Pete Recommends – Weekly highlights on cyber security issues, September 12, 2020

Subject: Even a Federal Judge Agrees That the FBI and NSA Are Flouting Civil Liberty Safeguards
Source: Gizmodo

The National Security Agency and Federal Bureau of Investigation violated thousands of people’s civil liberties by exploiting systems intended for sussing out foreign intelligence and criminal activity, a federal judge found per the Washington Post.

In a December 2019 opinion first made public Friday, the presiding judge of the Foreign Intelligence Surveillance Court, James E. Boasberg, ruled that the FBI violated the law and the NSA ignored regulations when these agencies hoovered up emails and other forms of electronic communications from U.S. companies under a law meant for collecting specific intel. According to the ruling, the NSA and FBI illicitly collected this data under the so-called “Section 702” provision of the Foreign Intelligence Surveillance Act, a law that compels service providers to share their customers’ communications with the FBI, NSA, and CIA if the query is “reasonably likely” to gather foreign intelligence information or evidence of criminal activity.

The National Security Agency’s program to hoover up details on billions of domestic phone calls and
Read more

NSA personnel also reportedly flouted similar safeguards within the last year. Their reasoning: They were concerned about missing out on important intel and, given that the agency had previously corrected another method of data gathering that overstepped procedures, personnel apparently “felt the rule was no longer needed,” senior intelligence officials told the outlet. The NSA has since purged that data, the privacy officer of the Office of the Director of National Intelligence, Ben Huebner, said in a press conference.

This marks the second time this week that the NSA has made headlines for violating people’s privacy with illicit snooping. On Thursday, the 9th Circuit Court of Appeals found that the NSA illegally seized metadata and phone records in the 2013 conviction of four Somali immigrants in fundraising for terrorist organizations. The ruling determined that the NSA violated the Foreign Surveillance Act in this incident and was likely an unconstitutional abuse of power.

Filed to:Civil Liberties

Subject: Malware gang uses .NET library to generate Excel docs that bypass security checks
Source: ZDNet

A newly discovered malware gang is using a clever trick to create malicious Excel files that have low detection rates and a higher chance of evading security systems.Discovered by security researchers from NVISO Labs, this malware gang — which they named Epic Manchego — has been active since June, targeting companies all over the world with phishing emails that carry a malicious Excel document. But NVISO said these weren’t your standard Excel spreadsheets. The malicious Excel files were bypassing security scanners and had low detection rates.

Malicious Excel files were compiled with EPPlus. According to NVISO, this was because the documents weren’t compiled in the standard Microsoft Office software, but with a .NET library called EPPlus.

Topic: Security

Subject: White House publishes a cyber-security rulebook for space systems
Source: ZDNet
The White House has published today a new directive detailing a list of recommendations and best practices for protecting space systems from cyber-threats and cyber-attacks.The new rules, detailed in Space Policy Directive-5 (SPD-5), are meant to establish a cybersecurity baseline for all space-bound craft, systems, networks, and communications channels built and operated by US government agencies and commercial space entities. US officials fear that US entities active in space might face cyber-attacks that may “deny, degrade, or disrupt space operations, or even destroy satellites.”Examples of malicious cyber activities harmful to space operations include spoofing sensor data; corrupting sensor systems; jamming or sending unauthorized commands for guidance and control; injecting malicious code; and conducting denial-of-service attacks,” said officials.

But cybersecurity best practices shouldn’t be applied just for spacecraft and their communications channels. Securing the ground stations from where these communications are managed is just as important.

Subject: States Experiment with Automation to Bolster Cybersecurity
Source: Route Fifty

A new pilot program overseen by Johns Hopkins University hopes to cut down on the time it takes for governments to respond to potential cyber threats by automating the process.
State and local governments have been a favorite target of hackers using ransomware and other cyberattacks in recent years.
Rather than leaving these governments to face down threats alone, a new pilot project aims to help them bolster their online defenses by automatically identifying potentially troublesome IP addresses and malware files for them.Information technology agencies in four states and one county are participating in the program, which uses security orchestration, automation and response (SOAR) tools to share intelligence on cyber threats and automatically take action to protect systems against them. The pilot is using a framework developed by the Johns Hopkins University Applied Physics Laboratory and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.Relying on indicators of potentially malicious activity on a system or network flagged by the Multi-State Information Sharing and Analysis Center, the states are able to respond quickly to suspected cyber threats.

Last year, Ohio established a volunteer “cyber reserve,” a civilian unit of the National Guard, that will be called on to assist local governments in the face of ransomware or cybersecurity attacks. Others have turned to cyber insurance to help pay for the costs of restoring their computer systems if they are compromised during a ransomware attack.


Subject: COVID-19 and Emerging Global Patterns of Financial Crime

COVID-19 and Emerging Global Patterns of Financial Crime
September 4, 2020Criminal groups around the world are exploiting opportunities for illicit profit during the COVID-19 pandemic. As criminal behaviors shift, so, too, have the illicit financial footprints left behind. As Congress considers U.S. and international responses to the pandemic, it may also examine the emerging risks and financial patterns associated with COVID-19-related criminal activity, including cybercrime.

Risk Context
According to the Financial Action Task Force (FATF), an intergovernmental standards-setting body on anti-money laundering (AML) and counter-financing of terrorism (CFT), as well as other reporting, the pandemic has contributed to significant changes in the financial behavior of governments, businesses, and people in many parts of the world. These changes have also introduced new money laundering and financial fraud risks. For example:…Topic areas:
National DefenseForeign Affairs

Subject: The State Of Identity Security, 2020
Source: Forbes

Bottom Line:  Enterprises need to develop a greater sense of urgency on identity security as 79% have had an identify-related breach within just two years.Identities are the fastest growing and most vulnerable threat surface every organization has. A recent research study from the Identity Defined Security Alliance (IDSA) titled Identity Security: A Work In Progress provides valuable insights into how forward-thinking companies are succeeding at reducing the number of identity-related breaches. The study’s methodology is based on surveys with respondents who are directly responsible for IT security or Identity Access Management (IAM) at companies with more than 1,000 employees across thirteen industries. Please see page 14 of the study for additional details on the methodology. Key insights into the current state of identity security include the following..

Subject: Chinese hackers go after UNC for COVID-19 vaccine info
Source: Becker’s Healthcare

Chinese hackers targeted the University of North Carolina in Chapel Hill and other schools to steal coronavirus vaccine data, according to The New York Times. The World Health Organization gathers information about vaccine development worldwide, and China may be using that information to target organizations. Some of the universities that China targeted may have experienced network breaches, and the FBI has warned UNC about hacking attempts over the past few weeks, as hackers have tried to break into the computer networks for the school’s epidemiology department. The cyberattack was unsuccessful, and the school increased monitoring for its computer systems.

Government officials have also warned that China may use research partnerships with American universities to gain intelligence. In July, the federal government revealed that Chinese operatives tried to use the country’s Houston-based consulate “as an outpost to try to make inroads with medical experts in the city” and were shut down.



Subject: Phones for low-income users hacked before they’re turned on, research finds
Source: CNET

Endless pop-up ads siphon off data paid for with federal subsidies in the Lifeline program, researchers found.

Collier confirmed Anwar’s hunch: The phone’s settings and update apps contained code that allowed them to load malicious apps known as adware. The adware displayed ads that covered users’ screens, no matter what they were doing on their phones.

Adware isn’t a problem just for Anwar and other users who have the same phone model, made by American Network Solutions. Because the phones and their service plans were subsidized by a US program, taxpayers were funding the data that was used to display the promotional campaigns. On top of that, the adware prevented the phones doing their intended job: keeping low-income people connected to vital services via phone and internet.

Evidence suggests pre-installed malware plagues inexpensive phones around the world.

Filed Security Digital Media Hacking Privacy Mobile

Subject: IRS Wants to Be Able to Trace ‘Untraceable’ Digital Currencies
Source: Nextgov

The agency’s criminal investigation group is increasingly encountering anonymous and privacy-focused online payments methods.The Treasury Department’s largest federal law enforcement arm wants to expand its visibility into cryptocurrency transactions that enable anonymity and more privacy than most standard blockchain-based exchanges.

Cryptocurrency refers to virtual currency transmitted via a digital, decentralized network. With popular versions like Bitcoin, investigators could scrutinize transaction data to identify those involved but new developments could make it harder for law enforcement to trace transactions. For example, Layer 2 protocols and other off-chain solutions allow for more scalability and speedier transactions without recording every element of the transaction. Privacy coins can underpin completely anonymous transactions, or obfuscate varying levels of information involved or about them.

These options continue to grow in use and sophistication, permitting perhaps even more incognito cryptocurrency use.

In a request for proposals for “cyber crimes privacy cryptocurrency tools and support” released Friday, the Internal Revenue Service, Criminal Investigation, or IRS-CI said such payment means and networks are being increasingly used for illicit activities—which the group ultimately aims to investigate.

Highlighting the need for such solutions, the agency warned that in April a ransomware-as-a-service group stated future payment requests would be in Monero—a privacy coin marketed as “confidential and untraceable”—instead of Bitcoin. IRS-CI also emphasized its need to conduct investigations into illegal work using off-chain networks.


Subject: Diving into Government’s Trusted Internet Connections Standard 3.0
Source: Nextgov

The Trusted Internet Connections, or TIC, initiative in government upgraded to the 3.0 standard just before the COVID-19 pandemic struck. It has proven to be an invaluable resource for agencies trying to securely manage their internet connections while quickly adopting a largely telecommuting workforce. But fearing that TIC 3.0 may not go far enough given the circumstances, the Cybersecurity and Infrastructure Security Agency released the Interim Telework Guidance report to help agencies continue to respond to the teleworking situation.

As a little background about this critical government program, the need for TIC began back in 2006 when the Office of Management and Budget asked the seemingly simple question about how many internet connections were streaming out from federal agencies. When the answer came back, it was pretty surprising for a lot of people including those in the White House, which was led by President George W. Bush at the time. It turns out that there were about 4,000 connections, and many of them were not properly secured. There was also no standard that could be used to secure the connections, which created quite a huge vulnerability.

To help even further, CISA released the Interim Telework Guidance to help manage the surge. The document is not meant to be permanent, and will eventually be incorporated into a more comprehensive Remote User Use Case as part of TIC 3.0 later on.

Posted in: Civil Liberties, Cybercrime, Cyberlaw, Cybersecurity, Economy, Education, Financial System, Government Resources, Health, Legal Research, Privacy