_/_/_/_/ _/_/_/ _/_/_/_/ _/ _/ _/_/_/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/_/ _/_/ _/_/_/_/ _/ _/ _/ _/ _/ _/ _/ _/ _/_/_/_/ _/_/_/ _/ _/ _/ _/_/_/_/ _/ _/ ============================================================================ Newsletter of the IEEE Computer Society's TC on Security and Privacy Electronic Issue 158 November 24, 2020 Hilarie Orman, Editor Sven Dietrich, Assoc. Editor cipher-editor @ ieee-security.org cipher-assoc-editor @ ieee-security.org Sven Dietrich Yong Guan Book Review Editor Calendar Editor cipher-bookrev @ ieee-security.org cipher-cfp @ ieee-security.org ============================================================================ The newsletter is also at http://www.ieee-security.org/cipher.html Cipher is published 6 times per year Contents: * Letter from the Editor * Commentary and Opinion and News o News from the Headlines - Regional Cyber Hacking, Who Pays? - Botnets Cause Pre-election Jitters - Cyber Attacks Rattle Government Officials Before Election - Pandemic Fills Hospitals, Malware Diverts Patients - Christopher Krebs, Truth to Power o Book reviews, Conference Reports and Commentary and News items from past Cipher issues are available at the Cipher website * List of Computer Security Academic Positions, by Cynthia Irvine * Conference and Workshop Announcements o Upcoming calls-for-papers and events * Staying in Touch o Information for subscribers and contributors o Recent address changes * Links for the IEEE Computer Society TC on Security and Privacy o Becoming a member of the TC o TC Officers o TC publications for sale ==================================================================== Letter from the Editor ==================================================================== Dear Readers: The COVID-19 virus still dominates life as we know it, and this makes the news about vaccine effectiveness very welcome. Despite our familiarity and accommodation with computer viruses, we still find human viruses to be extremely disruptive. It's not just about money. When cyber malware hits healthcare providers, the results are distressing, as one of our news items demonstrates. All of this leads me to wonder if software and biology have any non-trivial similarities that could help us prevent future pandemics. The critical point is that organisms can detect "foreign" proteins. Proteins have shapes, and some shapes are just innately non-human. We can detect unusual software by using learning to define "normal" or "self" patterns. System call patterns, memory usage patterns, and other easily monitored features can help distinguish normal from foreign. But biological proteins and immune systems have evolved over the course of a billion years, their "rules" are highly variable, yet combinatorialy limited and tuned to survival. Software is more flexible, less rule-driven, and tuned only to functionality. Computers, vulnerable as they are, give us the tools to understand biology. With software, we can visualize and understand proteins, delineate and duplicate individual genes, design antibodies, and ultimately cure and prevent diseases. Perhaps biology will help us find the tools that will let us protect software and data. As we have been seeing, that kind of trust is essential to modern societies and their democratic processes. Christopher Krebs, until recently head of the Critical Infrastructure Security Agency of DHS, understands that well and is at the moment an unsung hero of this intersection of democracy and technology. Now is the winter of our discontent Lurching towards glorious summer, should COVID-19 to mRNA relent. And all the clouds that lour'd upon our world In the warming bosom of the ocean buried. (Apologies to The Bard), Hilarie Orman cipher-editor @ ieee-security.org ==================================================================== News Briefs ==================================================================== News briefs from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/NewsBriefs.html ------------------------------------------------------------------------ Regional Cyber Hacking, Who Pays? Cyber Mercenary Hackers https://www.reuters.com/article/us-blackberry-cyber-mercenary-hackers/mercenary-hacker-group-runs-rampant-in-middle-east-cybersecurity-research-shows-idUSKBN26S1XV Publisher: Reuters Date: October 7, 2020 By: Raphael Satter, Christopher Bing Summary: Researchers at Blackberry have put together digital evidence that reveals the scope of hacking-for-hire in the Middle East. It appears that one company has kept tabs on a variety of targets associated with Middle East politics. Tying the diverse clues together and tracing them back to one hacking source took a lot of work. Apps in the Apple and Google stores were associated with the hacked accounts. Those apps have since been removed. While the hacking firm itself, known as Bahamut, is interesting because it has covered such a range of activity, one cannot help but wonder who the customers are. Governments, potential insurgents, financial interests, blackmailers? Until Bahamut itself is hacked, we probably won't know. ------------------------------------------------------------------------ Botnets Cause Pre-election Jitters https://www.reuters.com/article/us-uselection-cyber-botnet/court-orders-seizure-of-ransomware-botnet-controls-as-u-s-election-nears-idUSKBN26X1G2 Court orders seizure of ransomware botnet controls as U.S. election nears Publisher: Reuters Date: October 12, 2020 By: Joseph Menn Summary: According to Microsoft, there are more than a million computers infected with Trickbot, a piece of malware that is used as a vector for installing yet more malware, particularly ransomware. Some state and local government computers in the US could be affected, and the upcoming election caused some serious concern about the potential for hacking of voter registration information or the display of election results. As a protective measure, Microsoft used copyright law to get legal permission to disrupt the command and control software in Trickbot. Symantec said that although the unwitting US sites might have been disabled, Trickbot is widespread throughout the world, and it might reinfect the US. [Ed. Although this story was widely reported during October, I did not find any follow-up stories related to Trickbot and election security.] ------------------------------------------------------------------------ Cyber Attacks Rattle Government Officials Before Election https://www.reuters.com/article/us-usa-election-cyber-louisiana-exclusiv/exclusive-national-guard-called-in-to-thwart-cyberattack-in-louisiana-weeks-before-election-idUSKBN27823F Exclusive: National Guard called in to thwart cyberattack in Louisiana weeks before election Publisher: Reuters Date: October 23, 2020 By: Christopher Bing Summary: Prior to the election, any unusual computer activity and government computers was cause for alarm. So when some government offices in Louisiana found malware on their computers, their requests for helpful were met with immediate attention. Somehow the Louisiana National Guard had resources to help. The state government noted that ransomware would be ineffective in destroying voter information because all essential data is held in copies by that state computers. Reportedly the suspect software was a remote access Trojan with some ties in its history to North Korea. The attack on the Louisiana computers might have been unrelated to the election, but with the election looming, no one wanted to take any chances. ------------------------------------------------------------------------ Pandemic Fills Hospitals, Malware Diverts Patients https://www.cnn.com/2020/10/28/politics/hospitals-targeted-ransomware-attacks/index.html Several hospitals targeted in new wave of ransomware attacks Publisher: CNN Date: October 29, 2020 By: Vivian Salama, Alex Marquardt, Lauren Mascarenhas and Zachary Cohen Summary: As if the pandemic were not bad enough, malware manages to make it worse. The healthcare industry is frequently the target of extortion, but when a hospital is unable to function due to malware, patients needing care may be the ones who suffer most. "We are experiencing the most significant cyber security threat we've ever seen in the United States," Charles Carmakal, SVP and CTO of Mandiant, said. "An Eastern European financially motivated threat actor, is deliberately targeting and disrupting U.S. hospitals, forcing them to divert patients to other healthcare providers. Patients may experience prolonged wait time to receive critical care." Chris Krebs, director of CISA in the DHS, warned health care and public health individuals to have their "shields up! Assume Ryuk is inside the house. Executives - be ready to activate business continuity and disaster recovery plans. IT sec teams - patch, MFA, check logs, make sure you have a good backup point." Ryuk is the crypto-ransomware used to target the Microsoft Windows systems of hospitals. Without external backups, there is no way to recover without payment. ------------------------------------------------------------------------ Christopher Krebs, Truth to Power https://www.theguardian.com/us-news/2020/nov/12/christopher-krebs-us-cybersecurity-official-election-misinformation-expects-fired Top US cybersecurity official reportedly says he expects to be fired Christopher Krebs leads the agency that secures voting technology, which has been pushing back on misinformation about the election Publisher: The Guardian Date: Nov. 12, 2020 By: Guardian staff and agency Summary: Chris Krebs, head of the Critical Infrastructure Security Agency in the Department of Homeland Security, who in late October issue warnings to hospitals about malware attacks, seems to have an obsession with truth. CISA had an election information center that worked hard to keep the public up-to-date about information and misinformation regarding the US presidential election. In the aftermath of the voter turnout, he gave his assessment of election security, finding that the 2020 election was the most secure one yet. Being as his statement directly contradicted the US President's online comments, he assumed his job was on the line, and let that be known. Krebs earned a great deal of respect for his role protecting elections. --------------------- ... and Out https://www.wired.com/story/trump-fires-christopher-krebs-cisa/ Firing Christopher Krebs Crosses a Line - Even for Trump The president dismissed the widely respected cybersecurity agency director Tuesday night for pushing back against election disinformation. Publisher: Wired Date: 11.17.2020 By: Garrett M. Graff Summary: Some days after Krebs announced that he expected to be fired, he indeed was dismissed from his post. A sad footnote to the waning days of the retributive Trump administration. ==================================================================== Commentary and Opinion ==================================================================== Book reviews from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/BookReviews.html, and conference reports are archived at http://www.ieee-security.org/Cipher/ConfReports.html ==================================================================== Listing of academic positions available by Cynthia Irvine ==================================================================== http://cisr.nps.edu/jobscipher.html Newly Posted, October 2020 California State University, Fresno Fresno, California USA Assistant Professor in Cyber Security URL: https://careers.fresnostate.edu/en-us/job/497954/computer-science-assistant-professor -------------- This job listing is maintained as a service to the academic community. If you have an academic position in computer security and would like to have in it included on this page, send the following information: Institution, City, State, Position title, date position announcement closes, and URL of position description to: irvine@cs.nps.navy.mil ==================================================================== Conference and Workshop Announcements ==================================================================== The complete Cipher Calls-for-Papers is located at http://www.ieee-security.org/CFP/Cipher-Call-for-Papers.html The Cipher event Calendar is at http://www.ieee-security.org/Calendar/cipher-hypercalendar.html Cipher calendar entries are announced on Twitter; follow ciphernews Requests for inclusion in the list should sent per instructions: http://www.ieee-security.org/Calendar/submitting.html ==================================================================== Information on the Technical Committee on Security and Privacy ==================================================================== ____________________________________________________________________ Information for Subscribers and Contributors ____________________________________________________________________ SUBSCRIPTIONS: Two options, each with two options: 1. To receive the full ascii CIPHER issues as e-mail, send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe". OR send a note to cipher-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) 2. To receive a short e-mail note announcing when a new issue of CIPHER is available for Web browsing send e-mail to cipher-admin@ieee-security.org (which is NOT automated) with subject line "subscribe postcard". OR send a note to cipher-postcard-request@mailman.xmission.com with the subject line "subscribe" (this IS automated - thereafter you can manage your subscription options, including unsubscribing, yourself) To remove yourself from the subscription list, send e-mail to cipher-admin@ieee-security.org with subject line "unsubscribe" or "unsubscribe postcard" or, if you have subscribed directly to the xmission.com mailing list, use your password (sent monthly) to unsubscribe per the instructions at http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher or http://mailman.xmission.com/cgi-bin/mailman/listinfo/cipher-postcard Those with access to hypertext browsers may prefer to read Cipher that way. It can be found at URL http://www.ieee-security.org/cipher.html CONTRIBUTIONS: to cipher @ ieee-security.org are invited. Cipher is a NEWSletter, not a bulletin board or forum. It has a fixed set of departments, defined by the Table of Contents. Please indicate in the subject line for which department your contribution is intended. Calendar and Calls-for-Papers entries should be sent to cipher-cfp @ ieee-security.org and they will be automatically included in both departments. To facilitate the semi-automated handling, please send either a text version of the CFP or a URL from which a text version can be easily obtained. For Calendar entries, please include a URL and/or e-mail address for the point-of-contact. For Calls for Papers, please submit a one paragraph summary. See this and past issues for examples. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. All reuses of Cipher material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using Cipher material should obtain permission from the contributors. ____________________________________________________________________ Recent Address Changes ____________________________________________________________________ Address changes from past issues of Cipher are archived at http://www.ieee-security.org/Cipher/AddressChanges.html _____________________________________________________________________ How to become <> a member of the IEEE Computer Society's TC on Security and Privacy _____________________________________________________________________ You may easily join the TC on Security & Privacy (or other TCs) by completing the on-line form at IEEE at https://www.computer.org/web/tandc/technical-committees ______________________________________________________________________ TC Conference Publications Online ______________________________________________________________________ The proceedings of previous conferences are available from the Computer Society's Digital Library. IEEE Security and Privacy Symposium IEEE Computer Security Foundations IEEE Europenan Security and Privacy Symposium From 2012 onward, these are available without charge from the digital library 12 months after the conference. ____________________________________________________________________________ TC Officers and SP Steering Committee ____________________________________________________________________________ Chair: Security and Privacy Symposium Chair Emeritus: Ulfar Erlingsson Gabriela Ciocarlie Manager, Security Research SRI International Google oakland20-chair@ieee-security.org tcchair at ieee-security.org Vice Chair: Treasurer: Brian Parno Yong Guan Department of Electrical and Computer Engineering Iowa State University, Ames, IA 50011 treasurer@ieee-security.org Newsletter Editor Security and Privacy Symposium, 2020 Chair: Hilarie Orman Alvaro Cardenas Purple Streak, Inc. University of California, Santa Cruz 500 S. Maple Dr. sp21-chair@ieee-security.org Woodland Hills, UT 84653 cipher-editor@ieee-security.org TC Awards Chair EJ Jung UCSF ejun2 @ usfca.edu https://www.usfca.edu/faculty/eunjin-ej-jung ____________________________________________________________________________ BACK ISSUES: Cipher is archived at: http://www.ieee-security.org/cipher.html Cipher is published 6 times per year