sophisticated” and said that he sometimes used speciality software to download all the data in victims’ Apple iCloud backups in one sweep. Collins also had a modeling scam that he used to convince people to send him nude photographs.
Many Critical Infrastructure Operations Still Use Unencrypted Beeper Messages to Manage Control Systems
New research from the security firm Trend Micro shows that many industrial operations still use wireless pagers to communicate commands to control systems. Nuclear power plant, HVAC companies, power generation stations, and chemical plants may be relying on unencrypted beeper messages to manage systems that control things like diagnostics, fire incidents, contamination, and pump flow rate. Unencrypted pager messages are inexpensive and easy to intercept, and Trend Micro analyzed more than 54 million of them.” We found that a disturbing amount of information that enterprises typically consider confidential can easily be obtained through unencrypted pager messages ,” the researchers wrote.
In 2013 The New York Times did some reporting about an AT& T program called Project Hemisphere that compiled vast troves of customer communication data, which the company then made available to federal and local narcotic enforcement officials. The Times said the database, which contains decades of call records, was available to law enforcement for narcotic lawsuits with a subpoena as part of a “partnership.” But new reporting from the Daily Beast based on internal AT& T documentation reframes Project Hemisphere as a product that the telecom has been peddling broadly to government agencies for millions of dollars a year. Accessing the database doesn’t require a warrant and dedicates officials access to trillions of call records, who are capable of establish where a person was located during a call and who they were speaking to. The Beast reports that AT& T asked officials to promise that they wouldn’t uncover anything about Project Hemisphere to the public. The situation calls to mind the 2013 revelations about the National Security Agency’s own bulk bellow surveillance, but in fact AT& T has records dating back longer than the NSA did.
Bitcoin improves anonymity is comparable to, tell, charge card, but on Friday, a new blockchain-based currency launched that have committed themselves to take the incognito mode a step further. ZCash combinations blockchain with cryptographic principles that the company tells let transactions to be done without a record on the ledger of which billfolds sent and received currency. The system will only record that a transaction occurred. The promise of extreme privacy has buoyed ZCash futures. Mining for the currency began on Friday and the company distributed some ZCash to its investors. The original research underlying ZCash came from work in 2013 at the Johns Hopkins University applied cryptography lab led by Matthew Green. According to IEEE Spectrum, researchers say that the work underlying ZCash is very robust and sophisticated, but caution that because of its intricacy there hasn’t been hour yet for thorough independent vetting.