Security Leftovers

posted by Roy Schestowitz on Oct 10, 2024

• EFF ☛ Salt Typhoon Hack Shows There's No Security Backdoor That's Only For The "Good Guys"

  According to reports, the hack took advantage of systems built by ISPs like Verizon, AT&T, and Lumen Technologies (formerly CenturyLink) to give law enforcement and intelligence agencies access to the ISPs’ user data. This gave China unprecedented access to data related to U.S. government requests to these major telecommunications companies. It’s still unclear how much communication and internet traffic, and related to whom, Salt Typhoon accessed.

  That’s right: the path for law enforcement access set up by these companies was apparently compromised and used by China-backed hackers. That path was likely created to facilitate smooth compliance with wrong-headed laws like CALEA, which require telecommunications companies to facilitate “lawful intercepts”—in other words, wiretaps and other orders by law enforcement and national security agencies. While this is a terrible outcome for user privacy, and for U.S. government intelligence and law enforcement, it is not surprising. 

  The idea that only authorized government agencies would ever use these channels for acquiring user data was always risky and flawed. We’ve seen this before: in a notorious case in 2004 and 2005, more than 100 top officials in the Greek government were illegally surveilled for a period of ten months when unknown parties broke into Greece’s “lawful access” program. In 2024, with growing numbers of sophisticated state-sponsored hacking groups operating, it’s almost inevitable that these types of damaging breaches occur. The system of special law enforcement access that was set up for the “good guys” isn’t making us safer; it’s a dangerous security flaw. 

• Integrity/Availability/Authenticity

  • TechCrunch ☛ The 30-year-old internet backdoor law that came back to bite | TechCrunch

    The wiretap systems, as mandated under a 30-year-old U.S. federal law, are some of the most sensitive in a telecom or internet provider’s network, typically granting a select few employees nearly unfettered access to information about their customers, including their internet traffic and browsing histories.

    But for the technologists who have for years sounded the alarm about the security risks of legally required backdoors, news of the compromises are the “told you so” moment they hoped would never come but knew one day would.

  • John Gruber ☛ Daring Fireball: Chinese Government Hackers Compromise 'Back Door for the Good Guys' in U.S. Communication Networks

    This incident should henceforth be the canonical example when arguing against “back doors for the good guys” in any networks or protocols. It’s not fair to say that all back doors will, with certainty, eventually be compromised, but the more sensitive and valuable the communications, the more likely it is that they will. And this one was incredibly sensitive and valuable. There are downsides to the inability of law enforcement to easily intercept end-to-end encrypted communication, but the potential downsides of back doors are far worse. Law enforcement is supposed to be hard work.

  • The Wall Street Journal ☛ Exclusive | U.S. Wiretap Systems Targeted in China-Linked Hack - WSJ

    For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter, which amounts to a major national security risk. The attackers also had access to other tranches of more generic internet traffic, they said.

• Windows TCO

  • The Register UK ☛ Trinity ransomware targets healthcare orgs

    The US Department of Health and Human Services sounded the alarm in an October 4 security advisory about the new crims on the block, first spotted in May. It also noted [PDF] that the Health Sector Cybersecurity Coordination Center (HC3) is "aware of at least one healthcare entity in the United States that has fallen victim to Trinity ransomware recently."

  • Federal News Network ☛ With costs rising, the Pentagon wants to make sure they’re not getting swindled

    Is the Pentagon getting its moneys worth with the contractors it does business with? It’s obviously an important question that many officials, elected and appointed, would like to find out. Also looking into are organizations like the Project on Government Oversight, or POGO. It’s tasked Dylan Hedtler-Gaudette, government affairs manager with POGO, to study this topic. He joined the Federal Drive with Tom Temin to share what he’s found.

  • The Verge ☛ The Internet Archive is under attack, with a breach revealing info for 31 million accounts

    Jason Scott, an archivist and software curator of The Internet Archive, said the site was experiencing a DDoS attack, posting on Mastodon that “According to their twitter, they’re doing it just to do it. Just because they can. No statement, no idea, no demands.”

  • The Register UK ☛ Internet Archive leaks user info and succumbs to DDoS

    The Internet Archive had a bad day on the infosec front, after being DDoSed and exposing user data.

    On Wednesday afternoon US time the outfit’s digital library Brewster Kahle revealed a DDoS attack had made the site unavailable. The Register understand the outage may have lasted up to five hours, during which time visitors saw only a notification of the incident.

  • The Record ☛ Marriott required to pay $52 million, beef up information security in wake of data breaches

    The Federal Trade Commission (FTC) will require Marriott International and its subsidiary Starwood Hotels & Resorts Worldwide to strengthen their information security in order to resolve charges that poor past practices led to three major data breaches.

    Those breaches, which occurred between 2014 and 2020, impacted more than 344 million customers worldwide, the FTC said in a press release.

  • The Record ☛ National cyber director warns of ransomware, Chinese infrastructure attacks and cyber supply chain concerns

    One of the top cybersecurity officials in the U.S. said Wednesday that he was especially concerned with Chinese infiltration of the country’s critical infrastructure, as well as software supply chain risks and the continued expansion of ransomware.

    Although there have been several recent disclosures about Beijing-linked hacking campaigns, National Cyber Director Harry Coker led with concerns about Volt Typhoon, a Chinese cyber operation to embed backdoors in U.S. critical infrastructure and potentially take destructive action in the event of an invasion of Taiwan.

  • The Register UK ☛ Russia-linked GoldenJackal hits air-gapped systems

    A cyberespionage APT crew named GoldenJackal hacked air-gapped PCs belonging to government and diplomatic entities at least twice using two sets of custom malware, according to researchers from antivirus vendor ESET.