Intelligent Connections. Recruiting Integrity.
Call Us: 415-510-2973

Archive for the News Category

Crypto AG Unmasked: CIA Spied on Governments For Decades

Crypto AG Unmasked: CIA Spied on Governments For Decades

A Swiss company thought to have sold among the most secure encryption products in the world was actually owned by US and German intelligence, allowing the CIA and BND to spy on allies and enemies around the world, it has emerged.

A new report from The Washington Post and Germany’s ZDF claims that Crypto AG, founded during the Second World War, struck a deal with the CIA in the 50s and then passed fully into the hands of US and German intelligence two decades later, before being wound up in 2018.

Internal reports about the operation, codenamed “Thesaurus” and then renamed “Rubicon” in the 80s, reportedly claim it was “the intelligence coup of the century.”

“Foreign governments were paying good money to the US and West Germany for the privilege of having their most secret communications read by at least two (and possibly as many as five or six) foreign countries,” the article claimed.

This “five or six” figure would seem to suggest that countries belonging to the Five Eyes intelligence sharing partnership also benefited. In fact, it is claimed that the UK was handed vital intelligence intercepted from the Argentinian military during the Falklands war.

The US was also able to monitor Iranian communications during the 1979 hostage siege and Libyan officials celebrating after terrorists exploded a bomb in a Berlin nightclub in 1984.

Then-President Ronald Reagan raised suspicions about Crypto AG after citing some of these Libyan communications publicly, but the rumors were never confirmed.

It is claimed the Americans didn’t request backdoors be inserted into the Crypto AG products, they simply made sure that the encryption itself was weak enough to crack fairly easily. When countries suspected something may be up, the US/Germany sent representatives like respected academic Kjell-Ove Widman to reassure governments that their products were the most secure in the world.

The revelations may raise new fears about the security or otherwise of platforms like Tor, which arose from a US Defense Department project, and of the potential for China to interfere with Huawei-built equipment.

Source: Information Security Magazine

Aflac to Open Global Cybersecurity Center in Belfast

Aflac to Open Global Cybersecurity Center in Belfast

A subsidiary of American insurance giant Aflac is to open a global IT and cybersecurity center in the Northern Irish capital city of Belfast. 

Aflac Northern Ireland signed a 10-year lease with Belfast Harbor on 11,000 sq ft of office space within the ongoing multi-million-dollar waterfront development City Quays. With the opening of the new center on regenerated dockland, Aflac Northern Ireland will create 130 jobs by 2023.

City Quays is currently being constructed on a 20-acre stretch of ex-shipping land in Belfast City Centre. Upon completion, the development will boast office spaces, leisure facilities, a four-star AC Hotel by Marriott Belfast, retail spaces, and multi-story parking. 

Aflac Northern Ireland is a subsidiary of Georgia-headquartered Aflac Incorporated, which provides supplemental health insurance to customers in the US and Japan. The company, which is ranked at 143 on the Fortune 500 list, announced plans to invest in Northern Ireland in October 2019.

Joe O’Neill, CEO of Belfast Harbor, welcomed Aflac's decision to site the new center at City Quays, which has already secured leading global law firm Baker McKenzie and the broadcasting organization ITV as tenants.

Baker McKenzie was the first tent to move into the office space within City Quays in June 2015. In 2018, the company leased an additional floor of space to accommodate its growing business. 

O'Neill said: "There are currently over 5,500 workers based in City Quays and Clarendon Dock, and our ambition is that City Quays on completion will accommodate 13,000 people living and working on Belfast’s waterfront."

Keith Farley, managing director and vice president of Aflac Northern Ireland, said: "City Quays offers an ideal location for technology innovation with its modern facilities and amenities."

Aflac's news comes just two weeks after Microsoft announced plans to establish a new cybersecurity center in Belfast. The IT giant's proposed facility is expected to create 85 new jobs.

Economy Minister Diane Dodd described Microsoft's decision to site the center in Belfast as "exciting and welcome news."

Dodd said: "Not only is it a direct result of the skills and talent available here, but it is also an indicator of the strength and vibrancy of the local IT sector, particularly in the field of cyber security."

Source: Information Security Magazine

White House Asks Congress for Largest IT Budget in History

White House Asks Congress for Largest IT Budget in History

President Donald Trump's fiscal 2021 budget includes the largest ever information technology funding request in United States history. 

The White House is asking Congress to approve IT funding of $92.1 billion, up from the $91.9 billion sought in 2020 and the $88.7 billion requested in 2019. By contrast, the amount of cash the president is seeking to spend on cybersecurity in 2021 dropped from the $18.79 billion he asked for in 2020 to $18.18 billion. 

According to the budget, funds secured for IT "will be used to deliver critical citizen services, keep sensitive data and systems secure, and to further the vision of modern Government."

Modernization is a key focus of the budget, with the administration revealing plans to replace highly customized, internally developed, and often single task–oriented systems that are costly to maintain and secure with "commercial off the shelf technologies that largely enable more efficient use of Federal technical resources."

The budget states: "The Administration continues to pursue its IT Modernization CAP Goal, with its three-pronged approach focusing on enhancing Federal IT and digital services, reducing cybersecurity risks to the Federal mission, and building a modern IT and cybersecurity workforce."

Federal chief information officer Suzette Kent said on Monday the IT budget was about "not only improving service, but saving money as well." 

Kent said: "You see investments in shared services continue that helps us save money across agencies on the modernization side. We will continue the savings as we consolidate data centers."

Another key policy identified in the budget is advancing automation, artificial intelligence (AI), and robotic process automation (RPA).

The budget states: "To maintain America’s AI advantage, federal agencies are to focus on two distinct areas. The first area of focus is internal—Federal use of AI to better achieve agency missions and serve citizens.

"The second focus area is external—including provision of data and related resources to support the private sector and academia in their efforts to harness AI. In both of these areas, the administration’s policies and strategies aim to accelerate AI innovation to increase our prosperity, enhance our national/economic security, and improve our quality of life."

Source: Information Security Magazine

China Denies Involvement in Equifax Hack

China Denies Involvement in Equifax Hack

The People's Republic of China (PRC) has denied any involvement in the Equifax hack that saw the personal data of nearly half of America's population exposed. 

Yesterday the United States' Department of Justice issued a nine-count indictment against four Chinese military personnel in connection with the cyber-attack, which took place from May to July 2017.

The US alleges that Wu Zhiyong (吴志勇), Wang Qian (王乾), Xu Ke (许可), and Liu Lei (刘磊), who are all members of the Chinese People's Liberation Army (PLA), conspired to access Equifax's computer systems. The defendants are accused of stealing trade secrets and the personal data of 145 million American citizens from the credit reporting agency. 

In a statement issued today from Beijing, PRC foreign ministry spokesperson Geng Shuang strongly denied that the Chinese military or government were responsible for this or any other cyber-attack. 

During a briefing, which was held over social media app WeChat to minimize the risks associated with the current outbreak of coronavirus in the PRC, Shuang wrote: "We firmly oppose and combat cyberattacks of any kind. China is a staunch defender of cybersecurity."

Shuang further denied that the theft of data from Equifax had been a state-sponsored initiative conducted with the backing of the PRC.

"The Chinese government, military and relevant personnel never engage in cyber-theft of trade secrets," wrote Shuang. 

According to Shuang, the same cannot be said of the United States, whom he accused of carrying out cyber-espionage activities on a grand scale. 

In the international diplomacy equivalent of the time-honored playground retort, "whoever smelt it, dealt it," Shuang portrayed America rather than China as the cyber-aggressor.

Shuang wrote: "It has long been an open secret that relevant departments in the US, in violation of international law and basic norms governing international relations, have been engaging in large-scale, organized and indiscriminate cyber stealing, spying and surveillance activities on foreign governments, enterprises and individuals."

Shuang went on to cite the cases of WikiLeaks and whistleblower Edward Snowden as examples of the "hypocrisy and double standards" being exercised by America when it came to cybersecurity. 

He added: "According to plenty of information that has been made public, US agencies have been engaging in cyber intrusion, surveillance and monitoring activities on foreign governments, institutions, enterprises, universities and individuals, including on its allies."

Source: Information Security Magazine

Year of the Catfish: 27% of Dating Site Users Scammed

Year of the Catfish: 27% of Dating Site Users Scammed

The UK banking industry is warning consumers not to fall victim to romance fraud, after revealing that over a quarter (27%) of dating website users have been scammed by fake personas over the past year.

Known as “catfishing,” these usually involve a fraudster posing as someone they’re not in order to gain the trust of those looking for love on a dating site.

Once they’ve ingratiated themselves, they typically will try to trick the victim into wiring them funds to deal with an ‘emergency,’ or even to become unwitting money mules.

Over a fifth (21%) of dating website users told UK Finance they have either been asked for money or have given money to someone that they met online. The average amount was £321, although in total £7.9m was lost to romance scams in the first half of 2019, an increase of 50% on the previous year.

The banking lobby group warned that over half (55%) of dating site users are inviting trouble by claiming to trust the people they meet online before they’ve seen them in person.

Men (33%) were more likely to say they had been catfished than women (20%), and also more likely to be asked for money than women (26% versus 15%).

Katy Worobec, managing director of economic crime at UK Finance, urged netizens to be cautious ahead of Valentine’s Day on Friday.

“Romance scams are both emotionally and financially damaging for victims,” she added.

“Although banks are always looking out for suspicious activity, customers must be on their guard and protect themselves too. Always be wary of requests for money from someone you’ve never met in person. If you think you’ve been the victim of a romance scam, contact your bank immediately.”

The research comes a week after the FBI released a similar warning to lonely hearts. According to the Bureau’s Internet Crime Complaint Center (IC3), 18,000 victims reported losses of over $362m in 2018.

Stay up-to-date with the latest information security trends and topics by registering for Infosecurity Magazine’s next Online Summit. Find out more here.

Source: Information Security Magazine

LORCA and Kx Partner to Boost Cyber-Scaleups with Advanced Analytics

LORCA and Kx Partner to Boost Cyber-Scaleups with Advanced Analytics

The London Office for Rapid Cybersecurity Advancement (LORCA) has announced a new partnership with Kx to enhance cyber-scaleups through access to advanced data processing capabilities.

LORCA is a government-backed program that supports the UK’s most innovative cyber-companies with the aim of growing the UK’s cybersecurity sector and making the internet a safer place.

Based in East London and run by Plexal, LORCA offers members a range of forums, programs and events aimed at helping them develop, convening academia, innovators, government, investors and industry into a cross-sector, non-competitive and collaborative ecosystem.

Through the partnership with Kx, which will be spearheaded by Kx Ventures – an arm of the Kx company – LORCA members will receive 12 months of dedicated support designed to help them scale, and will have access to the Kx platform, allowing them to improve their product research and development by processing and analyzing data more efficiently.

Saj Huq, program director, LORCA, said: “Every successful cyber-company starts with a validated, market-ready product. Working with Kx will provide a valuable opportunity for LORCA members to glean advanced, data-led insights and improve their market readiness, as well as access commercial expertise from Kx.”

Paul Hollway, head of Kx Ventures, added: “We have been impressed by the caliber of innovators LORCA has sourced from around the world and the cluster’s ability to drive such companies to success. We look forward to supporting them as a technology partner.”

Stay up-to-date with the latest information security trends and topics by registering for Infosecurity Magazine’s next Online Summit. Find out more here.

Source: Information Security Magazine

Danes Blame Bug for ID Leak Affecting 1.3 Million

Danes Blame Bug for ID Leak Affecting 1.3 Million

The Danish government is under fire after an audit revealed that the personal identity numbers of over a fifth of the country’s population were leaked to US tech providers for five years.

The issue was discovered by the Agency for Development and Simplification (Udviklings-og Forenklingsstyrelsen) which maintains the country’s tax office IT systems.

It is linked to a software bug in the TastSelv Citizen portal used by taxpayers, which meant that ID (CPR) numbers appeared in the web address after a user updated their details.

This in turn meant that the numbers, as part of these URLs, were sent to analytics providers Google and Adobe. According to tech supplier DXC Technology, 1.26 million citizens were affected by this leak between 2015 and 2020, while a further 1330 were caught up in a smaller incident from January 29 to February 1 2020.

The government agency was quick to play down the seriousness of the incident, confirming that no other payroll, tax or personal data was included in the privacy snafu, and that the leaked CPR numbers were sent via an encrypted connection.

“This is an older software bug that has been fixed today. It is important to note that in both cases there is no risk that the information sent has been misused. In one case, the information has been deleted as an integral part of the recipient process, meaning it is neither logged in nor stored with Google,” said Andreas Berggreen, director of the Danish Development and Simplification Board.

“We take these kinds of cases very seriously, and of course we need to be able to make sure that our suppliers handle all data according to applicable law and within the framework agreed upon with them. We must note that this has not been the case here, and that is why we have asked the attorney general to assess what legal steps the case is giving to the supplier.”

The incident is nowhere near the scale of Scandinavian neighbor Sweden, which imperiled the top secret details of government officials after failing to mandate security clearance for outsourced transport agency staff in Serbia and the Czech Republic.

Source: Information Security Magazine

DevOps Alert: 12,000 Jenkins Servers Exposed to DoS Attacks

DevOps Alert: 12,000 Jenkins Servers Exposed to DoS Attacks

Security researchers are warning that 12,000 cloud automation servers around the world could be hijacked to launch denial of service (DoS) attacks.

Radware issued an emergency response team threat alert yesterday after discovering 12,802 Jenkins servers that are still vulnerable to a flaw patched at the end of January.

Discovered by Adam Thorn of the University of Cambridge, CVE-2020-2100 affects Jenkins 2.218 and earlier as well as LTS 2.204.1 and earlier.

“Jenkins’ vulnerability is caused by an auto-discovery protocol that is enabled by default and exposed in publicly facing servers,” explained Radware security evangelist, Pascal Geenens. “Disabling the discovery protocol is only a single edit in the configuration file of Jenkins and it got fixed in last week’s patch from a default enabled to disabled.”

The bug could enable attackers to compromise exposed servers to launch two different types of DoS: an amplification attack and an infinite loop attack.

The latter was described by Geenens as “particularly nasty,” because “with a single spoofed packet, a threat actor can make two servers go into an infinite loop of replies, and they cannot be stopped unless one of the servers is rebooted or has its Jenkins service restarted.

“The same exposed service can also be abused by malicious actors to perform DDoS amplification attacks against random victims on the internet – victims do not have to run or expose Jenkins for the amplification attack to impact them,” he continued.

“If your DevOps teams are using Jenkins servers in their cloud or on-prem environments, there is a simple solution: either disable auto-discovery protocol if you do not use it or add a firewall policy to block access to port udp/33848.”

Open source Jenkins servers are popular among DevOps teams, which use them to build, test and deploy apps running in the cloud in environments such as Amazon Web Services, OVH, Hetzner, Host Europe, DigitalOcean and Linode.

Source: Information Security Magazine

Chinese Military Personnel Charged with Equifax Hack

Chinese Military Personnel Charged with Equifax Hack

The US has indicted Chinese military personnel today on charges of hacking into Equifax's computer systems and stealing valuable trade secrets and the personal data of nearly 150 million Americans.

A federal grand jury in Atlanta, Georgia, returned the indictment last week against four members of the Chinese People's Liberation Army (PLA). Wu Zhiyong (吴志勇), Wang Qian (王乾), Xu Ke (许可), and Liu Lei (刘磊) are accused of conspiring to carry out a three-month-long data heist.

According to the nine-count indictment, the defendants exploited a vulnerability in the Apache Struts Web Framework software used by Equifax’s online dispute portal to gain unauthorized access to the credit reporting agency's computer system. 

Once inside, the quartet allegedly ran around 9,000 queries on Equifax's system from May to July 2017, obtaining names, dates of birth, and Social Security numbers for nearly half of America's citizens. 

To obfuscate their location, the defendants are claimed to have routed traffic through approximately 34 servers located in nearly 20 countries and used encrypted communication channels within Equifax’s network to blend in with normal network activity. 

The indictment further alleges that to cover their tracks, the defendants deleted compressed files and wiped log files on a daily basis throughout the prolonged cyber-attack. 

"Today, we hold PLA hackers accountable for their criminal actions, and we remind the Chinese government that we have the capability to remove the Internet’s cloak of anonymity and find the hackers that nation repeatedly deploys against us," said Attorney General William P. Barr.

"Unfortunately, the Equifax hack fits a disturbing and unacceptable pattern of state-sponsored computer intrusions and thefts by China and its citizens that have targeted personally identifiable information, trade secrets, and other confidential information."

The defendants are charged with three counts of conspiracy to commit computer fraud, conspiracy to commit economic espionage, and conspiracy to commit wire fraud. They are further charged with two counts of unauthorized access and intentional damage to a protected computer, one count of economic espionage, and three counts of wire fraud. 

The accused are all members of the PLA's 54th Research Institute, a component of the Chinese military. 

FBI Deputy Director David Bowdich said: "Today’s announcement of these indictments further highlights our commitment to imposing consequences on cybercriminals no matter who they are, where they are, or what country’s uniform they wear."

Source: Information Security Magazine

Social Robot Teaches Kids Cyber-safety

Social Robot Teaches Kids Cyber-safety

A social robot named Zenbo has been using updated versions of classic fairy tales to teach fifth graders in Delaware how to be safe online.

Zenbo was activated at the University of Delaware's Newark campus during a special lesson laid on by university researchers for a group of students from The College School. 

The two-foot-tall interactive robot was programmed with a number of familiar children's stories, which had been subtly adapted to promote security in the digital age. For example, in Zenbo's version of Little Red Riding Hood, entry to grandma's house is password protected and Red is warned by her mother not to reveal the password to anyone.

When Red encounters a cyber-savvy Big Bad Wolf in the woods, the little girl must grapple with the dilemma of whether she should keep the password a secret or share the private information with a predatory stranger.

Students are asked by the robot what Red should do next. A class confronted with the problem by Zenbo last Tuesday was split down the middle, with half deeming it okay to trust the wolf with the password and the other half believing that to do so would be risky.

“These checkpoints reinforce positive behaviors and create teachable moments for when children make mistakes,” said Chrystalla Mouza, distinguished professor in teacher education in the University of Delaware’s College of Education and Human Development (CEHD). 

“It’s important that this training is provided in school because we cannot rely on it being provided elsewhere.” 

Zenbo's cybersecurity classroom career is a collaboration between Mouza; professor of computer and information sciences in the College of Engineering Chien-Chung Shen; and Tia Barnes, CEHD assistant professor of human development.

When working to establish an academic minor and a master's cybersecurity program at the university, Shen observed that children from kindergarten age up to 12th grade were being overlooked when it came to cyber-safety instruction. 

“We envision this social robot being one part of the teacher’s strategy and lesson plan, perhaps as a station that students visit or an activity that they complete during class to generate discussion,” said Mouza.

The project may be expanded in the future to include virtual reality (VR) that would enable children to become characters within the stories and learn through role play.

Source: Information Security Magazine