IEEE Cipher --- Items from security-related news (E170)







  • Russians Target US State Websites
    Russian-speaking hackers knock US state government websites offline
    Publisher: CNN
    Date: Wed October 5, 2022
    By: Sean Lyngaas

    Summary:
    In the month preceding the US midterm elections, a few state government websites temporarily disabled by hacks from a Russian hacktivist group. Though the attacks did not seem directly related to the elections, they did interfere with access to information intended to help voters. Some states reported that they might have been targets of intended attacks that did not succeed in disabling access.


  • Stories About Election Software: Deniers Con a DA?
    • Part 1: the Arrest
      Head of Election Worker Management Company Arrested in Connection with Theft of Personal Data
      Publisher: Los Angeles County District Attorney, Media Relations Division
      Date: October 4, 2022

      Summary:
      The LA DA had the founder of a small software company in Michigan arrested. At issue was the software, used by LA County, for keeping track of election poll workers. Under the terms of the contract, the data had to be kept only on servers based in the US. LA County said it was shared with servers in China. The founder of the company was born in China.


    • Part 2: The Story Takes Wing
      FBI, CISA Say Malicious Cyber Activity Unlikely to Disrupt Election
      Publisher: SecurityWeek
      Date: October 06, 2022
      By: Eduard Kovacs

      Summary:

      This story reassures voters that although foreign actors were attempting to attack the periphery election systems, they would not be able to disrupt actual voting or tabulating. The article mentions the arrest of the Michigan man and the suspected ties to China.


    • Part 3: You've Been Played
      The strange twists and turns of an alleged election conspiracy
      Publisher: The Washington Post
      Date: October 26, 2022, Updated November 10, 2022
      Analysis by: Glenn Kessler

      Summary:
      The story gets murkier and murkier. The claims about sharing data with the Chinese government originated not from an investigation by LA County but by an organization called "True the Vote" based in Texas. They supplied the information that LA County used to issue and arrest warrant for a Michigan man. But were the claims true, and were they based on legally obtained information? Those questions were raised in federal court in Texas. The WP analyst says, "The outcome of this complex case may not be clear for some time. But it indicates how election deniers have begun to gain a foothold within the legal system to advance their claims."


  • Exchange Becomes a Generator
    Binance-linked blockchain hit by $570 million crypto hack
    Publisher: Reuters
    Date: October 7, 2022
    By: Elizabeth Howcroft

    Summary:
    As cryptocurrencies seek mainstream usage, the expansion seem to regularly run afoul of computer security issues. In this case, a blockchain meant to serve as a transfer hub between different applications turned into a firehouse shooting out 2 million "illicit" coins for a larcenous user. Apparently the user got away with $100M before the activity was detected and stopped. In order to recover most of the coins, the BNB Chain had to ask its "validators" to back up and eliminate most of the coin transactions. The people behind the BNB "ecosystem" said they were implementing more checks to detect and stop the hack. They also intend to expand their community of 44 validators.

    The BNB Chain is said to be "linked to" the cryptocurrency exchange Binance. Binance recently declined to take over the battered and now collapsed rival FTX.


  • Don't Worry, God is My Sysadmin
    LDS Church discloses March computer breach affecting member data
    Publisher: Utah Daily Herald
    Date: Oct 17, 2022
    By: Genelle Pugmire

    Summary:
    The LDS church announced that it was working with US federal law enforcement authorities to investigate some kind of breach into its database of church members, employees, contractors, and "friends". Some kind of illicit access may have been gained by hacking an online account. No financial information was leaked by this. The church is asking for information from the public that might help the investigation.


  • Repurposing Old Satellites for Fun and Broadcast
    An old satellite was hacked to broadcast signals across North America
    The demonstration reveals the vulnerability of decommissioned, but not dead, satellites.
    Publisher: Freethink Date: April 14, 2022
    By: B. David Zarley

    Summary:
    A couple of years ago the US Air Force decided to see what hackers could do with a satellite that was not longer in use but still had accessible features for broadcast. They gave DEFCON hackers permission to try their skills out with the equipment. Reports this spring show that they were successful and were able to broadcast signals across a wide area of Canada and the northern US. Are these old satellites, which have little or nothing in the way of access control, a point of vulnerability for national security? Or an opportunity for open access broadcast of a new and democratic kind?

    Earlier articles about this hack:


  • You Can Encrypt, but You Can't Hide: Tearing Off the Cryptocurrency Veil
    The Hunt for the Dark Web's Biggest Kingpin, Part 1: The Shadow
    The notorious Alpha02 oversaw millions of dollars a day in online narcotic sales. For cybercrime detectives, he was public enemy number one - and a total mystery.
    By: Andy Greenberg
    Date: Oct 25, 2022
    Publisher: Wired

    Summary:
    Anonymity is a theoretical concept for computer science, but it is also something sought by the humans behind online entities. The science tells us that anonymity for cryptocurrency is based on statistical evidence, but how do you know that your data is below that statistically significant limit? And what about that email message you sent to an online forum 20 years ago? Surely it's long lost, no way it could be connected to you now? And besides, it would take an army of computer science PhDs to unravel those tiny online footprints, wouldn't it?

    The real story of how some very persistent FBI agents wore away the anonymity of a skilled, online crime kingpin is fascinating reading. Wired magazine has been publishing it as an online weekly series, and it is captivating reading for real life crime junkies or doctoral researchers in security and privacy.

    Andy Greenberg is a senior writer for WIRED, covering security, privacy, and information freedom. This story is excerpted from Greenberg's forthcoming book Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency, available November 15, 2022, from Doubleday. Courtesy of Penguin Random House
  • IBM has hundreds of qubits, ho-hum, but Wait Until Next Year
    IBM launches its most powerful quantum computer with 433 qubits
    Date: November 9, 2022
    Publisher: Reuters
    By: Jane Lanhee Lee

    Summary:
    IBM issued a brief press release noting that it had launched a new quantum computer with 433 qubits. This is 3 times as many qubits as their previous version which debuted last year. There will not be another version of this design as IBM expects that it will have a new, modular design next year, and that will scale to many thousands of qubits.

    IBM has announced a plethora of wonderful features for the next generation chip. One of the most interesting is the ability to run classical computing in between quantum operations. Presumably this enables a hybrid computation model that interleaves classical and quantum computing in some way that does not destroy the quantum state. The future architectures for quantum computing are slowly taking shape, as if through a photon pair, darkly.