Wednesday, August 22, 2018

DNS Propagation failure makes US-owned sites accessible only in China, where they were banned, for about an hour; possible proof-of-concept hack???

There was a problem yesterday with a major hosting service where the DNS A-record propagation failed for a while.  The end result, if you looked at “” was that the sites were connecting in non-democratic countries (particularly China) and some of eastern Europe, but in the west.

The problem was fixed in about two hours and was intermittent.  But it struck me that something this could happen because of deliberate foreign hack.  While sites, even individually owned, were not reachable from the U.S. or some western countries, it sounds conceivable hackers could have altered them in a proof-of-concept attack.  I’m not aware that this really happened, but the pattern is suspicious.
Many of these US-owned and based sites are supposedly banned in China.  It’s odd that only Beijing could reach them for about an hour.

Tuesday, August 21, 2018

Russian hackers create fake websites mimicking conservative think tanks and politicians ("Fancy Bear")

Microsoft has uncovered more Russian ("Fancy Bear") meddling before the 2018 midterms, activity which could pose a threat to ordinary users at least with spear phishing. Here is the Yahoo! report

Apparently Russian interests set up fake websites pretending to be a few conservative think tanks and even groups associated with some mainstream Republican US Senators not particularly cooperative with Trump.  Visitors might encounter malware or might get phishing emails from these fake sites.
Security companies like Trend and Webroot will be able to flag these sites as suspicious quickly, of course, but Microsoft (which runs its own Windows Defender) caught the problem first.

A couple other ideas come to mind.  Should telecoms, given the relaxing of net neutrality, refuse to let these sites be connected?

Another risk could be that in the future foreign hackers set up sites purporting to belong to individuals (even like me), perhaps those with a conservative bias.  This could set up serious problems for those individuals, but we’ll look at that soon on the identity theft blog.

Elizabeth Dwoskin and Craig Timberg have a detailed story in the Washington Post. 

Friday, August 17, 2018

Reports about hijacking of Instagram accounts and associated emails by Russians are surfacing; blockchain is proposed as a solution

I have received an inquiry for an interview with an Internet security expert who reports a problem with Instagram accounts being hijacked. When targets try to recover accounts with secured email, they find their email contacts have also been replaced with a Russian email address.

The account content are often replaced by Disney and Pixar character sets.

The contact point is proposing the use of blockchain to make social media accounts more secure.  But then blockchain could become a much more important apparatus than 2-step verification 

I suggested that the press agent have the company provide me with more details (like a URL) before I try to do a phone interview.
I will note a couple of anomalies.  I haven’t used Instagram much.  But when I set it up a few years ago I found that there was already a dummy unused account there.  This sounds dangerous.  What if someone stole your identity and used a social media service you hadn’t joined (say Snapchat) for criminal purposes?  This could be a way for a foreign enemy to wreak havoc, by targeting random Americans to be frames by prosecutors.  So the email I got points indirectly to another potential future hazard that so far is little known, although there were occasional mentions of it (in conjunction with ransomware) as far back as 2013.

Monday, August 06, 2018

Wall Street Journal reports administration scurrying now over cyber threats to power grids, which could involve home or small business users as honeypots

In early July, I happened to log on to my Dominion Power account to try to pay a bill, and got a bizarre error from the website.  The next day it worked, but maybe that’s a preview to the substance of this Wall Street Journal article by Rebecca Smith, “U.S.Steps Up Grid Defense: To fight cyberattacks on critical utilities, officials push for stronger penalties,” Online, the article is quite high profile (though with a subscription paywall) and illustrated.

The main threat seems to be that foreign hackers (Russia, China, Iran, North Korea, possibly radical Islam) get access through suppliers or small utilities, who then trade software across “air gaps” with thumb drives.  Despite the air gap from the public Internet, the security environment for major electric utilities and for grid companies (for the three major grids) is very complicated and could be breached. Small utilities and suppliers don’t have the advanced security to protect themselves from state hackers.

Another threat seems to be corporate and even home routers, which seem to be a set of “mouseholes” for malware to hide. 

The article suggests that malware (like Dragon Fly or Energetic Bear) could be hiding in utility control systems called SCADA (which, to be emphasized, aren’t directly accessible from your computer or phone). There are reports that this malware has lived on some utilities' systems since 2012. 

The article suggests that Spear-phishing, watering hole attacks on trade websites, or airgap crossing are the main methods.

The article even goes so far to as to suggest that the government is concerned about mass internal migrations should a protracted regional power failure occur (the August 2003 failure in the northeast lasted about a day).

Do ordinary users at home add to the risk?  Possibly, through home routers (which should be turned off and back on occasionally so the security updates take hold, although large cable companies probably do this anyway).  Another possibility that got mentioned shortly after 9/11 and forgotten was steganography, where instructions for terror attacks or malware are placed on innocuous amateur sites. Another possibility would be to place criminal malware like child pornography on sites to try to fame ordinary civilians, as an intimidation tactic from foreign enemies.  So far the closest that has happened has been occasional defacing of a few websites (like random restaurants) or Sony.  (There had been scattered reports (as far back of 2013) of ransomware that threatened to load c.p. on a user's computer (at one time possession would have been a strict liability offense)).  A few politically-oriented sites (in the eyes of the beholder) may have been targeted. Recently (in May and June) a major Wordpress blog (which admittedly had used an old insecure template theme) set up to advise asylum seekers was hacked, but finally secured properly and is back up. (Fortunately it had good backups  -- and backup technology would be worth another big blog post.) 

Ted Koppel (video above) wrote a book called “Lights Out” about all of this (reviewed on Books, Nov. 15, 2015).

This article doesn’t even consider EMP and solar storms, which I’ve discussed elsewhere.
As someone who dealt with the draft a half century ago, foreign enemies pose novel moral dilemmas for how individuals can be expected to behave.