STE WILLIAMS

Feature The allegations that computer hackers affected the outcome of the 2016 US presidential election have cast a long shadow and might appear to be unprecedented.

But in fact they are not. Computer hacking has also featured as an issue in previous elections, in the US and elsewhere, albeit in much more peripheral roles.

China, rather than Russia, for example, was suspected in the 2008 attacks both the McCain and Obama US presidential campaigns. The big difference was that, unlike in 2016, there was no attempt to release the compromised data.

Communications lifted after hacking the Democratic National Committee (DNC) network and compromised emails from Clinton campaign chair John Podesta were leaked during the 2016 US election campaign in what amounted to the weaponisation of stolen political intelligence.

Cyber security experts speculate that the Republican National Committee may also have been hacked. That remains unconfirmed. All that we can say for sure is that any stolen intel was not leaked wholesale.

Private information from prominent Republican politicians did, however, surface on DC Leaks, fruits of an apparent phishing attack, so claims by the Republicans that they avoided hacking by operating with better security than their Democrat opponents ought to be treated with caution.

DC Leaks released emails purportedly sent by campaign staff of Arizona senator John McCain and South Carolina senator Lindsey Graham and former Minnesota congresswoman Michele Bachmann. All three have staked out political positions hostile to Russia.

The traffic goes both ways. Paul Manafort, campaign aide to then candidate Donald Trump, was forced to step down in the wake of a controversy over alleged off-books cash payments received from a pro-Russian political party in Ukraine. One theory is that elements of the Ukrainian government leaked the information in order to damage Trump.

Travis Farral, director of security strategy at threat intelligence firm Anomali, has developed a comprehensive report on the malicious activity that surrounded the latest US election as well as putting together examples of other nation states interfering in other countries political affairs.

All the (Russian) president’s men

Evidence that has come out that appears to support involvement by elements of the Russian government in interfering with the 2016 US election is “compelling”… but “not strong enough on its own to eliminate other possibilities”, according to Anomali. The threat intelligence firm has published a timeline of cyber security events during the 2016 US election here.

Evidence that Russia interfered on the side of the pro-Russia candidate Viktor Yanukovych in the 2010 Ukrainian election is stronger still. “This was a multi-pronged campaign,” Farral told El Reg. “False information was spread in attempts to manipulate the electorate. In addition, results were manipulated before they were sent to the central authority.”

These kind of campaigns remain ongoing. Sweden has accused Russia of running an influence campaign, downplaying Nato among other strategic goals, as part of a campaign to manipulate the results of the next general election in the Scandinavian country, which needs to happen before September 2018.

Lone wolves and hackers for hire

Russia isn’t the only potential adversary to worry about. Lone wolf actors (such as the original Guccifer, Marcel Lazăr Lehel), Islamic activists, and other politically motivated actors or groups could also be sources of concern. Information security attacks could be made against political organisations, government institutions, and political operatives.

Columbian hacker-for-hire Andrés Sepúlveda claims to have used a variety of dirty tricks to influence elections in Nicaragua, Panama, Honduras, El Salvador, Colombia, Mexico, Costa Rica, Guatemala, and Venezuela over the last ten years. Sepúlveda was jailed for spying on the Colombian government’s peace talks with Marxist rebels, as previously reported.

Anomali’s latest threat intelligence report, Election Security in an Information Age, can be downloaded here (email-based registration required).

The report outlines historical examples of nations interfering with the smooth operation of other country’s elections as well as examining the issue of attribution and manipulation of digital evidence. It’s possible that culprits can manipulate digital evidence to make it appear as is someone other than themselves perpetrated an attack.

Parallax view

Over the last two years alone, there have been an increasing number of information security attacks on political organisations, government institutions, and political operatives. The German Bundestag, the ruling Turkish AKP political party of Recep Erdoğan, NATO, the Ukrainian government, and the German Christian Democratic Union political party have all been targeted since 2014.

Some of these attacks have led to the release of damning emails or other confidential information. Stealing and releasing private information hasn’t been the only avenue to influence public opinion, however. Armies of social media “trolls” have been employed by countries like Russia and Turkey to shape public opinion on state interests, according to Anomali. Nation state involvement is suspected in many cases but difficult to prove because attribution in cyberspace is difficult.

Time for a non-cyber aggression agreement

The issue of hacking as a political tool is timely, especially in the run-up to what promises to be fiercely contested elections in France and Germany later this year.

The interference of countries in the elections of other countries dates back many years. Only the cyber element is new and incidents like the compromise of Angela Merkel’s smartphone and the DNC hack last year have had the incidental effect of raising awareness.

Oren Falkowitz, a former director at the US Cyber Command turned chief exec of security start-up Area 1 Security, told El Reg: “Technically not much has changed recently but there’s a greater awareness of security threats among business leaders and senior politicians.”

The reasons for cyber-espionage parallel those of conventional spying, namely economic, political and financial. “It’s not just Russia. Everyone is engaged in this all the time,” according to Falkowitz, “The focus on attribution is wrong. This is a technical problem,” he added.

Security tech has achieved disappointing results because it is treating the symptoms rather than the root cause of infosec problems, according to Falkowitz. Although cyber-threats are best combated through technology, political agreements between countries might help in reducing tensions, he added.

“Cyber conventions could be treated like arms reduction talks,” Falkowitz explained. “You need to establish norms before making treaties,” he added. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/02/01/nation_state_election_hacking/

Exclusive Google is blocking access to the entire NHS network, mistaking the amount of traffic it is currently receiving as a cyber attack.

An email from an NHS trust’s IT department seen by The Register confirmed that the US search giant has mistaken the current traffic levels for a botnet.

The email headed “Google Access” stated: “Google is intermittently blocking access due to the amount of traffic from NHS Trusts Nationally (This is not being blocked by the IT Department).

“This is causing Google to think it is suffering from a cyber-attack.

“We are advising staff to use an alternative search engine i.e. Bing to bypass this problem.

“If you have ‘Chrome’ on your desktop the page will display correctly but if you ‘should’ get a CAPTCHA pop up, please follow the instructions to continue.”

The source said they did not know why Google had suddenly decided to block access to the NHS net, but confirmed it was the “go-to resource” for a lot of clinicians.

The Register has contacted NHS Digital and Google for a comment.

Controversially, Google is also attempting to drum up business with the NHS through its DeepMind AI business.

Last year it emerged that the Royal Free NHS trust had signed a deal with DeepMind to give the outfit access to 1.6 million patient records, without explicit permission from patients.

It has since won a deal with Moorfields Eye Hospital to access one million anonymous eye scans.

The NHS is one of the biggest employers in the world, with 1.2 million people working for the organisation.

Earlier this week it emerged that a reply-all NHS email fail in Croydon resulted in 500 million emails being sent across the NHS in just 75 minutes.

Google refused to comment but said: “It is not correct to say we have blocked the entire NHS network.” ®

Updated at 12:31 UTC on Wednesday 1 February to add: An NHS Digital spokesman contacted the Reg to say: “We are aware of the current issue concerning NHS IP addresses which occasionally results in users being directed to a simple verification form when accessing Google. This would appear to be due to the high number of people using our systems and trying to access Google at peak times. We are currently in discussion with Google as to how we can help them to resolve the issue.”

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/02/01/google_mistakes_entire_nhs_for_a_botnet/

Spanish cops investigating an attack on a Catalan police union last May have arrested three suspects, including a hacker alleged to be behind high-profile attacks against spyware-for-cops firms Hacking Team and Gamma International.

Phineas Fisher claimed responsibility for the hack and subsequent leak of sensitive information from Hacking Team in 2015 as well as an earlier assault on UK-based Gamma International, the firm behind FinFisher, back in August 2014.

The three (as yet unnamed) suspects were arrested as part of an investigation into an attack against Sindicat de Mossos d’Esquadra (SME), the Catalan police union. Phineas Fisher claimed credit for the attack, which resulted in the leak of personal information of up to 5,500 serving police officers.

Spain’s Policia Nacional (national police) detained a couple in Barcelona and a 33-year-old man in Salamanca on suspicion of the crime on Tuesday. The Salamanca suspect is Phineas Fisher, according to local reports.

Someone using Phineas Fisher’s email address surfaced hours after the arrest to claim police had arrested an activist rather than him. “I think the Mossos just arrested some people that retweeted the link to their personal info, or maybe just arrested some activisty/anarchisty people to pretend they are doing something,” they said in an email shared through an intermediary with Motherboard.

Spanish daily El Pais has more on the story here. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/02/01/spanish_cop_cuff_phineas_fisher_suspect/

Javelin report finds that fraud increased to 15.4 million consumers in the US – the highest ever.

Identity fraudsters had a banner year in 2016, underscoring the need for consumers to consider protection services, stronger forms of authentication, and increased vigilance on security issues.

The number of identity fraud victims increased 16% in 2016, rising to 15.4 million consumers in the US, according to Javelin Strategy Research’s 2017 Identity Fraud Study, conducted on behalf of LifeLock. That’s a record high since Javelin began tracking identity fraud in 2004.

Al Pascual, senior vice president, research director and head of fraud and security at Javelin, says the study also found that the criminals adapted to all the latest prevention techniques to net 2 million more victims in 2016 – an increase of $1 billion, to $16 billion. The rise of available information via data breaches has been a boon to the criminals, he says.

“To successfully fight the fraudsters, the industry needs to close security gaps, continue to improve, and consumers must be more proactive,” he notes.

Randy Vanderhoof, executive director of the Smart Card Alliance, agrees that consumers must become more vigilant than think about changing their habits.

“What I tell people is to dedicate a credit card for online shopping and a credit card for purchases at physical stores. It’s much easier to track the fraud that way,” Vanderhoof explains. “People also need to be aware that if they use a debit card in the store, there is more of a risk because if they are subject to fraud, the money comes right out of their checking account. With credit cards, there are some more protections.”

The report, which was based on address-based surveys of 5,028 US consumers, also found:

• Card not present (CNP) fraud rose significantly. EMV chip and pin cards have closed off opportunities for point-of-sale fraud, so the criminals have moved online. CNP fraud increased by 40% last year. In fact, 3.42% of all consumers had their cards abused by this type of fraud.

• Account takeover bounces back. After reaching a low point in 2014, both account takeover incidents (where a criminal takes control of an account) and losses rose notably last year. Total account takeover losses increased 61%, to $2.3 billion, and incidents were up 31%. During 2016, victims paid an average of $263 in out-of-pocket costs and spent 20.7 million hours to resolve this type of fraud – 6 million more hours than in 2015.

• Account takeover on mobile phone became nearly twice as prevalent in only one year. Mobile phone accounts represented 12% of all takeovers in 2016, up from 7% in 2015. Cybercriminals sought to monetize mobile accounts and leverage them to compromise the mobile-based alerting and authentication solutions that financial institutions, issuers, and other businesses rely on to prevent fraud. 

• New account fraud (NAF) continues unabated. In NAF, a fraudster takes a person’s information and opens up a new account in the victim’s name. NAF increased from 0.62% in 2015, to 0.74% of consumers last year. Fraudulent credit cards proved most attractive, rising 21% for new fraudulent accounts opened in 2015, to 30% last year.

“New account fraud is often the most damaging type of fraud because the criminals get your social security numbers and other personal information and open up accounts in your name,” says Stephen Coggeshall, chief analytics and science officer at ID Analytics and LifeLock. “Very often the victim is not aware that the fraud took place for several days.”

According to the study, NAF was detected 17 days more slowly in 2016 than it was the year before. Most victims find out either when they check their credit report or when a creditor or collector contacts them. By the time the account has gone delinquent, the fraud has matured and the fraudster has more the likely gone on to another scheme.

The report also distinguishes between different types of consumers. For example, consumers with little online presence face less risk, but can take more than 40 days to detect fraud and incur higher fraud amounts than most other fraud victims.

On the other hand, while e-commerce shoppers experience the highest amount of fraud, they also tend to catch it very quickly, minimizing the impact. A full 78% of ecommerce fraud victims detected fraud inside of one week.   

Related Content:

• 6 Free Ransomware Decryption Tools
• Report Says Death Of The Password Greatly Exaggerated
• Last Year Over 4.2 Billion Records Exposed In 4,149 Breaches
• 10 Cocktail Party Security Tips From The Experts

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full Bio

Article source: http://www.darkreading.com/cloud/identity-fraud-rose-16--in-2016/d/d-id/1328027?_mc=RSS_DR_EDT

Update educates merchants on payment security challenges and significance of encryption.

The PCI Security Standards Council has released an update of its 2013 guidance on e-commerce that offers practical advice to merchants on understanding and maintaining a secure e-payment platform. Best Practices for Securing E-commerce is the result of a comprehensive study on payment security challenges by a Special Interest Group that included merchants, financial organizations, and service providers.

As online sales have increased significantly, the Council emphasizes the importance of encryption. In 2015, the Council said that those who accept payment cards must employ TLS 1.1 encryption or higher by next year June. Google, meantime, has said that use of HTTPS is necessary and now Chrome browser users are warning users when they visit a non-HTTPS website.

Said Troy Leach of the PCI Security Standards Council: “This information supplement is a testament to their (community members) collaboration and willingness to share their experience with others and provides easy to understand examples of e-commerce scenarios along with best practices to secure cardholder data and meet PCI DSS requirements.”

Click here for supplement.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: http://www.darkreading.com/cloud/pci-security-standards-council-issues-guidance-for-e-commerce-security-/d/d-id/1328029?_mc=RSS_DR_EDT

Russia suspected to be behind the Foreign Ministry hacks that resemble those of the attacks against the US, Reuters says.

Czech Foreign Minister Lubomir Zaoralek has said the country’s Foreign Ministry was a target of cyberattacks in which email accounts were hacked and a large amount of data was compromised, Reuters reports. However, material stolen was not confidential and there was no impact on the department’s internal communication network, he added.

Claiming that the attacks came from a foreign state – which he did not name – Zaoralek also said the character of the hacks was similar to the ones on the US Democrats last year. Reuters reports that a government source said that Russia is suspected to be behind the attacks.

Meanwhile, an investigation is under way to ascertain whether other government institutions were also breached.

The US intelligence community publicly concluded that Russia was behind cyberattacks against the Democratic National Committee and other Democratic targets in a concerted efforrt to influence the US presidential election. Germany has also made similar allegations against Russia of attacking its political parties.

Read details on Reuters.

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: http://www.darkreading.com/attacks-breaches/cyberattacks-on-czech-foreign-ministry-the-handiwork-of-a-nation-state/d/d-id/1328028?_mc=RSS_DR_EDT

Staff are taking to the dark web to leak corporate secrets for cash, research reveals.

Hackers from US-based risk management outfit RedOwl and Israeli threat intelligence firm IntSights worked their way past the interview process to access the private dark net property Kick Ass Marketplace, where they found evidence of staff selling internal corporate secrets to hackers. In some cases staff even collaborated with blackhats to infect their company networks with malware.

Staff at an unnamed bank were also found to be helping hackers maintain a persistent presence on their corporate networks.

Clients can pay a subscription of up to one bitcoin a month for access to allegedly vetted and accurate insider information which is posted in threads on the site, then cash in on the information they glean.

The site is run in part by an adminstrator known as “h3x” who in an May interview with DeepDotWeb claimed to be a “self-taught cryptographer, economist, investor, and entrepreneurial businessman”.

h3x has claimed that Kick Ass Marketplace boasts seven administrators, including three hackers and two trading analysts who observe financial markets and vet the integrity of stolen data before posting it to the site.

Posts are assigned confidence ratings and advice about whether to buy or sell stocks is included.

The hacker claimed, in the now nine-month-old interview, that the site boasted 15 investment firm members and 25 subscribers.

An example post on The Stock Insiders. Disclosures are required to gain access. Image: The Register.

Ido Wulkan of IntSights, with colleague Tim Condello and finance man David Pogemiller say in the report Monetizing the Insider: The Growing Symbiosis of Insiders and the Dark Web [PDF] published today that the site is posting about five high confidence insider trading reports a week.

The site pulls some US$35,800 a week according to analysis. Its reported main bitcoin wallet holds 184 bitcoins (US$179,814).

Kick Ass Marketplace admits only skilled users. Image: The Register

Another dark web site the trio studied, dubbed The Stock Insiders, recruits retail staff as mules to help cash out stolen credit cards for reliably-resellable goods like Apple iPhones.

The report includes posts where fraudsters seek help from strikers, people willing to walk into stores with stolen credit cards pretending to be legitimate account holders who approach cooperating sales clerks to buy goods.

Hacker seeks an insider. Image: supplied.

The trio say insider recruitment is “active and growing” with chatter across public and private forums about the subject doubling from 2015 to 2016.

“The dark web has created a market for employees to easily monetise insider access,” the researchers say.

“The dark web serves as a vehicle insiders use to cash out on their services through insider trading and payment for stolen credit cards.

“Sophisticated threat actors use the dark web to find and engage insiders to help place malware behind an organisation’s perimeter security [and] as a result, any insider with access to the internal network, regardless of technical capability or seniority, presents a risk.”

Insider theft can be a disastrous for some organisations. In Australia, theft of sensitive corporate information including designs and customer records can be considered a civil rather than criminal matter, leading to very lengthy and expensive lawsuits.

Thefts can be as simple as real estate agents taking client lists to new businesses, and general practitioners patient lists to establish their own rival practice, two acts of fraud which are understood to be common. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/02/01/insider_trading_dark_web/

Usenix Enigma 2017 Research has shown that older people – particularly older women – are more susceptible to phishing scams. You may think our oldies are more suspicious of strangers, but that’s sadly not the case.

The study was presented at the Enigma 2017 conference by Daniela Oliveira, a professor in the department of computer engineering at the University of Florida. It involved 158 old and young participants who agreed to have a logger put on their PCs that recorded every website they visited. In addition, one targeted phishing email was sent to them per day, with the messages based around one of six themes. Thus, the researchers could figure out who was falling for the dodgy emails.

Over the three-week period, 43 per cent of participants clicked through to a fake phishing site, with over 10 per cent falling for two or three of them. Older participants were significantly more likely to be fooled – and older women were particularly vulnerable.

By far the most effective phishing tactic is to threaten legal action, such as a notice of a parking fine. Youngsters are more susceptible than oldsters on this front. However, senior recipients – particularly elderly women, apparently – were much more likely to fall for scams that use emotional manipulation and clever sweet-talking to trick them into handing over sensitive information. Warning old folk that their security is at risk and that you’re doing them a favor by offering to fix that is a pretty successful line to take, if you’re a soulless crook.

Oliveira noted that as people get older, they lose friends and family. Women generally live longer than men and can face a lonelier life. This may make them more willing to trust strangers in order to build new friendships and relationships. Aging brain chemistry may also be why they fall victim to silver-tongued persuasion.

“As we age we decline in certain cognitive areas,” she explained. “While the levels of experience increase, how fast we can process information and keep our short-term working memories declines, and we become more trusting. This is a very dangerous combination.”

It’s particularly worrying in terms of demographics. The over-60s are the fastest growing age group in the world and that’s only going to get more acute. In addition, the over-60s currently control around half of the material wealth and occupy positions of power – even the presidency of the United States. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/02/01/why_old_women_biggest_phishing_victims/

Net scum behind the Cerber ransomware have been pounding enterprises infecting more corporate machines than any other, according to Microsoft.

Some 2114 infections have been discovered from December to January on corporate endpoints operating Windows 10 Enterprise, an operating system that Microsoft boffins says breaks the ransomware exploit chain thanks to its embedded Advanced Threat Protection exploit mitigations, an otherwise paid service.

Redmond has fought Cerber since at least July 2016 when the ransomware’s authors tweaked their flagship to target Office 365 using old-school macros.

The company says its threat protection module recognises Cerber payloads and those of others, including likely emerging forms, and prevents the exploits firing.

The module will be upgraded in the upcoming Creators Update to allow compromised machines to be isolated from the network, and execution prevention and quarantine capabilities.

The capability appears much in line with the effective exploit mitigation efforts Microsoft has baked into Windows 10. Those features used to come with the soon-to-be dead Enhanced Mitigation Toolkit.

Microsoft dredged up the Cerber infection numbers to plug its premium exploit mitigation after it revealed in December a campaign by the malware group to hose holiday shoppers.

That campaign took two forms: emails with purported delivery messages that contained malicious attachments, and; heavy use of RIG, the current champion in the ever-evolving exploit kit market.

Redmondian security wonks explained its Advanced Threat Protection in a technical analysis of a Cerber infection in which they show a customer running the first stage macro which then used PowerShell to pull a secondary component that held the payload.

Ransomware encounters on enterprise endpoints

The Ceber payload was blocked and four alerts were generated to provide the security operations centre with command and control IP address data and Cerber payload information to help block emerging variants.

Ransomware variants Genasom and Locky took second and third place for attacking Windows 10 Enterprise boxes with about 1000 infections a piece.

Security folks do not appear to have published tools that would exploit weaknesses in the latest Cerber to enable victims to decrypt their files for free, meaning enterprises are forced to restore data from backups or pay ransom demands.

Important reverse engineering work is conducted largely by white hack hackers working under the No More Ransom Alliance, along with laudedable independent efforts by researchers and security firms. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/02/01/cerber_windows_10/

Usenix Enigma Several academics have been using brain scanning methods to see how people handle computer security, and the resounding result is that our brains are biochemically working against us in this realm.

In a talk at the Enigma 2017 security conference, Anthony Vance, professor of information systems at Brigham Young University in Utah, recounted a series of experiments on people looking at security warnings online. In a variety of scenarios, humans showed a striking similarity to Aplysia californica, or the California sea slug.

In 2000, professor Eric Kandel earned a Nobel Prize for proving that the sea slug had a memory and would react to stimuli with less and less interest once it learned that there wasn’t a threat. Humans are the same, and that helps explain why we are poor at computer security. However, there is a fix.

Vance and his team ran a series of volunteers in a functional magnetic resonance imaging system and displayed a series of 40 real-world security warning windows. They found that after just the second warning, the amount of attention the subject paid to it dropped off and fell further with each repetition, while boredom rates grew.

It was a demonstration of a known problem – habituation. It was demonstrated in the IT world with Windows Vista, which in its early incarnation spammed up so many security warnings that users just got used to clicking out of them.

So the team tried varying the design of the security warning windows, by changing their color, font, and even making them wobble slightly. This dramatically improved attention rates among subjects. Interest still declined, but much more slowly, and people weren’t as bored.

“That’s awkward – one of fundamental basis’ of user interface design is consistency,” Vance said. “But this is a danger for system notification.”

In the QA section, a Google engineer said that the Chocolate Factory’s own experience mirrored the research. In an effort to kill malware, Google pushed out messages on their search page warning infected users that they needed to clean up their systems.

“We saw a lot of users clean up their systems but many ignored it and never sorted out the issue,” he said. “After a few weeks we changed the background color of the warning from yellow to pink and saw a massive increase in number of users fixing the malware.”

Another brain danger is what he called dual task interference. While many people think that they are great at multitasking, he said, the reality is that we’re all lousy at it.

The team asked subjects to memorize a series of six-digit codes, and then showed them a security warning on screen. If the warning screen popped up in the middle of the memorizing process, not only were a third fewer codes remembered – the correct reaction to the security warning window dropped 45 per cent.

This is unfortunate from a security screen standpoint, since they typically pop up after a computer user performs an action and is expecting a response. The user clicks on a web page, expects to see the endpoint, and instead gets a security warning. They want to see the page so don’t read the window and click it away.

“Security should be brain compatible, and work with brain not against it,” Vance said. “I’d also suggest engineers need to worry less about attacks, and more that the neurobiology of their users is working against current security practice.”

Incidentally, The Reg asked if there was any truth in the conventional wisdom that women are better at multitasking than men. Vance said his tests showed no such evidence. ®

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/02/01/people_ignore_security_warnings/