IEEE Cipher --- Items from security-related news (E156)

  • Social Media Gets Social Engineered
    Twitter lost control of its internal systems to Bitcoin-scamming hackers
    Celebrity account holders weren't the only targets. Late hacker Adrian Lamo
    was, too.
    Publisher: Ars Technica
    Date: 7/15/2020
    By: Dan Goodin

    Several high profile Twitter accounts were hacked and used to solicit cryptocurrency donations and scam unsuspecting users of about $100K in total. Twitter blames a social engineering attack against some of their employees, but one report says a simple bribe was the tool of of corruption. One expert noticed an unsolicited password reset message preceded the partially successful takeover of an account.

  • ATM Hacks, Because That's Where the Money Is
    Crooks have acquired proprietary Diebold software to "jackpot" ATMs
    ATM maker is investigating the use of its software in black boxes used by thieves.
    Publisher: Ars Technica
    Date: 7/20/2020
    By: Dan Goodin

    What better hack than to turn ATM machines into fountains of money? Doing this through access to stolen credentials and the local network for the ATM is something that can be thwarted by normal security measures. But recent exploits have attached black boxes to the ATMs, and those boxes have run Diebold's own software. Hacking is a lot easier if you have all the APIs and libraries available on an Arduino that you can attach to the ATM! Several variants on the scheme have been reported. Diebold is glad to see that the proprietary software is not of recent vintage, a small ray of good news in a pool of theft.

  • Online: Iranian Hacking Course Materials
    Iranian state hackers caught with their pants down in intercepted videos
    IBM researchers steal 40GB of data from group targeting presidential campaigns.
    Publisher: Ars Technica
    Date: 7/17/2020
    By: Dan Goodin

    The Iranian hacker group known as ITG18 is a professional organization that trains their members in the arts of account compromise and date exfiltration. Their methods are painstaking and "meticulous", according to the people who have seen their videos. Those videos came to light when the organization uploaded them to a server. Everyone needs a way to share video, it seems. In this case, the server was known as a base for ITG18, so that upload was intercepted.

    ITG18 teaches its operatives how to comb through a compromised account (including that of an enlisted member of the US Navy) to find personal information and credentials for associated accounts and social media. They are also adept at deleting emails about suspicious account activity.

  • The Not So Very Good Privacy Shield
    US-EU Privacy Shield data sharing agreement struck down by court
    Much as in 2015, US surveillance practices and EU privacy law don't mesh well.
    Publisher: Ars Technica
    Date: 7/16/2020
    By: Kate Cox

    The EU has privacy protections for its citizens that exceed those in the US, and therein lies an IT problem. Even when a US company operating in the EU obeys those regulations, since 2016 they have been able to store personal data on servers that are physically in the US. A European court has ruled that once the data is in the US, it is subject to US surveillance that is incompatible with EU law.

    By keeping the data within EU boundaries, the data may seem to have more protections, but some experts worry that the result may weaker security. When companies spin up server farms in EU, that benefits the EU economy, but if the facilities are run by a variety of interests with a diversity of security considerations, the data might be more vulnerable to criminal or foreign government attacks.

  • Russians Interested in Hacking Vaccine Research (but why is that bad?)
    Russian state-sponsored hackers target Covid-19 vaccine researchers
    UK National Cyber Security Centre says drug firms and research groups being targeted by group known as APT29
    Publisher: The Guardian
    Date: 07/16/20

    Officials in the UK allege that a well-known Russian hacker group is targeting vaccine research companies and their employees. It is unclear why the UK is releasing this information now (presumably a state sponsored hacking group targets many thousands of people on a daily basis) or what the intent of the Russians might be. A Russian analyst suggests that any advance warning about results that might indicate the origin of the virus would have deep geopolitical implications. There is no indication that the research sites had data altered; that might slow down the research trials and delay vaccine production. [Ed. Given the importance of a vaccine to everyone in the world, why isn't all the data being openly published?].