As 2020 approaches In conclusion, it may be fitting that the US government and the private sector are both scrambling to grasp and mitigate the fallout from a massive wave of hacking largely attributed to Russia. There will be more news to come on the SolarWinds supply chain attack and other possible elements of the broad campaign, but in the meantime officials, security practitioners and researchers are all questioning where to draw the line on global espionage and how to deter hacking destructive and otherwise unacceptable.
To understand where things stand today, it is important to look back as the Trump administration approaches cybersecurity policy, its merits (some of them accidental) and shortcomings. Read President-elect Joe Biden’s first substantive commentary below on how his administration can tackle the increasingly crucial, but delicate, question of how to enforce effective global standards in cyberspace.
And there’s more. Every Saturday, we bring together the security and privacy stories that we haven’t exposed or reported in depth but you should know about. Click on the headlines to read them and stay safe there!
Tuesday, Europol, the US Department of Justice and other international law enforcement agencies announced a coordinated attack on a virtual private network, Safe-Inet, which is popular with ransomware groups, harpooners and data vendors stolen. The effort involved seizing three domains used to distribute the VPN –safe-inet.com, safe-inet.net, and insorg.org – and sterilizing other parts of its infrastructure, so that users cannot not access the service and site visitors simply see law enforcement notifications of their deletion. Officials did not provide details of which hacking groups using the VPN, but said it specializes in ‘bulletproof’ protection, meaning the VPN was designed to support uninterrupted criminal campaigns. and ignore or attempt to disseminate complaints of abuse and even requests from law enforcement. “Criminals can run, but they cannot hide from law enforcement, and we will continue to work tirelessly with our partners to outsmart them,” said Edvardas Šileris, director of the European Cybercrime Center of ‘Europol, in a statement.
New research from the Citizen Lab at the Munk School of Global Affairs and Public Policy at the University of Toronto indicates that suspected hackers from the government of Saudi Arabia and the United Arab Emirates have compromised the personal smartphones of 36 Al Jazeera journalists and one of Al Araby Television. The targeted campaign used a no-interaction or “zero-click” iPhone exploit for the initial attack, a hacking technique that is particularly dangerous because it does not require any contribution from the target and is therefore difficult to defend. The hackers then used notorious spyware from NSO Group, known as Pegasus, to compromise and deeply monitor the data and digital activity of victims. The exploit chain, dubbed Kismet, affected iOS 13.5.1 and iPhone 11, which was in effect at the time of the attacks, as well as other versions of iOS and iPhone. This is not believed to have an impact on iOS 14.
The Department of Homeland Security and the Federal Bureau of Investigation linked a website called “Enemies of the People” with Iranian actors. The site contained information such as the alleged addresses of state and federal election officials, including FBI Director Christopher Wray and manufacturers of voting equipment. The aim was to promote accusations that these individuals caused the loss of President Donald Trump in the recent US presidential election. The website is no longer accessible, but it once included photos of the targets shown overlaid with bull’s eyes. Although Russian actors have been back in the news lately, Iranian hackers have been active throughout 2020 and have particular attention on the season of the US presidential campaign.
President-elect Joe Biden on Tuesday gave the first clues as to how his administration might tackle cybersecurity and digital espionage issues. During a speech in Wilmington, Delaware, Biden criticized the Trump administration for hesitating to make a public attribution about the perpetrators of the SolarWinds supply chain attack. He also said the Defense Department had limited the briefings Biden’s transition team receives on the situation, “so I don’t know anything that suggests it’s under control.” Biden added, “Cyber attacks must be treated as a serious threat by our leadership at the highest level. This means clarifying… who is responsible for the attack and taking meaningful action to hold them to account. The new president also said his administration will work to establish “international rules of the road for cybersecurity.”
More WIRED stories