This week, Clearview app lets strangers find your information through Facial Recognition, Travelex begins reboot as VPN bug persists, ADP users hit by Phishing Scam, Exposed Telnet ports lead to over 500,000 IoT devices credentials stolen, and over 1000 local governments reported they were hit by ransomware in 2019! In the Expert Commentary, we welcome Jason Wood of Paladin Security, to talk about how the FBI is to inform election officials about hacking attempts!
Visit https://www.securityweekly.com/swn for all the latest episodes!
To learn more about our sponsors visit: The Security Weekly Sponsor’s Page
Telnet, ADP, Clearview, VPNs, and How The FBI Handles Hacking Attempts In The Election
- https://www.cnet.com/news/clearview-app-lets-strangers-find-your-name-info-with-snap-of-a-photo-report-says/?TheTime=2020-01-19T16:43:33&PostType=link&UniqueID=D501249A-3ADA-11EA-AC1F-E7DAC28169F1&ServiceType=facebook_page&ftag=COS-05-10aaa0a — AI Facial Recognition is coming for your children.
- https://www.cnet.com/news/facial-recognitions-accuracy-is-the-least-of-our-worries-lawmakers-say/ — Congress worries about AI and privacy but the Whitehouse not to worry.
- https://www.bbc.com/news/technology-51178198 — But Google says “We should worry”
- https://gizmodo.com/alphabet-ceo-sides-with-eu-on-facial-recognition-tech-m-1841119655 — Google says they support the EU’s plan to combat AI
- https://www.wired.com/story/white-house-favors-light-touch-regulating-ai/ — but the Whitehouse says not to worry too much and prevent innovation. What, me worry?
- https://www.washingtonpost.com/technology/2020/01/17/facebook-ordered-hand-over-data-about-thousands-apps-that-may-have-violated-user-privacy/ — at the same time Facebook loses round 127 in lawsuits over privacy leaks
- https://www.infosecurity-magazine.com/news/travelex-begins-reboot-as-vpn-bug/ — Travelex still can’t seem to get all their services back up after NYE ransomware attack
- https://www.darkreading.com/threat-intelligence/adp-users-hit-with-phishing-scam-ahead-of-tax-season/d/d-id/1336829 — Tax season brings phishing season screaming in
- https://www.teiss.co.uk/telnet-credentials-iot-exposed/ — Big surprise, telnet credentials are compromised.
- https://www.darkreading.com/cloud/mobile-banking-malware-up-50–in-first-half-of-2019/d/d-id/1336834 — and mobile banking malware really took off in 2019.
- https://www.darkreading.com/attacks-breaches/fbi-seizes-domain-that-sold-info-stolen-in-data-breaches/d/d-id/1336833 — The FBI seized weleadata.com domain
- https://www.heartland.org/news-opinion/news/local-governments-suffered-nearly-a-thousand-ransomware-attacks-report-finds — and almost 1000 local governments reported being hit with ransomeware in 2019
- https://www.trustnodes.com/2020/01/19/no-way-kevin-mitnick-is-satoshi-nakamoto?fbclid=IwAR3S-c_w3Ca2YYd-9xJiENzi4Hn_Tnn1QUQ9tkgac1R4hAIPQivgMTRYCrE — Kevin Mitnick is likely !Satoshi
- https://gizmodo.com/only-known-full-time-cybersecurity-director-working-for-1841030750 — and Mayor Pete’s CISO resigns amid creative security differences.
Expert Commentary: Jason Wood, Paladin Security
FBI to inform election officials about hacking attempts – Ok, not really actual attempts, but warnings of what may happen.
Yesterday, the Naked Security blog released an article titled “FBI to inform election officials about hacking attempts”, which sounds like a pretty good thing. The article is linked to the FBI’s press release, which is titled “FBI Announces New Policy for Notifying State and Local Election Officials of Cyber Intrusions Affecting Election Infrastructure”. All of this sounds like something that should have already been happening, but hey we will take any progress we can get. What caught me off guard about this was how would the FBI know about attacks that have occurred with any timeliness to help the election security officials?
It turns out that the policy change by the FBI isn’t exactly what the titles make it sound like. When I read the press released and blog post, it appears that the FBI is talking more about threat intelligence than it is about attacks that are occurring. The FBI’s press release states, “The FBI’s new policy recognizes the necessity of notifying responsible state and local officials of credible cyber threats to election infrastructure.” This indicates that the FBI would be telling state and local governments about plans being made by threat actors, hopefully, information about how the group operates, and perhaps even infrastructure used by these actors. It is possible that the FBI could decide to inform one state of attacks that have already occurred in another so that they can be aware of attacks that could target them.
How could this help the local election officials? To be honest, it depends on the details shared with them. A high-level notification that Russia may target a county in Arkansas isn’t very useful. Even if it is timely. There’s just nothing to go on that isn’t already in the news and there isn’t anything actionable for the county. If the notification includes information or at least links to tactics that a Russian group likes to use, then the county could start reviewing their security data for those tactics. The same goes for information about infrastructure. They could also look at creating alerts and prevention mechanisms for that information. Of course, the threat actor could change their infrastructure or even tactics, but the election has a pretty set window of attack. If election officials can get enough information to get through the election period, then it is a win.
The crucial bit in this policy directive will be in the actual implementation and how timely it is. First, the FBI will have to get to the right people at the local election organizations. That shouldn’t be insurmountable though since I’d bet an FBI agent calling an organization typically gets a more prompt response than your friendly neighborhood security group. The next is what information gets shared with the election officials and how timely it is. If the notification comes in two days after an election, it’s probably too late to be terribly useful. If the information is super high level, then it’s not useful no matter how timely it is.
There will be some tension within the FBI about providing notifications that are timely and detailed enough to be useful. One, they have no idea how the local elections officials will handle this information. Will someone start running network scans of operator infrastructure? Will they do their own press release about the data shared and cause the operator to create new infrastructure? Will FBI sources get burned and they lose access to new information? These are real concerns and will probably cause the FBI to hesitate over what information they share and when they will do so.
At the end of the day, this sounds like a common-sense idea that should be carried out. While I obviously have questions about how it will be performed, state and local election officials can probably use all the help they can get. Hopefully, it has the primary effect of limiting interference with elections and also has a secondary effect of assuring people that the election wasn’t stolen, influenced, or subverted by another country with their own agenda. If you would like to read more about this policy, the links are in the show notes.
- Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.