Welcome to European Tribune. It's gone a bit quiet around here these days, but it's still going.

The Boomerang In Cyber Warfare

by Oui Sat Dec 19th, 2020 at 10:17:23 AM EST

Meanwhile inside the White House, candles are burning late ...


SolarWinds Hack: How Sunburst Hackers Infiltrated Highest Levels of US Government

What neither SolarWinds nor the IT workers knew was that the new version of the software was laced with a malicious form of malware that would grant hackers "god-view" access to any infected networks.

The hack, known as Sunburst, may have happened in the spring but the groundwork for the attack most likely began much earlier. In order to booby-trap the pop-up, the hackers first needed to gain access to SolarWinds' computer systems.

In a security advisory published this week, SolarWinds described it as a "very sophisticated" attack that "could potentially allow an attacker to compromise the server" of the victims, meaning sensitive information would have already been exposed.

It is expected to take months to uncover the full extent of the attack, with forensic investigations aiming to figure out which emails, files and other data were accessed, and whether they were copied or transmitted to other systems.

Microsoft identifies AT LEAST 40 government agencies and companies targeted in 'nine-month long Russian' hack that breached US nuclear agencies and warns it will rise 'substantially' - as feds say attack poses 'grave threat'

⭕️ the stated "Russian" hack is disputed, no evidence yet

Suspected Russian hack: Was it an epic cyber attack or spy operation?

So what's new? What the West introduced can be returned like an Aussie boomerang ... Russian scientists may lack applications, their theoretical level is unmatched.

Applying Irregular Warfare Principles to Cyber Warfare

Display:
and whether they were copied or transmitted to other systems.

Assuming it was the Russians, how will they figure this out? Or are they admitting they can hack the Russian systems?

by gk (gk (gk quattro due due sette @gmail.com)) on Sat Dec 19th, 2020 at 10:29:29 AM EST
Firewall connection logging, maybe
by asdf on Sat Dec 19th, 2020 at 06:41:54 PM EST
[ Parent ]

Row explodes between Pentagon, Biden transition team | Defense News |

Pentagon needs 14 days break to put logistics in place to battle SARS Covid-02 virus in ...
IRAN! 😷

I have no trust in Trump & Co over the Xmas holidays. 😡

by Oui on Sat Dec 19th, 2020 at 12:51:56 PM EST
Apparently the proximate breach occurred at SolorWind.

Microsoft president calls SolarWinds hack an "act of recklessness"

SolarWinds is the maker of a nearly ubiquitous network management tool called Orion. A surprisingly large percentage of the world's enterprise networks run it. Hackers backed by a nation-state--two US senators who received private briefings say it was Russia--managed to take over SolarWinds' software build system and push a security update infused with a backdoor. SolarWinds said about 18,000 users downloaded the malicious update.

"A software build system" is the code and procedures to turn the code into a functioning program.  

How they managed to penetrate and subvert the build system is, AFAIK, unknown.  

She believed in nothing; only her skepticism kept her from being an atheist. -- Jean-Paul Sartre

by ATinNM on Sat Dec 19th, 2020 at 04:29:57 PM EST
It doesn't help that their FTP password was apparently available on their Github repository:

We're not saying this is how SolarWinds was backdoored, but its FTP password 'leaked on GitHub in plaintext'

Vinoth Kumar, a security researcher, claimed on Tuesday he had made such a report to SolarWinds last November, warning that it could be used to upload files to the server. The password he said he found, in plaintext for all to see, is a textbook example of a weak password that never should have been allowed.

In a message to The Register, Kumar said that on November 19, 2019, he told SolarWinds "their update server was accessible with the password 'solarwinds123' which is leaking in the public Github repo. They fixed the issue and replied to me on [November 22]."


by Bernard on Sat Dec 19th, 2020 at 09:18:31 PM EST
[ Parent ]
I'd call it "human error" if stupidity like that wasn't bog standard across the gamut of SillyCon Valley TechBro-dom.


She believed in nothing; only her skepticism kept her from being an atheist. -- Jean-Paul Sartre
by ATinNM on Sun Dec 20th, 2020 at 03:59:02 PM EST
[ Parent ]
by Oui on Sat Dec 19th, 2020 at 08:23:48 PM EST
Self-Delusion on the Russia Hack

As the news about Russia's broad digital espionage operation against the U.S. Defense, Treasury, and Commerce Departments, nuclear laboratories, and other governmental systems grows more ominous, prominent voices are calling for a vigorous response.

"[A]ll elements of national power," including military power, "must be placed on the table," proclaimed Thomas Bossert, the former senior cybersecurity adviser in the Trump administration, in a New York Times op-ed. The United States must "reserve [its] right to unilateral self-defense," and "allies must be rallied to the cause" since such coalitions will be "important to punishing Russia and navigating this crisis without uncontrolled escalation." Sen. Richard Durbin had a similar but pithier assessment: "This is virtually a declaration of war by Russia on the United States."

by Oui on Sat Dec 19th, 2020 at 08:27:05 PM EST
... it's China, sez Very Stable Genius:

Trump Contradicts Own Administration While Downplaying Massive Cyber Attack

In a tweet thread, Trump not only called into question Pompeo's assessment but also falsely claimed that it was the media making something out of nothing.

"The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!)," the president wrote.

Are we supposed to act surprised?

by Bernard on Sat Dec 19th, 2020 at 09:27:53 PM EST

Israeli Police State Has Backdoor ISP Access to Every Citizen and Website, Cellebrite Claims to Break Signal App Encryption

Pegasus Spyware

Black-Ops Mercenaries On the Internet

Israel's Verint and Dutch Wiretap Champion

Dutch Are Champs with 42k Internet/Phone Taps

by Oui on Mon Dec 21st, 2020 at 11:04:25 AM EST
Want to know the most common cell phone passwords?

1234
1111
0000
1212
7777
1004
2000
4444
2222
6969
9999
3333
5555
6666
1122
1313
8888
4321
2001
1010

26% of cell phones can be hacked using one of these.  Once the phone is hacked people can go in and attach spyware to messages.  Other people see a message from a trusted friend, open the message, and now their phone is hacked.  They send a message to their friends and now THOSE phones are hacked.

She believed in nothing; only her skepticism kept her from being an atheist. -- Jean-Paul Sartre

by ATinNM on Mon Dec 21st, 2020 at 05:25:37 PM EST
[ Parent ]
So if you use 2345 you're safe.
by gk (gk (gk quattro due due sette @gmail.com)) on Mon Dec 21st, 2020 at 07:43:46 PM EST
[ Parent ]
FaceID on the new iPhones works amazingly fast. Very amazingly. The point where you wonder what the false positive rate it.
by asdf on Tue Dec 22nd, 2020 at 10:59:06 PM EST
[ Parent ]
by Oui on Tue Dec 22nd, 2020 at 02:36:07 PM EST
[ Parent ]
by Oui on Wed Dec 23rd, 2020 at 10:59:00 AM EST
[ Parent ]
by Oui on Fri Dec 25th, 2020 at 08:15:16 PM EST
[ Parent ]
Trump honored as Peacemaker 🎭 of ME through envoy Jared Kushner, family friend of alleged criminal Bibi Netanyahu 🔥🔥

by Oui on Mon Dec 21st, 2020 at 08:05:02 PM EST

.... could inspire change across all of the Middle East of rightwing dictatorships and outright authoritarian regimes.

Unrest in Libya, Lebanon, Syria where Neocon inspired revolts took place ... Egypt, Sudan, Turkey, Israel, Emirates, Kuwait, Bahrain, Saudi Arabia ... nations responsible for supporting cut-throat jihadists in Libya, Syria, Sahel and Yemen.

Trump claiming a "Mission Accomplished" moment for Middle-East peace.

by Oui on Mon Dec 21st, 2020 at 08:26:32 PM EST
[ Parent ]
by Oui on Tue Dec 22nd, 2020 at 04:39:43 PM EST
[ Parent ]
by Oui on Tue Dec 22nd, 2020 at 07:14:23 PM EST
[ Parent ]
Microsoft Denounces NSO Group as 21st Century Cyber-Mercenary, Its New "Zero-Click" Exploit Targets Al Jazeera

It in uncharacteristic of me to praise any technology executive or company.  In fact, I have often criticized such companies and their policies here. But Microsoft president, Brad Smith, deserves such credit. He published a landmark essay which laid down a marker for all other technology companies.  It called out cyber-hacking as a global evil that must be addressed both in the United State and around the world.  It called for states to join together to thwart such cyber-attacks, and legislate companies which profit from them out of business.. It is clarion-call for reform of U.S. cyber-security laws and a global effort to confront the cyber-hacking. I'm especially highlighting the portions relevant to the Israeli cyber-hacking company, NSO Group, which is the biggest player in this field ...  

The Kingdom Came to Canada: How Saudi-Linked Digital Espionage Reached Canadian Soil  | Citizens Lab |

In this report, we describe how Canadian permanent resident and Saudi dissident Omar Abdulaziz was targeted with a fake package delivery notification. We assess with high confidence that Abdulaziz's phone was infected with NSO's Pegasus spyware. We attribute this infection to a Pegasus operator linked to Saudi Arabia.

by Oui on Wed Dec 23rd, 2020 at 08:24:37 AM EST
MicroSoft could make giant steps against hacking if they cleaned-up their insecure software.  


She believed in nothing; only her skepticism kept her from being an atheist. -- Jean-Paul Sartre
by ATinNM on Wed Dec 23rd, 2020 at 11:19:58 PM EST
[ Parent ]
Backdoors had been designed at the request of the NSA for decades ... same provision by Big Blue and their large main frames in the 1980s. Spying is fun ... except when the tables are turned.
by Oui on Wed Dec 23rd, 2020 at 11:59:50 PM EST
[ Parent ]
I know.

The reason for the Internet's laughably weak encryption specification is due to the NSA insistence.  

She believed in nothing; only her skepticism kept her from being an atheist. -- Jean-Paul Sartre

by ATinNM on Thu Dec 24th, 2020 at 04:47:53 PM EST
[ Parent ]
The Internet was built on Darpanet and so has been per NSA specs from the start.
by rifek on Tue Dec 29th, 2020 at 11:59:57 PM EST
[ Parent ]
When the protocols were being discussed in SillyCon Valley in the 80s some of us argued the security needed to be beefed-up, especially the crypto spec.  We also argued against allowing external access to program memory based on our experiences with the BBS in the mid-to-late 70s.  

We lost.

Won't find most of this in the logs because not every discussion at the Wagon Wheel made it into permanent record.  

She believed in nothing; only her skepticism kept her from being an atheist. -- Jean-Paul Sartre

by ATinNM on Wed Dec 30th, 2020 at 04:55:22 PM EST
[ Parent ]
Cyber Mercenaries Don't Deserve Immunity

A growing industry of companies called private-sector offensive actors - or PSOAs - is creating and selling cyberweapons that enable their customers to break into people's computers, phones and internet-connected devices. Now, one of these 21st-century mercenaries, called the NSO Group, is attempting to cloak itself in the legal immunity afforded its government customers, which would shield it from accountability when its weapons inflict harm on innocent people and businesses. The firm also contributes to the urgent cybersecurity challenges discussed by our president Brad Smith last week. We believe the NSO Group's business model is dangerous and that such immunity would enable it and other PSOAs to continue their dangerous business without legal rules, responsibilities or repercussions. That's why today we filed an amicus brief- along with Cisco, GitHub, Google, LinkedIn, VMWare and the Internet Association - in a legal case brought by WhatsApp against the NSO Group.

The NSO Group sold governments a program called Pegasus, which could be installed on a device simply by calling the device via WhatsApp; the device's owner did not even have to answer. According to WhatsApp, the NSO Group used Pegasus to access more than 1,400 mobile devices, including those belonging to journalists and human rights defenders. We believe companies like NSO Group selling tools like Pegasus are concerning for three reasons.

First, their presence increases the risk that the weapons they create fall into the wrong hands. Previously, sophisticated nation-state hacking capabilities resided in a small number of governments with well-funded agencies focused on developing these weapons. Even then, government-created espionage tools got into the hands of other governments who used them in attacks like WannaCry and NotPetya that spread like wildfire beyond the targeted victims and ultimately devastated lives and disrupted businesses around the world. Lowering the barrier for access to these weapons would guarantee that such catastrophes would be repeated.

Even if the tools are sold to governments who use them for narrowly targeted attacks, there are a variety of ways they can still fall into the wrong hands. For example, private actors like the NSO Group and their less sophisticated customers may lack the defenses some governments use to protect the weapons, making them more susceptible to cyber-theft. For example, an Italian company called Hacking Team - one of NSO's competitors - was itself hacked in 2015. Additionally, targets of these weapons can observe, reverse-engineer and then use these tools for their own purposes.

by Oui on Wed Dec 23rd, 2020 at 08:27:49 AM EST
by Oui on Wed Dec 23rd, 2020 at 08:28:27 AM EST

Westbridge Technologies Inc. - Bethesda Md

Contact: Omri Lavie
Est. 2014

NAICS Codes for US Gov. contracts

Omri Lavie is a co-founder of Israeli NSO-Group.

That's NSO Group, the controversial Israeli cyber-intelligence firm that spies on journalists and politicians

With respect to Spain, the research center of the University of Toronto Citizen Lab has warned that NSO has sold the software Pegasus with which the mobile phone of the president of the Parliament of Catalonia, Roger Torrent, was spied on, as well as that of Ernest Maragall and other personalities of the Catalan independence movement.

by Oui on Thu Dec 31st, 2020 at 08:23:24 AM EST
by Oui on Thu Dec 31st, 2020 at 08:31:03 AM EST
by Oui on Thu Dec 31st, 2020 at 08:33:41 AM EST
by Oui on Sun Jan 3rd, 2021 at 09:17:35 PM EST
by Oui on Mon Jan 4th, 2021 at 09:20:17 AM EST

Julian Assange will not be extradited to the US on espionage charges | SMH |

by Oui on Mon Jan 4th, 2021 at 11:17:07 AM EST
by Oui on Mon Jan 4th, 2021 at 11:26:02 AM EST
[ Parent ]
by Oui on Mon Jan 4th, 2021 at 11:13:50 PM EST
[ Parent ]


Display:
Go to: [ European Tribune Homepage : Top of page : Top of comments ]

Top Diaries