Cyber supremacy! US VS RUSSIA

This all started back in 2008 when the Russians dropped of multiple USB flash drives in parking lots around US military bases located in the middle east. These flash drives were picked up and then inserted into computers inside the various bases spreading malware across the US’s machines allowing the Russians access to a secret network called SIPRNet. The network was used by the pentagon to transmit highly classified information. This was the first major cyber warfare incident pertaining two very powerful countries and it raised many questions as to how to respond to such threats.

Following multiple attacks from various countries over the years and the failure of the US Cyber Command, to deter those attacks, President Trump nominated Lieutenant General Paul Nakasone as the commander of the United States Cyber Command. This marked a new era for the organization and the way Cyber Warfare played out in the US as the lieutenant believed offense was greatly needed in order to defend.

In August of 2018, a few months after the nomination, Trump signed the National Security Presidential Memorandum 13 which basically allowed the US Cyber Command Team operate inside foreign networks without gaining presidential approval. This showed how big of a deal securing the nation’s cyber network had become, as they were indefinitely granted freedom to operate just as the military would operate independent. Once they gained this new power, the first thing they did was to go after the Russians who had attacked them multiple times over the years.

The US shutdown Russia’s Internet Research Agency who was responsible for designing many of the social media ads which impacted the 2016 elections. In addition, they hacked into the Russian Military intelligence, sending various threats to officers and hackers who had participated in the hack against the Pentagon back in 2008. But more importantly, the US recently deployed malicious code into Russia’s power grid system giving them the ability to turn off electricity supply to homes, hospitals and schools in an instant.

The goal here was mainly to deter the Russian’s from further cyber attacks against the US but this approach was basically the same strategy used during the Cold War era. With this more aggressive strategy which uses offense as a form defence, the cyber war would not slow down in anyway without set regulations agreed upon by not just Russia and the US but by every country.

Sources

https://www.nytimes.com/2019/06/15/us/politics/trump-cyber-russia-grid.html

https://www.independent.co.uk/news/world/europe/us-cyber-attack-russia-power-grid-war-kremlin-a8964506.html

Ademide Osunsina

CYBER ATTACK ON saudi Petroleum company poses NEW Threats

In August of 2018 , a petroleum company in Saudi Arabia was hit with a cyber attack aiming to cause a blast at facility. Unlike other cyber attacks, this attack was particularly alarming as the intention was not to erase data or take control of systems, instead it was meant intentionally put lives at risk. This attack comes after a series of attacks in early 2017 where Industrialization company Tasnee and Sadara Chemical Company were attacked causing all their data to be lost. 

While, the attack to the petroleum company did not cause any data loss, the desired outcome of the hackers was to cause an explosion. The malware that attacked the plant is known as TRITON, which specifically targets Triconex safety controllers built by french company Schneider Electric. Investigators worry of future attacks as the controllers are seen as the main method of defense. The controllers are responsible for regulation of pressure, temperature,and voltage and with over 18,000 plants carrying Triconex safety controllers the attack poses significant damage. 

Although, there was no explosion at the petroleum company, cybersecurity experts say that the only factor that saved the plant was an error in the hacker’s code causing only a shutdown of production. The hackers were able to get into the system by remotely creating a digital file concealed among other file at the engineering station at Schneider Electric facilities. According to many cybersecurity experts, they claim that due to the level of effort required in this attack that only a large government could be behind it. The attack would require the hacker to understand how the complex Triconex systems are set up and having knowledge about the specific functions of each valve. 

While experts have stated that the motive behind the attack was not for monetary benefit , many believe it was an attempt to harm the Saudi Arabian private sector. Amy Myers Jaffe, an expert on Middle East Energy spoke to the New York Times saying ,“Not only is it an attack on the private sector, which is being touted to help promote growth in the Saudi economy, but it is also focused on the petrochemical sector, which is a core part of the Saudi economy,” Though there has been no confirmation about which country could be behind the attack, investigators worry of attacks in the US as attackers have already found a deadly strategy to cause serious physical damage. 

November 18,2019

Varada Krishnadas


Sources:

http://www.cyberdefensemagazine.com/hackers-tried-to-cause-a-blast-at-a-saudi-petrochemical-plant

http://www.technologyreview.com/s/613054/cybersecurity-critical-infrastructure-triton-malware/

http://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html

Facebooks Suspends Accounts for “Coordinated Inauthentic Behavior”

The fallout of the 2016 election exposed many Americans to the dangers of coordinated, potentially state sponsored, and deceptive social media campaigns. These issues regarding content authenticity and manufactured narratives are not unique to the States. On August 1st, Facebook announced that it had suspended over 200 accounts and 100 pages involved in what the company called “Coordinated Inauthentic Behavior” in regards to politics in the arab world. The company describes this behavior as “groups of accounts and pages working together to mislead people about who they are and what they’re doing” (“Inauthentic Behavior Policy Update”). 

In this particular case, the accounts in question were suspended due to their posing as locals of targeted countries such as Sudan and Libya. They also created false personas which they used to add credibility to their statements regarding local affairs. In addition to suspending accounts, Facebook also intimated two marketing firms that they believed to be involved in disinformation campaigns. The similarly named Egpytian firm ‘New Waves’ and Emirati firm ‘Newave’ were both linked to astroturfed posts despite their attempts at identity obfuscation, though Facebook did not comment as to any possible connections between the two.

This suspension begs the question, how effective are coordinated political campaigns in affecting the discourse regarding situations such as the civil war in Sudan. While it is impossible to assess such a social phenomenon with objective metrics, many Sudanese activists have noted the increase in pro-military activity. The Times reports that democracy advocates began to suspect that some of this was not authentic due to minor Arabic linguistic inconsistencies posted by these pro-military accounts. Posters often assigned “Sudan” the feminine form rather than the local custom of masculinizing it. The fact that democracy advocates even had enough source material to make this discovery speaks to the ability of coordinated actors to generate content but not it’s efficacy leaving unresolved concerns about how much of dialogue on a given subject is authentic and how much is manufactured.

Published November 18, 2019

-Matt Buffo

Sources:

https://about.fb.com/news/2019/08/cib-uae-egypt-saudi-arabia/

https://about.fb.com/news/2019/10/inauthentic-behavior-policy-update/

https://www.cnbc.com/2019/10/04/facebook-removes-coordinated-fake-accounts-in-uae-egypt-nigeria-and-indonesia.html

https://www.nytimes.com/2019/09/06/world/middleeast/sudan-social-media.html

https://www.reuters.com/article/us-facebook-saudi/facebook-says-it-dismantles-covert-influence-campaign-tied-to-saudi-government-idUSKCN1UR50J

Photo Credit to Facebook


7.5 Million Affected in Adobe Breach

Last Month, on October 19th , Adobe was informed that 7.5 million users had their data exposed due Adobe’s Elasticsearch database being left unsecured. The database held the account information of Adobe’s Creative Cloud users. Adobe responded immediately by locking down the database. The database could be accessed from the internet without the need of credentials of any kind. The information that could be accessed includes email addresses, used Adobe products, subscription status, country of origin, time of last login, and even payment status. Adobe was informed of the exposed database by Comparitech who stated that the database could have been exposed for an indeterminate amount of time.

The estimate that Comparitech gave stated that Adobe’s database was likely left unsecured for around a week’s time though it may have been longer. Adobe doesn’t have any knowledge on whether the database had any actual unauthorized access or when it was first left publicly accessible. They only know that the database could have been accessed from any web browser.

Adobe issued a statement promptly after locking down the database in order to show transparency. The statement went on to assure users that while some of their information was available to public access, pertinent information such as passwords and financial information was not leaked in any way. Adobe warns that although the most important information was kept safe, users should be wary of potential phishing attacks that may come from people that have access to certain information like user emails and subscription status.

Sources:

https://www.zdnet.com/article/adobe-left-7-5-million-creative-cloud-user-records-exposed-online/ https://www.diyphotography.net/adobe-data-breach-exposed-almost-7-5-million-creative-cloud-accounts-to-the-public/ https://www.scmagazine.com/home/security-news/data-breach/adobe-leaves-creative-cloud-database-open-7-5-million-users-exposed/ https://petapixel.com/2019/10/26/adobe-exposed-7-million-creative-cloud-accounts-to-the-public/

-Brandon Nguyen

Oregon Department of Human Services Data Breach

On January 8th, 2019, a spear phishing attack allowed an attacker to gain access to the Oregon Department of Human Services’ email accounts and records. Nine employees had opened the email and clicked the link allowing the attacker to gain access to their accounts and their emails. Over 2 million emails were in the compromised email mailboxes. The department confirmed that these accounts were secured by January 28th, 2019 which is the same day they confirmed the phishing attack was a data breach. No other email accounts were compromised, and no malware had been installed.

Following the breach, the department hired an outside firm, ID Experts, to investigate the extent of the breach. They completed their investigation in June 2019.  It was originally reported in March that the breach exceeded 350,000 accounts. However, ID Experts estimated that the personal data of more than 650,000 clients were compromised. The agency spokesperson also stated that the breach affected clients from each of the departments five divisions: Aging and People with Disabilities, Developmental Disabilities, Child Welfare, Self-sufficiency and Vocational Rehab. The data compromised included: “first and last names, addresses, dates of birth, Social Security numbers, case numbers, personal health information and other information used in DHS programs.” It is worth noting that not all of each data type were exposed for each person.

Due to the breach, the department has provided 12 months of identity theft monitoring and recovery services as well as a $1 million insurance reimbursement policy to those affected. The service was called MyIDCare and was provided by ID Experts. It began sending notifications to those affected June 19th, 2019. In total, the loss for the department will be around $1.5 million. The ID Experts investigation cost roughly $500,000 and the compensation to those affected will reach over $1 million.

November 10, 2019

Kyle M Smith

https://www.oregonlive.com/data/2019/06/more-than-645000-oregonians-impacted-by-dhs-data-breach.html

https://securitytoday.com/Articles/2019/06/20/Oregon-Department-of-Human-Services-Breach-Affects-645000-Clients.aspx?Page=2

https://www.oregon.gov/DHS/DHSNEWS/NewsReleases/Data-Breech-News%20Release-2019-03-21.pdf

https://www.ktvz.com/news/oregon-dhs-sending-645-000-notices-of-data-breach/1087357753