Foreign espionage hackers user publicly available tools; Russians could retaliate for de-plaforming of their fake news sites; phishing for election recounts

US Cert in Pittsburgh has a collaborative report between US DHS and the British Commonwealth (UK, Canada, Australia, New Zealand), an Alert AA18-284A. about “publicly available hacking tools” seen in worldwide cyber incidents.

Most of the tools presented here seem determined to provide hidden readers for corporate espionage.

But concern persists that China, North Korea, and Russia can continue to do destructive attacks on relatively innocuous American interests, “to prove we can”.

There were some sporadic backbone router outages early Monday Nov 12 which might have been malicious.  Since US social media companies and perhaps hosts have no-platformed what they believe to be Russian fake accounts and “fake news” bots, the Russians might attack legitimate smaller interests in the US (or, more likely, the infrastructure supporting them) just to prove they can, as retaliation.

 One other thing – there seems to be some phishing spam going around claiming to raise money for Florida recounts.

Could spammers send out no-platforming phishing notices? Also -- soft "NSA" intelligence tips when your email or social media shows unusual content repeatedly

Just a quick security tip.

If you get unusual volumes of emails, texts, robocalls, twitter mentions, Facebook postings in your timeline (or page if you allow multiple admins – a dubious idea now) or even US mail letters – about causes to which you have no connection and have no interest in supporting – just be careful, and watch your back.

It can mean someone views you as a threat to them.  Perhaps you’re lowballing them in business, or they think you are.

This goes a little beyond depending on spam filters or being careful about emails purporting to be from parties you know but looking odd. 

This is a matter that intelligence services and CIA and NSA people know well.

  

It’s even conceivable that spammers will send out sham “no-platforming” takedown emails (from social media platforms, domain registrars or hosts, claiming some sort of connection to a terms of service violation).  The first place to verify is the sender address with a mouseover, but sometimes those are masqueraded successfully.

EFF advises on what to do if your Facebook account was hacked

Genine Gebhardt has a piece on Electronic Frontier Foundation, about what to do if you were caught in the Facebook hack.

  

There seems to be about 14 million people who had significant personal information taken. There is a risk that people could be at risk for very targeted phishing, or possibly breakins to their financial accounts (although I think Facebook denied that credit card info was taken).  A more grave risk, however unlikely in practice, could be impersonation of someone in committing a crime and framing someone. 

DHS, US-CERT document multiple foreign threats, not just to elections

\US DHS chief Kristjen Nielsen told the Senate today that the US faces unprecedented cyber threats from overseas enemies, both corporations and governments and even individuals. The best link is ABC’s here. The midterm elections aren’t the only catalyst.

US Cert reports (TA-276B) “persistent threat activity exploiting managed service providers (link ).  It’s not clear if this includes web hosting companies. (see also 276A, related).

  

There is also a new “hidden COBRA” on fast cash systems, TA-275A, link. 

Google-Plus shutting down ("sunsetting") after company finds potential security vulnerabilities very difficult to fix in a cost-effective way for individuals; enterprise version will be boosted

Google has suddenly announced today that it will “sunset” Google+ for individual consumers, while promoting a new version for enterprises.  I heard about this on FB Messenger from a Friend in the DC area LGBT and social media business community.

The decision is announced here on Google’s own blog.  User data will be shut down and migrated by the end of August, 2019.  The discussion is part of a “Project Strobe”.

But the sudden announcement appeared after major security lapses were reported. Ashley Carman has a story on The Verge here.

  

The Wall Street Journal has more details in a searing story today in by the Macmillans, here.  Apparently there was a consumer leak that the WSJ, at least, says was not properly communicated to the public.  But Google insists the security problem was found in project Strobe and caught in time.

  

  

Google reports low consumer usage and engagement, apparently in comparison to major rivals (Facebook).  Google announced Google+  in 2011 and even intended it to pursue the “circles of users” concepts even more than Facebook, but it has not taken off.

  

I have found Google+ useful in stimulating discussion on YouTube videos I like, particularly on classical music.  I have not used it a lot in other areas for communicating news.

  

This development would raises potential questions in my own mind about the long range future of Blogger, this platform, also owned by Google but completely separate from it (but available through the same Google account).  I don’t know how well the business model for Blogger works today compared to a decade ago; but I have wondered that since around 2015, as I have noticed that not that many people advertise on the blogs (that I happen to look at), despite claims to the contrary on product forums. But I don't see that Blogger could present any of the same security problems. 

There have not been that many high-profile shutdowns of consumer platforms. AOL shutdown its Hometown product in 2007 for low usage and provided a transition to Blogger. Myspace seems to be running OK. 

    

This is a developing story that will be covered in more detail on posts on other blogs, as there are strategic implications especially for individual users (compared to whole companies and enterprises)

Another Facebook "friend request" hoax

Here’s the low-down on the new Facebook “friend request” scam that erupted today.

I got one of these messages in church, during the communion.

ABC News Tampa Bay explains the hoax here. 

  

 This seems to be an invitation to get the scammer to create duplicate profiles (happened to me in 2016).

News2Share covers indictment of seven Russian hackers

News2Share journalist Ford Fischer gives a good account of the indictment of seven Russian hackers, with “Fancy Bear” and the like, in this long Twitter thread of the DOJ meeting today. 

Vox Sentences summarizes “The Vanishing of Kamal Khashoggi” which included a coverup of doping of Russian athletes.

But the Military Times (Gregory Katz et al) warns that Russians targeted a nuclear power company in Pennsylvania, possibly wanting to jump across an air gap to a control system.