Archive for US

NSA, CISA and FBI Expose Chinese Backed Exploitation Of Network Providers And Devices

Posted in Commentary with tags , , on June 8, 2022 by itnerd

The NSA, CISA and FBI have released a Cybersecurity Advisory called “People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices“. This advisory centers around the fact that hackers aligned with China are using a variety of techniques to exploit publicly-known vulnerabilities in equipment, allowing them to establish a broad network of compromised infrastructure. The advisory also lists a number of mitigation strategies that organizations need to take to protect themselves.

Jason Middaugh who is the Chief Information Security Officer, MRK Technologies had this to say:

The latest Cybersecurity Advisory from the NSA, CISA, and FBI drives home the importance of good cybersecurity fundamentals such as keeping assets updated/patched, changing default credentials to strong passphrases, and requiring multi-factor authentication wherever possible.

Many companies make the mistake of focusing on implementing the latest and greatest high-tech hardware/software and overlook the basics like system hardening and asset lifecycle management.

It does not matter whether it is the PRC attempting to exploit the device or an international cybercrime syndicate, if you don’t do the basics well it is only a matter of time before an internet facing asset is compromised.

Clearly this advisory is required reading for all enterprises. Because at the end of the day all enterprises are at risk. And it doesn’t matter if it’s China, or a ransomware group. All enterprises need to reduce their attack surface as much as possible to ensure that they are as safe from attack as possible.

UPDATE: Chris Olson, CEO, The Media Trust had this to say:

“Zero-days and other vulnerabilities in networked devices are an overlooked national security threat, especially in the midst of mounting geopolitical tensions. Unfortunately, the problem is not isolated to IT infrastructure, but also extends to the software supply chain, popular apps and mainstream websites. Today, foreign adversaries are targeting American consumers and businesses through code, with no borders to prevent malicious activity. In addition to following the advice published in the joint cybersecurity advisory, organizations should regularly monitor their digital ecosystem for the presence of untrusted third parties and remove bad actors to protect their users.”

White House Warns Russia Preparing Possible Cyberattacks Against US

Posted in Commentary with tags , , on March 21, 2022 by itnerd

The Biden administration has warned in recent weeks that Russia could look to target infrastructure in the U.S. or elsewhere with cyberattacks, but officials previously said there was no specific or credible threats against the U.S.

White House deputy national security adviser Anne Neuberger said Monday that officials have seen some “preparatory activity” and that the administration briefed companies who could be affected in a classified setting last week.

Lucas Budman, CEO of TruU ( has this comment:

“Enterprises need to act and ensure all attack surfaces are covered. While network and endpoint protection are important, identity is the biggest laggard and the ripest for attack with approximately 80% of breaches linking back to it. Most business still use passwords but there is no safety in numbers as credentials can be compromised from phishing, brute force, credential stuffing, or buying lists of already compromised accounts. After all, people tend to reuse passwords which results in 2FA effectively being secured by just the second factor alone. Passwordless MFA inclusive of biometrics, presence, and behavior is one of the few modern options to dramatically limit the identity attack surface.”

I’m not really surprised by this as Russia is known for housing groups that perpetrate cyberattacks. Thus businesses in the US and beyond should heed this warning and do what they need to do to prepare themselves for what is sure to be a barrage of cyberattacks in the next few weeks.

DHS Warns Americans About Dealing With Chinese Firms Or With Firms With Chinese Citizens In “Leadership And Security-Focused Roles”…. Hmmmm

Posted in Commentary with tags , on December 23, 2020 by itnerd

Earlier today I posted a story on DHS warning consumers about TCL TVs running Android which allegedly contains back doors that could steal data. I did some hunting around and found that DHS has a broader  business advisory that was published on Wednesday that says that Chinese products and services could contain backdoors or other data collection systems. It also said that data theft could occur via insider threats and business partnerships. The goal is to harvest data from western companies for use in furthering China’s economic goals.

The advice that DHS has is to take care when sharing data with Chinese firms; using equipment produced or maintained by Chinese companies; and even when working with companies that have Chinese citizens in “key leadership and security-focused roles.” Which is pretty broad and borders on sounding racist to me. I have to wonder how much of this is a legitimate threat, and how much of this is xenophobia. I guess we’ll find out soon enough.

US To Purge “Untrusted” Chinese Apps And Stop US Apps From Being Installed On Huawei Phones

Posted in Commentary with tags , , on August 6, 2020 by itnerd

This situation between the US and China is escalating further with news that the US is going to purge what it calls “untrusted” apps which all happen to be from China:

U.S. Secretary of State Mike Pompeo said expanded U.S. efforts on a program it calls “Clean Network” would focus on five areas and include steps to prevent various Chinese apps, as well as Chinese telecoms companies, from accessing sensitive information on American citizens and businesses. 

Pompeo’s announcement comes after U.S. President Donald Trump threatened to ban TikTok. The hugely popular video-sharing app has come under fire from U.S. lawmakers and the administration over national security concerns, amid intensified tensions between Washington and Beijing. 

“With parent companies based in China, apps like TikTok, WeChat and others are significant threats to personal data of American citizens, not to mention tools for CCP (Chinese Communist Party) content censorship,” Pompeo said.

To the shock of absolutely nobody, China is not at all happy:

In an interview with state news agency Xinhua on Wednesday, Chinese foreign minister Wang Yi said the United States “has no right” to set up the “Clean Network” and calls the actions by Washington as “a textbook case of bullying”.

“Anyone can see through clearly that the intention of the U.S. is to protect it’s monopoly position in technology and to rob other countries of their proper right to development,” said Wang.

But the US action doesn’t stop there. The US doesn’t want US apps on Huawei phones:

Pompeo said the United States was working to prevent Chinese telecoms firm Huawei Technologies Co Ltd from pre-installing or making available for download the most popular U.S. apps on its phones. 

“We don’t want companies to be complicit in Huawei’s human rights abuses, or the CCP’s surveillance apparatus,” Pompeo said, without mentioning any specific U.S. companies.

No matter how you look at it, this war between China and the US is going to be very bad and you can expect to see more shots traded between these two. Especially in the lead up to the US election in November.

FCC Votes For Net Neutrality…. But Don’t Celebrate Just Yet

Posted in Commentary with tags , , on February 27, 2015 by itnerd

Here’s the good news. If you’re in the US, the FCC has voted 3-2 in terms of regulating the Internet like a utility such as your phone service. In effect, it is enforcing net neutrality. This is a very good thing as there will be no Internet “slow lanes” or “fast lanes” based on the content you consume. The new rules replace regulations that had been thrown out by a federal court last year.

ISPs, Telcos and the like are freaking out. Exhibit A is AT&T’s top legislative executive, Jim Cicconi, sharing his thoughts in a blog post. But their basic gripe is this: Applying these sorts of regulations to the broadband industry will stifle innovation by hurting investment opportunities in networks. It could also allow the government to impose new taxes and tariffs, which would increase consumer bills. And they say it could even allow the government to force network operators to share their infrastructure with competitors. Personally, I don’t see that happening. But they’re so upset about this that they are sure to file suit against the FCC. The FCC for its part claims that it is ready to fight this out in court. Thus, I would not pop the champagne just yet. The fight for net neutrality is not yet over.

So, when is something like this coming to Canada?

UPDATE: Upon further reflection, if you read the press release from the FCC in greater detail, it appears that they’ve copied and pasted a lot of it from the efforts of the CRTC. Though it is still a work in progress as highlighted by this decision against Bell and Videotron and Bell’s decision to appeal that decision.

Gemalto To Planet Earth: You Have Nothing To Worry About

Posted in Commentary with tags , , on February 25, 2015 by itnerd

As promised, Gemalto held a press conference today to respond to a report that they were hacked by U.K. and U.S. intelligence types and encryption codes that would let them spy on smartphone users were stolen. Now has a pretty comprehensive report. But it can be summed up like this:

“The attacks against Gemalto only breached its office networks and could not have resulted in a massive theft of SIM encryption keys,” Gemalto said in a statement at a press conference held in response to a report in the Intercept alleging a massive theft by the US National Security Agency and UK Government Communications Headquarters. The report said millions of SIM card encryption keys had been stolen through the joint NSA and GCHQ operation.

Gemalto then lays out why this is the case. And they also let the world know that 2G networks would be the ones under threat. Both 3G and 4G networks are apparently safe. But the core message is this: There’s nothing to see here. Move along.

Though, they did let this cat out of the bag:

However, Gemalto said, it appears that other SIM card manufacturers were targeted, so privacy and security concerns can’t be dispelled. For example, the spy agency documents pointed to 300,000 keys stolen from a Somali carrier that isn’t a Gemalto customer. Indeed, that’s the case for four of the 12 carriers identified in the documents, Gemalto said.

Lovely. Clearly this story isn’t over and neither is the concern that this will generate.

SIM Cards Still Secure Despite Hack Says Gemalto

Posted in Commentary with tags , , , on February 23, 2015 by itnerd

Last week I brought you a story on UK and US intelligence types hacking into a company called Gemalto who makes among other things, SIM cards for mobile phone carriers, and gaining the ability to eavesdrop on millions of smartphone users because of the hack. Today, Gemalto came out with a statement that basically says that the SIM cards that they produce are still secure despite this hack:

Gemalto, the world leader in digital security, is devoting the necessary resources to investigate and understand the scope of such sophisticated techniques. Initial conclusions already indicate that Gemalto SIM products (as well as banking cards, passports and other products and platforms) are secure and the Company doesn’t expect to endure a significant financial prejudice.

The company does plan to hold a press conference to provide more details on this in Paris at 10:30 am on the 25th of February. We’ll see at that point how the company explains the fact that their SIM cards are secure despite this hack. Personally, I am dubious. But I’m willing to let them lay out their evidence to back up their case.

Hackers Hit Health Insurer…. “Tens Of Millions” Of Records Stolen…. China Possibly Involved

Posted in Commentary with tags , , on February 6, 2015 by itnerd

If you’get your health insurance from Anthem who is one of the largest health insurers in the US, then you likely have something to worry about. According to The Wall Street Journal, they got hit by hackers on an epic scale:

Investigators are still determining the extent of the incursion, which was discovered last week, and Anthem said it is likely that “tens of millions” of records were stolen. The health insurer said the breach exposed names, birthdays, addresses and Social Security numbers but doesn’t appear to involve medical information or financial details such as credit-card or bank-account numbers, nor are there signs the data are being sold on the black market.

Anthem, which offers Blue Cross Blue Shield plans in California, New York and other states, said it doesn’t know precisely how many people may be affected. So far, it appears that the attack detected last week is the only breach of Anthem’s systems, and it isn’t yet clear how the hackers were able to obtain the identification information needed to access the database said Thomas Miller, the insurer’s chief information officer.

That’s just delightful. Affected customers will be contacted by Anthem. But what’s got my attention is this Bloomberg story that points the finger at China:

Technical details of the attack include “fingerprints” of a nation-state, according to two people familiar with the investigation, who said China is the early suspect.

The Federal Bureau of Investigation is leading the investigation, according to Anthem, which has hired FireEye Inc., a Milpitas, California-based security company, to assist.

China has said in the past that it doesn’t conduct espionage through hacking. The Chinese embassy in Washington didn’t immediately respond to a request for comment.

I personally would like to see proof of that as it’s really easy to point a finger at someone and say “they did it.” But let’s say that China is behind this. I’d like to know what the US government is doing to protect its citizens from state sponsored hacks like this? Assuming that they are doing anything at all of course.

Central Command Twitter Account Gets Pwned By Hackers Sympathetic To ISIS

Posted in Commentary with tags , on January 12, 2015 by itnerd

U.S. Central Command is the branch of the U.S. Military that runs operations in Middle East, North Africa, and Central Asia, most notably Afghanistan and Iraq. Seeing as the US has been in that area for an extended period of time, I’m pretty sure that that they’ve made a few enemies. So perhaps one of them decided to try and exact some revenge by hacking or “Pwning” the Twitter account of Central Command. Here’s what CNBC had to say:

The Twitter account for U.S. Central Command was hacked on Monday, with pro-ISIS messages plastering the account’s profile. 

The first message was posted at 12:29 p.m. ET, with the words “AMERICAN SOLDIERS, WE ARE COMING, WATCH YOUR BACK. ISIS.” and the hashtag “#CyberCaliphate.” 

The profile’s image was replaced with a photo that includes the text “i love you isis.” Just before 1 p.m. ET profile and banner images were reverted to their default.

Well that’s embarrassing. The FBI is investigating. But all this is is embarrassing. It’s not as if the people behind this pulled a Sony Pictures type of hack. So really, other than some embarrassing moments, there’s really nothing to see here. Though I would suggest that Central Command change the password of their social medial accounts before they get “Pwned” again.

Hey IT Nerd! Do US Charges Against Chinese Hackers Mean Anything?

Posted in Commentary with tags , , on May 20, 2014 by itnerd

Another question from a reader popped into my inbox today:

Good afternoon. Yesterday, the US Government laid charges against a number of Chinese officials for cybercrimes against six US companies. My question is, does that really matter as I don’t see China handing these people over to stand trial?

Thanks for the question. Before I answer your question, let me do a quick recap. Yesterday the US Department of Justice laid charges against five people who they accused of hacking six US companies and then turning over whatever they electronically stole to Chinese based companies. In effect, these five people are accused of cyber espionage for commercial gain. Now, I’m all for going after those who hack other people or companies and I am all for them being punished to the fullest extent of the law. However, that’s likely not going to happen in this case. There’s zero chance that China will hand over these people. Which means they will never face justice. Plus this is likely to increase tensions between the US and China. Thus other than give the appearance that the US is going after cybercrime, I fail to see the point of this exercise. Perhaps there’s something going on behind the scenes that is connected to this that will clarify things, assuming we find out about it. But as it stands now, the logic of laying these charges escapes me.

Perhaps some of the readers of this blog has some further insight on this? If so, please leave a comment and share your wisdom.