Tech News

Russian hackers are inside US utility networks

July 24, 2018 — by Engadget.com0


Russian hackers infiltrated the control rooms of US utility companies last year, reaching a point where they “could have thrown switches,” The Wall Street Journal reports. The paper cites officials from the Department of Homeland Security (DHS) confirming that the hackers — from a state-sponsored group previously known as Dragonfly or Energetic Bear — gained access to allegedly secure networks, where they could have caused blackouts.

According to the DHS, the long-running Russian campaign has affected “hundreds of victims,” and some companies may not even know they’ve been compromised as the attacks relied on the credentials of actual employees, making intrusions harder to identify. The attack is believed to have surfaced in spring 2016 and could still be continuing.

However, while the potential consequences of these attacks are serious, some experts maintain that the tangible risks are no greater than they were before these fresh attacks came to light. After a similar hacking revelation last year, CEO of cybersecurity firm Dragos Robert M. Lee wrote that “Our adversaries are at the starting point of their journey to cause significant disruption to our power grid, not the finish line.”

Following the most recent news of Russian interference, Lee took to Twitter to reiterate that while the warnings of threats are important, much of the language used in reporting them is “not helpful and often misleading.” He noted that cyber threats to industrial infrastructure are getting more aggressive, but urged people not to “hype up” the issue, adding that “It’s bad enough without added fear.”

The warnings of the threats are extremely important as they are becoming more frequent. But much of the language in these articles is not helpful and often misleading

— Robert M. Lee (@RobertMLee) July 24, 2018

As an example this article, and many like it, use subtle word choices like noting that penetrating the control centers was “easy” and that it was “hundreds of victims” but not necessarily hundreds of control centers which is what they’re referring to when discussing “black outs”

— Robert M. Lee (@RobertMLee) July 24, 2018

Then there’s the almost mocking note that supposedly these networks were supposed to be air gapped; except no one serious in the discussion considers control centers for electric grid functionality air gapped. It’s subtle but positions that this is a shock but it’s not

— Robert M. Lee (@RobertMLee) July 24, 2018

And language such as “throwing switches” and noting it would cause “black outs” is in no way representative of what was seen in these intrusions. In these cases the adversary was taking screenshots of HMIs.

— Robert M. Lee (@RobertMLee) July 24, 2018

So in short, please take cyber threats to industrial infrastructure serious. They are getting far more aggressive and numerous. But let’s not use word choices that mislead and hype up the

Tech News

Fundraiser to reunite immigrant families is largest in Facebook history

June 20, 2018 — by Engadget.com0

Getty Images

In the last six weeks, the Trump administration’s strategy to separate children while criminally prosecuting parents for attempting to cross the southern US border illegally has led the government to take almost 2,000 youth from their families to camps and foster homes across the country. This has ignited a furor over the last week, and people have voted with their wallets. A Facebook fundraiser dedicated to reuniting these families is the largest in the social media platform’s history and has raised $10.5 million to date since launching on June 16th.

The campaign was created by Bay Area couple Charlotte and Dave WIllner to benefit the Texas-based nonprofit Refugee and Immigrant Center for Education and Legal Services (RAICES), which provides low-cost legal services, advocacy and support to families in the state. The couple had seen the now-infamous photo of a crying toddler at the border and set a fundraising goal of $1,500 with donation matching by private donors, but over 250,000 individuals have donated 6,800 times that amount in the past five days.

RAICES will use the funds to legally represent immigrant families and paying parents’ bond so they can be released from detention centers and recover their children, according to The New York Times. The organization has around 50 lawyers on staff and will hire and train more who are willing to travel and assist.

Despite Trump’s insistence over the last week that Congress needed to fix this crisis created by his administrative policies, not preexisting law, he announced an executive order today that would stop family separation at the US-Mexico border. The Presidential action, reportedly drafted by embattled DHS secretary Kirstjen Nieseln, would allow families to be housed together while the adults are detained or prosecuted for entering the country illegally. According to CNBC, he told press at a White House event today that “I’ll be doing something that’s somewhat preemptive and ultimately will be matched by legislation I’m sure.”

Tech News

US government finds new malware from North Korea

June 15, 2018 — by Engadget.com0

A sample of the “Wannacry” ransomware. EFE

Even though Donald Trump is on good terms with North Korea, the Department of Homeland Security is still following that country’s ongoing cyberattack campaign (which it’s dubbed “Hidden Cobra”). Now CNN reports there’s a new variant of North Korean malware to look out for: Typeframe. In a report released yesterday, the DHS says it’s able to download and install additional malware, proxies and trojans; modify firewalls; and connect to servers for additional instructions. These are attacks we’ve seen in plenty of malware variants, Typeframe is just the latest addition.

Since last May, the DHS has issued a slew of alerts and reports about North Korea’s malicious cyber activity. The department also pointed out that North Korea has been hacking countries around the world since 2009. And of course, don’t forget that the US also labeled that country as the source of Wannacry cyberattack, which notably held data from the UK’s National Health Service hostage, and wreaked havoc across Russia and Ukraine.

Tech News

FCC shrugs at fake cell towers around the White House

June 8, 2018 — by Engadget.com0

Turns out, Ajit Pai was serious last year when he told lawmakers that the FCC didn’t want anything to do with cybersecurity.

This past April the Associated Press reported “For the first time, the U.S. government has publicly acknowledged the existence in Washington of what appear to be rogue devices that foreign spies and criminals could be using to track individual cellphones and intercept calls and messages.”

But when lawmakers formally asked Ajit Pai and the FCC to investigate the DHS confirmation of unauthorized cell towers in use, Pai gave them the brush off — leading to a big WTF on the Energy & Commerce Democrats’ official Twitter account.

Today’s insane news brought to you by @AjitPaiFCC who JUST declined to investigate reports of foreign surveillance citing lack of evidence the SAME day @DHSgov confirms surveillance devices were detected near the White House.

— Energy & Commerce Dems (@EnergyCommerce) June 1, 2018

When reached for comment, Brian Hart Director, Office of Media Relations Federal Communications Commission, disputed the tweet’s choice of language and added a twist: That the FCC won’t talk about this in public. Hart told Engadget via email:

One of the FCC’s core missions is to ensure the reliability and resiliency of the nation’s communications network and to promote public safety through communications. We continue to coordinate closely with our counterparts at DHS, DOJ, and the FBI on this issue, and we have not said that we have declined to investigate.

Rather, we have said that if we have particularized evidence that certain devices are being unlawfully used within the United States, we will investigate the matter alongside our federal partners and take all appropriate enforcement actions. But we cannot disclose publicly what evidence we may or may not have on this subject.

Unlike Hart’s statement to Engadget, Pai’s letter asserted “The Department of Homeland Security has taken the lead in assessing the potential threat from certain uses of cell-site simulators.”

Maybe Pai wasn’t up to speed on the fact that the DHS had already passed this problem off to other agencies, saying they aren’t able to investigate it. And as we pointed out last year, the DHS is an organization with no regulatory authority over the commercial communications sector. This is what the FCC was created for.

The DHS initially found evidence of cell phone spying near the White House last year, right around the time Pai was shrugging off cybersecurity. It discovered several fake cell phone towers (also called ISMI catchers, or Stingrays) intercepting calls and ran an 11-month investigation, emerging with serious concerns. This was all explained last month in a letter from the DHS to Sen. Ron Wyden, D-Oregon.

Wyden, in turn, kind of flipped his lid. As well he should. Fake cell towers trick mobile phones into thinking they’re connecting with legitimate carriers. This can allow whoever is running the interceptor to do any number of things,