July | 2020 | The IT Nerd

Archive for July, 2020

Russian Hacker Group Accused Of Targeting COVID-19 Vaccine Research In Canada, U.S. and U.K

Posted in Commentary with tags Darktrace, hack, Russia on July 16, 2020 by itnerd

Given the times that we live in, a vaccine is the top thing the planet must do in terms of getting the planet out of the COVID-19 pandemic. So it doesn’t exactly come as a shock that research into a vaccine is a target for hackers that belong to nation states. Case in point is the news that Russian hackers have targeted COVID-19 research:

A hacker group “almost certainly” backed by Russia has tried to steal COVID-19-related vaccine research in Canada, the U.K. and the U.S., according to intelligence agencies in all three countries.

The Communications Security Establishment (CSE), responsible for Canada’s foreign signals intelligence, said APT29 — also known as Cozy Bear and the Dukes — is behind the malicious activity.

The group was accused of hacking the Democratic National Committee before the 2016 U.S. election.

The group “almost certainly operates as part of Russian intelligence services,” the CSE said in a statement released Thursday morning in co-ordination with its international counterparts — an allegation the Kremlin immediately denied.

No shock that the Kremlin denies this as I am sure that nation sates don’t want to be associated with the activities of the hacker groups that they covertly sponsor as it gives them plausible deniability. This is important because Russia has a history of stealing intellectual property. David Masson, Director of Enterprise Security, Darktrace goes into more details about that:

The Soviet Union, and now its successor Russia, has a long and established history of stealing other countries’ intellectual property in order to satisfy national interests. In this instance, we are being warned about an APT (APT 29) linked to the Russian Intelligence Services using cyber-attacks to obtain information on COVID-19 research from medical organizations around the world. Given the recent warning from the US/UK and Canada combined, we can consider that these three countries have been victims of such attacks.

Russia is also facing the effects of this global pandemic and will be seeking “help” in order to deal with it now and in the future. Trying to gain an advantage in the fight against COVID-19 could well lead to theft of research from around the world in order to avoid otherwise necessary investment in time, money and effort (which may not be available). In the modern era, cyber-attacks have proven to be a very cost-effective way of obtaining information that may well be very difficult to get ahold of by other means. Currently the crown jewels in the COVID-19 fight will be a vaccine, so information and research on this subject are extremely valuable.

Medical research organisations, especially those working in academia often operate in a climate of trust and collaboration and will be seen as easy targets by groups such as APT29 who will exploit this. We can expect further attacks and further warnings as the pandemic wears on.

Leave a comment »

Ubisoft Unveiles A New Collegiate Esports League In Partnership With Tom Clancy’s Rainbow Six Siege

Posted in Commentary with tags Ubisoft on July 16, 2020 by itnerd

Today, Ubisoft announced Ubisoft Collegiate Esports, their first ever proprietary collegiate esports league, premiering with Tom Clancy’s Rainbow Six^® Siege, that will kick off in July 2020. The new league will launch in partnership with FACEIT, the world’s leading platform for competitive online gaming, who will operate the program as part of the new North American ecosystem. CORSAIR will serve as the premiere sponsor of the league. Additional sponsors include Origin PC, a subsidiary of CORSAIR.

The program will feature a user-friendly online platform allowing registered school clubs (no online schools) to register themselves and begin competing in a variety of local and cross-continent programs.

Clubs must consist of registered, full-time students and will be able to:

Host intramural matches
Host viewing parties and live events
Manage club members and their teams
Manage matches and results
Request prizing

In addition to the online platform, schools will be eligible to nominate one team (per school) to participate in the Rainbow Six Collegiate championship – our premier league for Rainbow Six. All contending schools will face off for a chance to earn a $30K prize pool and additional hardware prizes, including a cutting-edge Origin PC and CORSAIR peripherals. The pre-season will begin in October 2020, while the full season will begin in January 2021.

Ubisoft is taking exceptional pride in being able to offer unique esports programs to players of all skill levels. The collegiate program is our chance to get involved with the college community and build a program that focuses on professionalism, fair play, and community growth.

Please visit r6collegiate.faceit.com for more details on Ubisoft Collegiate Esports.

To learn more about Tom Clancy’s Rainbow Six Siege, please visit https://rainbow6.ubisoft.com/

Leave a comment »

A Follow Up On Citizen Care Pod Corp

Posted in Commentary with tags Citizen Care Pod on July 16, 2020 by itnerd

Following up on my Citizen Care Pod Corp coverage that I did yesterday, I wanted to share some additional details. The development of these mobile testing pods is the result of teamwork between industry leaders including Dell Technologies Titanium Black Partner Insight Enterprises.

Additional information can be found here about how Dell Technologies is working with healthcare providers to deliver health IT solutions that bring positive change to patients, care providers and the community as a whole.

Leave a comment »

The Epic Twitter Hack Was Caused By Social Engineering

Posted in Commentary on July 16, 2020 by itnerd

I’ll give Twitter points for coming clean on what happened yesterday when it comes to the fact that verified Twitter accounts were taken over to promote cryptocurrency scams. But I am not sure if it will make anyone feel better. But let’s start with what actually happened. Twitter posted a series of Tweets describing how this epic hack took place:

We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
— Support (@Support) July 16, 2020

Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.
— Support (@Support) July 16, 2020

We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.
— Support (@Support) July 16, 2020

This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.
— Support (@Support) July 16, 2020

Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.
— Support (@Support) July 16, 2020

So in short, they got pwned not because of a bug in Twitter, but because of a social engineering attack. Which once again proves that the weakest link in terms of IT security are the humans. And companies need to do training an put countermeasures in place to make sure that they don’t become the next victim of something like this. Or worse.

Besides the above, you have to ask what else did these hackers get access to. Twitter doesn’t know which is why they are still investigating. And I hope for their sake that their investigation is comprehensive as I wouldn’t want these miscreants floating around my network to cause trouble at a later date. So consider this story to be far from over. Something that Max Heinemeyer, Director of Threat Hunting, Darktrace agrees with:

This attack is unprecedented in both its targets and the serious level of widespread access. There is strong evidence to suggest that the attackers gained access into Twitter’s back-end systems, theoretically granting them access to any twitter account – even that of a US president.

Despite this level of access, we cannot assume this is the work of a nation state: many cyber-criminals today have access to tools and techniques once reserved for state-sponsored attacks. The hack used automation, was well-organised, and targeted selected accounts for maximum impact. The money is already being moved from the initial Bitcoin wallet to make tracking harder.

These perpetrators may be financially motivated and conducting a smash-and-grab attack, but that does not mean the damage done ends with the Bitcoin scam. While Twitter put all hands-on-deck to deal with prominent individuals’ accounts, it is unclear what other nefarious activities the attackers have done behind the scenes – e.g. stealing direct messages between high-profile individuals to use them later for extortion or other crime.

In the run up to the US presidential election we can expect to see assaults of this kind become the ‘new normal’. The story is far from over.

Leave a comment »

Belkin WEMO Users Complain About An Outage Which Has Been Going On For At Least Two Days…. But There Is A Fix

Posted in Commentary on July 16, 2020 by itnerd

If Belkin didn’t have enough issues when it comes to blowback related to the termination of the back end services of their WEMO NetCams, they have something new to deal with that is upsetting customers. Users of Belkin WeMo smart home products such as their smart plugs have been complaining about an outage that started a couple of days ago which leaves them unable to control their smart home gear. The issue was brought to my attention by a reader of this blog who tried reaching out to Belkin for help, but apparently whatever help she received was anything but helpful. Since I had a couple of pieces of WEMO gear lying around, specifically a pair of smart plugs, I pulled them out to test this. The were able to connect to my home WiFi network just fine. But when I tried to control them from the WEMO app on my iPhone, I got this:

And I appear not to be the only one who has this issue. And some of these people are not happy:

@WEMOcares Hi, I’m unable to access my WEMO smart devices. There is an error message in the app. My internet connection is working fine. What’s going on and how can I get my devices back online?
— Mark (@marker020) July 16, 2020

@WEMOcares @WEMO 24hrs now and your servers are not responding. Lots of people reporting the same issue. No regular trouble shooting works. What’s going on??
— 💜 FGG (@FrenchgirlGamin) July 16, 2020

https://twitter.com/RenovatioLucis/status/1283664260967526412

These people have a point. If you look at the troubleshooting that Belkin’s @WEMOCares Twitter account is doing, it’s not effective and amounts to “have you turned it off and on?” Here’s an example from today:

Hi Peter. Our Engineers did a Wemo Cloud Server maintenance, but things should be back to normal now. Try rebooting the Wemo devices and restarting your handheld device and check if there’s any difference.
— WEMOCares (@WEMOcares) July 16, 2020

Take it from me, doing either of those things won’t make a difference. And I don’t understand why this is being suggested as a course of action because what appears to actually make a difference is the creation of a WEMO account to control whatever smart home gear that you have from the company. A tweet from @WEMOCares highlights this:

Thanks for confirming. We truly understand where you're coming from too. Please know that all Wemo users will eventually need a Wemo Account to securely control your devices. You may refer to this link for more details https://t.co/StF1Qlinx4.

DM us for other concerns.
— WEMOCares (@WEMOcares) July 16, 2020

Some history for you. In the last couple of weeks, Belkin pushed out a new version of their WEMO app that gave you the ability to create a WEMO account to “secure” your smart home devices. The creation of an account at the time that the app was pushed out was something that was optional. But it now appears to be a requirement as clearly Belkin did something on their back end to make it a requirement in the last few days. That’s pretty poor communication on the part of Belkin as in the above case, the customer told @WEMOCares what the solution was rather than the other way around. Which is not how the universe should work. And that lack of communication means that customers not only suffer for no reason, but it leaves them with a pretty bad impression of Belkin and their smart home gear.

So if you have this issue, I would recommend creating a WEMO account via the WEMO app to see if that fixes this issue. Chances are that it will as it resolved this issue for me when I tested this on behalf of the person who reached out to me. And it worked for the person in question when they tried it. Though having this advice come from a third party like me rather than Belkin itself really reflects poorly on Belkin. And Belkin may wish to do something about that because this is the sort of thing that won’t help them to sell smart home gear or much of anything else that they make.

1 Comment »

BREAKING: Several High Profile Twitter Accounts Have Been Hijacked To Tweet Bitcoin Scams

Posted in Commentary with tags Hacked, Twitter on July 15, 2020 by itnerd

Happening now is the apparent hijacking of numerous high profile Twitter accounts to promote Bitcoin scams including Apple’s Twitter account as well as the Twitter accounts of Tesla CEO Elon Musk, Amazon CEO Jeff Bezos, Microsoft CEO Bill Gates, and others. Given the number of high profile accounts that have been breached, the hack may have originated from a Twitter security vulnerability or a security vulnerability of an app that speaks to Twitter like TweetDeck or Hootsuite or something of that sort. But that isn’t clear at present. But here is what is known at present:

It’s not immediately known how the account hacks took place. Security researchers, however, found that the attackers had fully taken over the victims’ accounts, and also changed the email address associated with the account to make it harder for the real user to regain access.

This is serious and it appears that Twitter is investigating and we should have more details soon. But this is likely a good reminder that you need to make sure that your Twitter accounts are secure so that you don’t become a victim of something like this. Twitter itself has some tips on this.

UPDATE: The list of people who have been pwned is growing:

pic.twitter.com/rcQvTKvbop
— Cameron Rad (@cameronrad) July 15, 2020

UPDATE #2: Twitter has taken the step of stopping anyone with a verified account from tweeting:

You may be unable to Tweet or reset your password while we review and address this incident.
— Support (@Support) July 15, 2020

I think this points towards a hack of Twitter at this point. Though I am open to hear alternative explanations for this incident.

UPDATE #3: Most verified Twitter accounts are now once again able to tweet. Twitter is still working on fully fixing the issue:

Most accounts should be able to Tweet again. As we continue working on a fix, this functionality may come and go. We're working to get things back to normal as quickly as possible.
— Support (@Support) July 16, 2020

UPDATE #4: Jack Dorsey who is Twitter’s CEO has commented….. Via Twitter:

Tough day for us at Twitter. We all feel terrible this happened.

We’re diagnosing and will share everything we can when we have a more complete understanding of exactly what happened.

💙 to our teammates working hard to make this right.
— jack (@jack) July 16, 2020

This pretty much confirms that Twitter got pwned.

3 Comments »

Report: Trump Gave The CIA More Power To Launch Cyberattacks

Posted in Commentary with tags USA on July 15, 2020 by itnerd

The Central Intelligence Agency has conducted a series of covert cyber operations against Iran and other targets since winning a secret victory in 2018 when President Trump signed what amounts to a sweeping authorization for such activities, Yahoo News reported, citing former U.S. officials with direct knowledge of the matter:

The secret authorization, known as a presidential finding, gives the spy agency more freedom in both the kinds of operations it conducts and who it targets, undoing many restrictions that had been in place under prior administrations. The finding allows the CIA to more easily authorize its own covert cyber operations, rather than requiring the agency to get approval from the White House. Unlike previous presidential findings that have focused on a specific foreign policy objective or outcome — such as preventing Iran from becoming a nuclear power — this directive, driven by the National Security Council and crafted by the CIA, focuses more broadly on a capability: covert action in cyberspace.

The “very aggressive” finding “gave the agency very specific authorities to really take the fight offensively to a handful of adversarial countries,” said a former U.S. government official. These countries include Russia, China, Iran and North Korea — which are mentioned directly in the document — but the finding potentially applies to others as well, according to another former official. “The White House wanted a vehicle to strike back,” said the second former official. “And this was the way to do it.” The CIA’s new powers are not about hacking to collect intelligence. Instead, they open the way for the agency to launch offensive cyber operations with the aim of producing disruption — like cutting off electricity or compromising an intelligence operation by dumping documents online — as well as destruction, similar to the U.S.-Israeli 2009 Stuxnet attack, which destroyed centrifuges that Iran used to enrich uranium gas for its nuclear program.

Assuming that this is accurate, I am not sure that this was a good idea. Having checks and balances to ensure that this is an option that is only used if it is truly required would likely mean that these are targeted operations by the US with a limited scope and a low chance that the target will retaliate. But now that this is out there, countries with the ability to launch these sorts of cyberattacks will likely feel that they have the green light to retaliate. Or launch larger scale cyberattacks of their own with potentially devastating effects. That has the potential to create all sorts of chaos. And it may come back to haunt the US at some point.

Leave a comment »

Huawei And Other Chinese Tech Employees Banned From Entering The US

Posted in Commentary with tags Huawei on July 15, 2020 by itnerd

From the “stay out of the US” department comes news that Secretary of State Mike Pompeo on Wednesday has announced visa restrictions on employees of Chinese technology companies, including Huawei, in the latest Trump administration move against Beijing. Here’s what CNN had to say:

The US “will impose visa restrictions on certain employees … of Chinese technology companies like Huawei that provide material support to regimes engaging in human rights violations and abuses globally,” Pompeo told reporters at a State Department press briefing. The top US did not elaborate on which employees would be targeted or how many people would be affected. Pompeo’s announcement comes a day after President Donald Trump announced he would sign a bill and an executive order punishing China for steps that are widely seen as an attempt to crush democratic freedoms in Hong Kong, and railed at China for “unleashing … upon the world” the global coronavirus pandemic. In an interview with The Hill later Wednesday, Pompeo added that the US is looking at limits on other Chinese tech companies as well.

This is likely retaliation for the Chinese government banning a bunch of US Senators because they were critical of China. Clearly things between the US and China are escalating. And I think it’s safe to say that we’re going to see a lot more of this over the next few days.

Leave a comment »

Guest Post: TikTok Ban? Companies, Agencies Do Not Have Secure Data If Chinese App Allowed on Company, Personal Phones Says IAITAM

Posted in Commentary with tags IAITAM on July 15, 2020 by itnerd

The nation of India, the U.S. military, and banking giant Wells Fargo already have either banned TikTok app use altogether or at least on company mobile devices. Should your organization follow suit and prohibit the popular app TikTok on company and even personal phones? Today, the International Association of IT Asset Managers (IAITAM) warned that allowing employees to use TikTok on any devices (including personal cell phones and tablets in a work-from-home context) with direct access to corporate data is “not consistent with maintaining data integrity.”

The TikTok app is taking the world by storm, with controversy brewing over whether the app’s open-ended permissions pose security risks for corporations, government agencies and other organizations particularly during a time when many employees are still working from home (WFH) due to COVID-19.

Concerns about the Chinese-owned TikTok are reminiscent of earlier security worries about Fitbit and Pokémon Go. In 2016, IAITAM called on corporations to ban the installation and use of Pokémon Go on both corporate-owned, business-only (COBO) phones/tablets and “bring your own device” (BYOD) phones/tablets with direct access to sensitive corporate information and accounts. In 2019, IAITAM advocated against Microsoft’s policy decision to let end-users buy some of their own apps and licenses through Office 365, bringing up concerns over how businesses would track IT assets to ensure compliance. Due to such criticism, the technology giant reversed its decision.

The TikTok app has been found gathering data that includes the user’s clipboard history, location and GPS data, much like the Fitbit security breaches that the Department of Defense experienced in 2018, where fitness trackers used location data to map military bases while soldiers exercised.

Dr. Barbara Rembiesa, president and CEO of IAITAM, said: “The TikTok app unnecessarily endangers data in a way that any government agency or corporation should be concerned about. Combine that with the blending of corporate and personal assets due to work-from-home conditions for employees and you have a perfect storm for sensitive data to be placed into the wrong hands. As things stand today, allowing TikTok in or near your organization’s environment is not consistent with maintaining data integrity.”

Rembiesa continued: “Acceptable data risk needs to be ascertained prior to downloading software and such software should be managed by an IT asset manager. The risk posed by the data permissions of TikTok does not meet data security best practices. Diligence and education on ITAM procedures are essential for businesses to implement smart digital policies and mitigate security risks.”

Since March, IAITAM has been at the forefront of work-from-home data concerns during the COVID-19 pandemic, issuing multiple warnings on “nightmare data risks”, tech headaches and challenges associated with transitioning to work from home.

Following ITAM best practices is a roadmap for organizations to protect and get the most out of their IT assets. IAITAM offers courses and training opportunities throughout the year for agencies and businesses seeking to strengthen their cybersecurity and IT asset management.

1 Comment »

HP Introduces A New Global Partner Program

Posted in Commentary with tags HP on July 15, 2020 by itnerd

Today, HP Inc. unveiled HP Amplify, a first-of-its kind global channel partner program optimized to drive dynamic partner growth and deliver consistent end customer experiences. Built on a single, integrated structure, HP Amplify provides the insights, capabilities and collaboration tools needed to drive growth as digital transformation and customer purchasing behaviors continue to evolve. The new program goes into effect November 1, 2020 for commercial partners with retail partners slated to transition in the second half of 2021.

By consolidating HP’s best partner products, tools and trainings into one intuitive program, HP Amplify removes complexity, making it easier for partners to take advantage of its many benefits and engage customers on a deeper level. Now comprised of just two distinct tracks – Synergy and Power – with clear compensation levels, HP Amplify provides partners with the flexibility to invest in value-added services and capabilities. The more a partner invests in these capabilities, the higher the rewards.

Experiences at the Speed of Digital

Customers have dramatically altered how they research and buy technology and how they engage with brands, buying more products and services through digital channels, such as e-commerce, partner portals and marketplaces. At the same time, technology and digital transformation are advancing at an astounding pace while business models are shifting from simple transactions focused on selling products to contractual relationships.

For the IT industry overall, and the channel specifically, it means business as usual is no longer an option. With the introduction of HP Amplify, HP is taking decisive actions to capitalize on these shifts, arming partners for future growth and to deliver a more satisfying customer experience.

Performance, Capabilities & Collaboration

Designed to enable progressive go-to-market strategies that cater to a combination of transactional, contractual and hybrid selling models, HP Amplify focuses on three core pillars: performance, capabilities and collaboration.

Performance

As the traditional sales model has been upended, so too has the traditional channel compensation model. While the new program will continue to reward partners based on goals and volume, HP Amplify features an innovative measurement and reward system that accounts for the many strategic efforts partners employ throughout the holistic sales process, from registration volume to average sales value and account retention.

Capabilities

Beyond sales revenue alone, HP Amplify measures rewards based on new capabilities, including investing in and improving digital skills, service delivery capabilities, e-commerce/omnichannel experiences and secure data collaboration.

Capabilities will be specialized and tailored to the sectors customers operate within, creating more personalized experiences and driving invaluable outcomes. HP Amplify rewards partners who invest in the capabilities to compete – and win – in a world dominated by e-commerce and digital-led customer journeys and experiences. The more capabilities around secure data collection, routes to market, services and specializations, the more access and benefits partners will receive.

Collaboration

Collaboration between HP and its partners is critical to our shared success. HP Amplify is designed to turn data analytics into deeper insights that inspire new strategies and steer innovation. HP will collaborate closely with partners to hone their digital skills, such as automated quotes and ordering, to provide a more consistent customer experience across multiple channels and equip partners with valuable research on the most important pain points in the customer journey.

Armed with this added opt-in customer intelligence, partners will have more of a competitive edge, with the intrinsic ability to anticipate and enable more positive customer outcomes. As a result, partners will be able to serve customers more seamlessly through automated inventory updates, product returns and holistic data intelligence. These experiences will continue to build upon the long- standing bonds between customers, partners and HP.

HP Amplify Impact

HP’s dedication to sustainable impact through technology that makes life better for everyone, everywhere has long been integral to its business strategy and operations. Together, HP and its partners can make a lasting difference by acting in lockstep to further fuel innovation and growth in these areas. For this reason, as an extension of the company’s new global program, HP is introducing HP Amplify Impact, inviting all partners to join HP in its pledge to address:

Planet: Working toward a circular, low-carbon economy
People: Respecting human rights, enable people across the value chain to thrive; and cultivate a diverse and inclusive culture
Community: Unlocking educational and economic opportunity while improving the vitality and resilience of local communities

For partners who choose to join this opt-in pledge, HP will provide training and support, and help identify potential gaps in the goals partners wish to set and provide guidance on how to achieve those goals. HP will provide more details closer to the launch of HP Amplify on November 1, 2020.

Leave a comment »

The IT Nerd

Archive for July, 2020

Russian Hacker Group Accused Of Targeting COVID-19 Vaccine Research In Canada, U.S. and U.K

Ubisoft Unveiles A New Collegiate Esports League In Partnership With Tom Clancy’s Rainbow Six Siege

A Follow Up On Citizen Care Pod Corp

The Epic Twitter Hack Was Caused By Social Engineering

Belkin WEMO Users Complain About An Outage Which Has Been Going On For At Least Two Days…. But There Is A Fix

BREAKING: Several High Profile Twitter Accounts Have Been Hijacked To Tweet Bitcoin Scams

Report: Trump Gave The CIA More Power To Launch Cyberattacks

Huawei And Other Chinese Tech Employees Banned From Entering The US

Guest Post: TikTok Ban? Companies, Agencies Do Not Have Secure Data If Chinese App Allowed on Company, Personal Phones Says IAITAM

HP Introduces A New Global Partner Program

Pages

Blogroll