Pete Recommends – Weekly highlights on cyber security issues February 15, 2020

Subject: Coronavirus brings China’s surveillance state out of the shadows
Source: Reuters via Yahoo
https://news.yahoo.com/coronavirus-brings-chinas-surveillance-state-121727349.html

BEIJING/HONG KONG, Feb 7 (Reuters) – When the man from Hangzhou returned home from a business trip, the local police got in touch. They had tracked his car by his license plate in nearby Wenzhou, which has had a spate of coronavirus cases despite being far from the epicentre of the outbreak. Stay indoors for two weeks, they requested.

After around 12 days, he was bored and went out early. This time, not only did the police contact him, so did his boss. He had been spotted near Hangzhou’s West Lake by a camera with facial recognition technology, and the authorities had alerted his company as a warning.

“I was a bit shocked by the ability and efficiency of the mass surveillance network. They can basically trace our movements with the AI technology and big data at any time and any place,” said the man, who asked not to be identified for fear of repercussions.

Chinese have long been aware that they are tracked by the world’s most sophisticated system of electronic surveillance. The coronavirus emergency has brought some of that technology out of the shadows, providing the authorities with a justification for sweeping methods of high tech social control.

The industry ministry sent a notice to China’s AI companies and research institutes this week calling on them to help fight the outbreak. Companies have responded with a flurry of announcements touting the capabilities of their technology.


Subject: Iran says foils cyberattack targeting internet providers
Source: AFP via Yahoo
https://news.yahoo.com/iran-says-foils-cyberattack-targeting-internet-providers-112424952.html

Tehran (AFP) – Iran repelled a cyberattack on Saturday that disrupted the country’s internet services for an hour, a telecommunications ministry official said.”At 11:44 (0814 GMT) a distributed denial-of-service attack disrupted the internet services of some mobile and fixed operators for an hour,” tweeted Sajad Bonabi.

A DDoS attack involves overwhelming a target’s servers by making a massive number of junk requests.

“Connections have returned to normal following the intervention of Dejfa shield,” Bonabi added, referring to Iran’s so-called digital fortress against cyberattacks.

He did not elaborate on the source of the attack.


Subject: How to Share Files Securely Online: Dropbox, Firefox Send, and More
Source: WIRED
https://www.wired.com/story/securely-share-files-online/

You’ve got no shortage of options sharing documents and more with friends, family, and colleagues. These are your best bets.If you need to share documents and files with other people over the internet, you want to be able to do it quickly, securely, and with as little friction as possible. Thankfully, plenty of apps and services meet those three criteria.

Whether it’s tapping into the tools included with the cloud storage app you already use, or simply dragging files into an open browser window, you’ve got several options to weigh up.

All these services encrypt files in transit and when stored, stopping hackers and third parties from getting at them. However, only Firefox Send uses end-to-end encryption, which means not even Firefox can see the files. The others retain the right to access your data if compelled by law enforcement, or if it’s needed to manage the cloud services themselves. It’s also important to make sure the sharing links you generate are closely guarded, as these act as decryption keys giving access to your files.

With that said, here are your best file-sharing options—and the features that set them apart.

filed https://www.wired.com/category/security/

RSS https://www.wired.com/category/security/feed/


Subject: Philips Hue Smart Bulbs Bug May Compromise Home Networks
Source: Digital Trends
https://www.digitaltrends.com/home/hackers-target-philips-hue-smart-bulbs/

Security researchers discovered a vulnerability in the Philips Hue smart bulbs that may allow hackers to infiltrate a home’s network.Cybersecurity firm Check Point revealed the exploit through a blog post, where it detailed the method of attack that hackers may use to take advantage of the bug.

The first step in the hack, which is made possible by a remote exploit in the ZigBee low-power wireless protocol that is used on many smart home devices, is for the hacker to take control of one Philips Hue smart bulbs. By adjusting the bulb’s color and brightness, the victim will be tricked into thinking that it is glitching out.


Subject: Safer Internet Day
Source: DHS CISA via US-CERT
https://www.us-cert.gov/ncas/current-activity/2020/02/10/safer-internet-day

February 11, 2020 [was] Safer Internet Day, a worldwide event aimed at promoting the safe and positive use of digital technology for all users, especially children and teens. This year’s theme—Together for a better internet—encourages everyone to play their part in creating a safer, more secure internet.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to view the Safer Internet Day website and the following tips:


Subject: North Korea’s Internet Use Surges, Thwarting Sanctions and Fueling Theft
Source: The New York Times via Yahoo
https://news.yahoo.com/north-koreas-internet-surges-thwarting-125743709.html

The study concludes that since 2017 — the year President Donald Trump threatened “fire and fury like the world has never seen” against the country — the North’s use of the internet has surged about 300%. Nearly half that traffic now flows through a new connection in Russia, avoiding the North’s longtime dependency on a single digital pipeline through China.

The surge has a clear purpose, according to the report released Sunday by Recorded Future, a Cambridge, Massachusetts, group known for its deep examinations of how nations use digital weaponry: circumventing financial pressure and sanctions by the West. Over the past three years, the study concluded, North Korea has improved its ability to both steal and “mine” cryptocurrencies, hide its footprints in gaining technology for its nuclear program and cyberoperations, and use the internet for day-to-day control of its government.

“What this tells you is that our entire concept of how to control the North’s financial engagement with the world is based on an image of the North that is fixed in the past,” said Priscilla Moriuchi, a former National Security Agency analyst who directed the study and has long focused on North Korea and Iran. “They have succeeded at an easy-to-replicate model of how to move large amounts of money around the world, and do it in a way our sanctions do not touch.”

“Our sanctions system needs a radical update,” she concluded.

Moreover, the report, titled “How North Korea Revolutionized the Internet as a Tool for Rogue Regimes,” concludes that other nations are watching the North Korean model, and beginning to replicate it.

“Iran has begun to pursue cryptocurrencies as a method for facilitating international payments and circumventing U.S. financial controls,” it notes.

This article originally appeared in The New York Times. NB 31-pages

Click here to download the complete analysis as a PDF.


Subject: Equifax breach: How Chinese army hackers allegedly stole personal info
Source: USA Today – Tech
https://www.usatoday.com/story/tech/2020/02/10/2017-equifax-data-breach-chinese-military-hack/4712788002/

The Equifax data breach that compromised the personal data of almost 150 million Americans in 2017 unfolded like a classic robbery.The criminals identified a flaw in the credit agency’s security system, executed a plan of attack to penetrate it and devised a scheme to cover their tracks on their way out, according to a criminal indictment unsealed Monday.

Those alleged criminals, four members of the Chinese military, exploited a flaw in software that allowed U.S. consumers to dispute problems with their Equifax credit reports. That gave the hackers access to Americans’ personal information, according to the indictment.

The breach occurred after Equifax security officials failed to install a software upgrade that had been recommended to seal off digital intruders from obtaining access to the names, birthdates and Social Security numbers of the victims, the indictment says.

filed:

https://www.usatoday.com/tech/


Subject: CIA Had an Incredibly Easy Way to Spy on Nations
Source: WaPo via Newser
https://www.newser.com/story/286821/cia-had-an-incredibly-easy-way-to-spy-on-nations.html

(Newser) – A fascinating story in the Washington Post sounds like the far-fetched plot of a spy thriller. But it’s all true: The piece details how the CIA, with help from West Germany, was able to read the secret communications of other nations with surprising ease for more than 50 years. It seems these nations paid a Swiss firm called Crypto AG for equipment used to safeguard the communications of spies and diplomats. The company got its start with code-breaking machines in World War II, then evolved to remain on top of the field. Here is the takeaway in the Post: What “none of its customers ever knew was that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence,” writes Greg Miller. “These spy agencies rigged the company’s devices so they could easily break the codes that countries used to send encrypted messages.”


Subject: The silent threat of the coronavirus: America’s dependence on Chinese pharmaceuticals
Source: The Conversation
https://theconversation.com/the-silent-threat-of-the-coronavirus-americas-dependence-on-chinese-pharmaceuticals-130670

Chinese dominance in the pharmaceutical market

We represent an interdisciplinary group of scientists and policymakers at the Scowcroft Institute’s Pandemic and Biosecurity Policy Program based at the Bush School of Government at Texas A&M University who have been holding annual summits addressing pandemic-related issues for the past five years. One of our goals is to promote dialogue on potential risks related to pandemics and U.S. security, in this case the disruption of supply chains and availability of medical supplies and drugs.

Today, about 80% of pharmaceuticals sold in the U.S. are produced in China. This number, while concerning, hides an even greater problem: China is the largest and sometimes only global supplier for the active ingredient of some vital medications. The active ingredients for medicines that treat breast cancer and lung cancer and the antibiotic Vancomycin, which is a last resort antibiotic for some types of antimicrobial resistant infections, are made almost exclusively in China. Additionally, China controls such a large market portion of heparin, a blood thinner used in open-heart surgery, kidney dialysis and blood transfusions that the U.S. government was left with no choice but to continue buying from China even after a contamination scandal in 2007.

China is not only the dominant global supplier of pharmaceuticals, but it is also the largest supplier of medical devices in the U.S. These include things like MRI equipment, surgical gowns, and equipment that measures oxygen levels in the blood. Supplies of these essential products have not yet been severely disrupted by the coronavirus, but if China is no longer will or able to supply them to the U.S., thousands of Americans could die.

When a disease reaches epidemic levels, the first obligation for leaders in any country is to protect their own people. As this current crisis progresses, there may come a point when political leaders in China will face decisions on whether to prohibit the export of pharmaceuticals, medical devices and other vital medical components in order to treat or protect their own people. Such acts would be the logical outcome of an escalating situation. For the 2009 H1N1 pandemic response, for example, the U.S. was pushed to the back of the queue for vaccine deliveries even though we had existing contracts with a major vaccine manufacturer located in another country. Those vaccine deliveries were delayed.


Subject: 2019 Internet Crime Report Released
Source: FBI
https://www.fbi.gov/news/stories/2019-internet-crime-report-released-021120

Data Reflects an Evolving Threat and the Importance of ReportingInternet-enabled crimes and scams show no signs of letting up, according to data released by the FBI’s Internet Crime Complaint Center (IC3) in its 2019 Internet Crime Report. The last calendar year saw both the highest number of complaints and the highest dollar losses reported since the center was established in May 2000.

“Criminals are getting so sophisticated. It is getting harder and harder for victims to spot the red flags and tell real from fake.”

Donna Gregory, chief, IC3 – Read the full 2019 Internet Crime Report. To stay up to date on common online scams and frauds or report a crime, visit ic3.gov.

Select image to view full PDF report – Resources:

Subject: New SchoolSafety.gov Provides Cyber Guidance for K-12 Schools
Source: DHS CISA via US-CERT
https://www.us-cert.gov/ncas/current-activity/2020/02/12/new-schoolsafetygov-provides-cyber-guidance-k-12-schools

The Federal School Safety Clearinghouse just launched its website: SchoolSafety.gov. This website—a collaboration between the Department of Homeland Security and the U.S. Departments of Education, Justice, and Health and Human Services—features a fact sheet on Cyber Safety Considerations for K-12 Schools and School Districts. The factsheet provides guidance to educators, administrators, parents, and law enforcement officials on various online threats to students, including cyberbullying, ransomware, and online predation.The Cybersecurity and Infrastructure Security Agency (CISA) encourages users to read Cyber Safety Considerations for K-12 Schools and School Districts and to visit SchoolSafety.gov to learn more about all the resources available. Refer to CISA’s Tips on Keeping Children Safe Online and Dealing with Cyberbullies for additional best practices.

Posted in: AI, Big Data, Civil Liberties, Computer Security, Cybercrime, Cyberlaw, Cybersecurity, Data Mining, Economy, Education, Financial System, Government Resources, Health, Internet Trends, Privacy