FireEye CEO: Reckless Microsoft hack unusual for China

By FRANK BAJAK and NATHAN ELLGREN
March 9, 2021

RESTON, Va. (AP) — Cyber sleuths have already blamed China for a hack that exposed tens of thousands of servers running Microsoft’s Exchange email program to potential hacks. The CEO of a prominent cybersecurity firm says it now seems clear China also unleashed an indiscriminate, automated second wave of hacking that opened the way for ransomware and other cyberattacks.

The second wave, which began Feb. 26, is highly uncharacteristic of Beijing’s elite cyber spies and far exceeds the norms of espionage, said Kevin Mandia of FireEye. In its massive scale it diverges radically from the highly targeted nature of the original hack, which was detected in January.

“You never want to see a modern nation like China that has an offense capability — that they usually control with discipline — suddenly hit potentially a hundred thousand systems,” Mandia said Tuesday in an interview with The Associated Press.

Mandia said his company assesses based on the forensics that two groups of Chinese state-backed hackers — in an explosion of automated seeding — installed backdoors known as “web shells” on an as-yet undetermined number of systems. Experts fear a large number could easily be exploited for second-stage infections of ransomware by criminals, who also use automation to identify and infect targets.

MORE

Casting a wide intrusion net: Dozens burned with single hack

By FRANK BAJAK
March 7 , 2021

BOSTON — The SolarWinds hacking campaign blamed on Russian spies and the “grave threat” it poses to U.S. national security are widely known. A very different — and no less alarming — coordinated series of intrusions also detected in December has gotten considerably less public attention.

Nimble, highly skilled criminal hackers believed to operate out of Eastern Europe hacked dozens of companies and government agencies on at least four continents by breaking into a single product they all used.

The victims include New Zealand’s central bank, Harvard Business School, Australia’s securities regulator, the high-powered U.S. law firm Jones Day — whose clients include former President Donald Trump — the rail freight company CSX and the Kroger supermarket and pharmacy chain. Also hit was Washington state’s auditor’s office, where the personal data of up to 1.3 million people gathered for an investigation into unemployment fraud was potentially exposed.

The two-stage mega-hack in December and January of a popular file-transfer program from the Silicon Valley company Accellion highlights a threat that security experts fear may be getting out of hand: intrusions by top-flight criminal and state-backed hackers into software supply chains and third-party services.

MORE

Review: ‘Missionaries’ sees our forever wars as vocation

By FRANK BAJAK
Oct. 5, 2020

Phil Klay’s “Redeployment” was a masterwork in mostly spare prose, its tonal range from laugh-out-loud, Joseph Heller-esque absurdity to soul-crushing bleakness. It may be our best literary window into the Iraq war.

A young Marine veteran’s literary debut, the short story collection won a 2014 National Book Award.

“Missionaries,” out Oct. 6 from Penguin Press, is Klay’s next act. A big, ambitious novel, it spans a few decades and continents and plumbs U.S. forever wars’ psychic imprint on peripatetic American warriors, militarism as a way of being and the consequences of ill-conceived foreign meddling.

Two U.S. Special Forces vets of Afghanistan and Iraq — transitioned to mercenary and a military attaché — have fought “in enough murky war zones to lack the near-religious faith in democracy that the war was sold on.” Their next stop is Colombia, where Washington’s targeting-killing apparatus, first turned on leftist insurgents, now hunts drug-trafficking warlords.

MORE

Secretive, never profitable Palantir makes market debut

By FRANK BAJAK
September 30, 2020

BOSTON (AP) — Seventeen years after it was born with the help of CIA seed money, the data-mining outfit Palantir Technologies is finally going public in the biggest Wall Street tech offering since last year’s debut of Slack and Uber.

Never profitable and dogged by ethical objections for assisting in the Trump administration’s deportation crackdown, Palantir forged ahead Wednesday with a direct listing of its stock, gaining 31% in its first trading day.

The big question for both investors and company management: Can Palantir successfully transition from a business built on the costly handholding of government customers to serving corporate customers at scale? The company is a hybrid provider of software and consulting services that often embeds its own engineers with clients.

MORE

Germany seizes server hosting pilfered US police files

By FRANK BAJAK
July 9, 2020

BOSTON (AP) — At the behest of the U.S. government, German authorities have seized a computer server that hosted a huge cache of files from scores of U.S. federal, state and local law enforcement agencies obtained in a Houston data breach last month.

The server was being used by a WikiLeaks-like data transparency collective called Distributed Denial of Secrets to share documents — many tagged “For Official Use Only” — that shed light on U.S. police practices.

The data, dating back to 1996, include emails, audio and video files and police and FBI intelligence reports. DDoSecrets founder Emma Best said the data, dubbed “BlueLeaks,” comes from more than 200 agencies. It has been stripped of references to sexual assault cases and references to children, but names, phone numbers and emails of police officers were not redacted, said Best, who uses they/their pronouns.

MORE

Faxes and email: Old technology slows COVID-19 response

May 13, 2020

By FRANK BAJAK

On April 1, a researcher at the Centers for Disease Control and Prevention emailed Nevada public health counterparts for lab reports on two travelers who had tested positive for the coronavirus. She asked Nevada to send those records via a secure network or a “password protected encrypted file” to protect the travelers’ privacy.

The Nevada response: Can we just fax them over?

You’d hardly know the U.S. invented the internet by the way its public health workers are collecting vital pandemic data. While health-care industry record-keeping is now mostly electronic, cash-strapped state and local health departments still rely heavily on faxes, email and spreadsheets to gather infectious disease data and share it with federal authorities.

This data dysfunction is hamstringing the nation’s coronavirus response by, among other things, slowing the tracing of people potentially exposed to the virus. In response, the Trump administration set up a parallel reporting system run by the Silicon Valley data-wrangling firm Palantir. Duplicating many data requests, it has placed new burdens on front-line workers at hospitals, labs and other health care centers who already report case and testing data to public health agencies.

READ MORE

Reliability of pricey new voting machines questioned

By FRANK BAJAK
February 23, 2020

Nearly 1 in 5 U.S. voters will cast ballots this year on devices that look and feel like the discredited paperless voting machines they once used, yet leave a paper record of the vote. But computer security experts are warning that these so-called ballot-marking devices still pose too much of a risk.

Ballot-marking machines were initially developed not as primary vote-casting tools but as “accessible” alternatives for the disabled. They print out paper records that are scanned by optical readers that tabulate the vote.

They cost at least twice as much as hand-marked paper ballots, which computer scientists prefer because paper can’t be hacked. That’s an important consideration as U.S. intelligence officials warn that malicious meddling in this year’s presidential contest could be worse than in 2016.

The machines have been vigorously promoted by the trio of privately held voting equipment vendors that control 88 percent of the U.S. market and are nearly unregulated at the federal level. They are expected to be used by some 40 million eligible voters more than in the 2018 midterm elections.

MORE

“Permanent Record” By Edward Snowden

Headline: Snowden memoir: The spy who came out and told
(On AP: Abridged version)

By FRANK BAJAK
Oct. 28, 2019

Edward Snowden is mostly self-invented, the fruit of his own ingenuity. He’s a community college dropout, but he’s no layabout. If hacking, purely defined, consists in devising the simplest, most elegant way of getting what you want then Snowden has always excelled at it, beginning when he set back every clock in the house at age 6 in order to stay up late.

The memoir “Permanent Record” from this computer whiz who exposed secret U.S. government mass domestic surveillance six years ago is already a headline. The government has sued to try to deny Snowden royalties for not allowing it pre-publication review. But I didn’t find any secrets he hasn’t already revealed.

A former CIA and National Security Agency systems engineer, Snowden is now a committed digital privacy activist with 4 million Twitter followers, charged with Espionage Act violations for which he says his conscience offered no other option. Civil disobedience is a long, proud tradition with practioners including the republic’s founders, Snowden reminds, and the book does at times read like a manifesto.

If anyone grew on the internet, it was Ed, who was intoxicated with its seemingly limitless potential for good. Snowden waxes poetic on the magic of the two-modem handshake when going online meant tying up the family phone line, which he did incessantly.

Before innocence was lost, the internet represented America’s true values to Snowden. Dorkishly, he read the U.S. Constitution cover to cover when it was offered free at work. Patriotism was ingrained in his upbringing. His parents quietly exercised it when clocking in daily at work. Dad was a Coast Guard techie. Mom held various government jobs.

The North Carolina-born Snowden hacked his way through adolescence in the shadow of Fort Meade, Maryland, the NSA’s home. His scheme for skating through high school with minimum effort _ calculating what it took to get passing grades and doing no more _ worked until Honest Ed explained it to a teacher.

Coming-of-age memoirs like Snowden’s typically recount personal journeys of moral and psychological discovery. That is the book’s strength. Others, most notably journalist Glenn Greenwald and filmmaker Laura Poitras, have already better chronicled the white-knuckled drama of how the most famous whistleblower since Daniel Ellsberg persuaded them to meet him in Hong Kong in 2013 so he could lift the lid on the NSA’s mass surveillance of U.S. citizens _ the 21st century’s biggest scoop.

What Snowden does well, aided by novelist Joshua Cohen, his ghostwriter, is define the promise and dangers of digital technology and the wacky alchemy that grants system architects and administrators like him extraordinary power over people’s lives. His clearcut explanations of complicated yet vital phenomena like the TOR privacy browser and encryption are especially instructive.

Looking back, Snowden most regrets his atavistic reaction to 9/11, how the 18-year-old Ed became “a willing vehicle of vengeance.” He enlists in the Army, hoping to join the Special Forces _ only to break his leg in basic training. He’d been at Fort Meade the day of the attacks, coding for an employer who lived on the base, and joined the vehicular exodus as thousands fled the NSA’s gleaming black towers.

Engrossing is Snowden’s description of how he used his programming skills to create a repository of classified in-house jots on the NSA’s global snooping _ and built a backup system for agency data he called EPICSHELTER. Reading through the repository _ and through his research during a short stint as a briefer on Asian cyberthreats _ Snowden begins to understand just how badly the government was stomping on its citizens’ civil liberties. The “bulk collection” program was called STELLARWIND.

Snowden became sullen. “I felt more adult than ever, but also cursed with the knowledge that all of us had been reduced to something like children, who’d been forced to live the rest of their lives under omniscient parental supervision. I felt like a fraud.”

The rest is history: Snowden’s aborted flight from Hong Kong to Ecuador, stymied when the U.S. canceled his passport, stranding him in Moscow, where he lives in forced exile with longtime girlfriend, now wife, Lindsay Mills. If that relationship was ever tested Snowden is not saying. He turns the book over to Mills for a late chapter taken from her diaries when he disappears without a trace _ then shows up on everyone’s TV screen _ and the FBI is on her like flypaper. By then, the narrative has gone thin.

Snowden says he came to realize, in 2011 as he was deciding to blow the whistle on the NSA, that it wasn’t just the government that was endangering our liberty by amassing and categorizing our data. Back in the U.S. from Japan, he meets his first Internet-equipped ‘smart fridge.’ He is aghast.

Here he was, getting all exercised about U.S. government snooping while surveillance capitalists similarly spied on acquiescent consumers, rendering them a product that “corporations sold to other corporations, data brokers and advertisers.” Worse, people were being persuaded to surrender control of their data to corporations for storage “in the cloud.”

Snowden, at age 28, had soured on his beloved internet. “The Internet that had raised me was disappearing. And with it, so was my youth. The very act of going online, which had once seemed like a marvelous adventure, now seemed like a fraught ordeal.”

“Every transaction was a potential danger.”

Two years later, he’d share his discoveries with the rest of us.

‘Erratic’ online handle apt for Capital One hack suspect







August 1, 2019

By GENE JOHNSON and FRANK BAJAK

SEATTLE (AP) — The 33-year-old former Amazon software engineer accused of hacking Capital One made little attempt to hide her attack. In fact, she effectively publicized it.

It’s one of many riddles swirling around Paige Thompson, who goes by the online handle “erratic.” Well-known in Seattle’s hacker community, Thompson has lived a life of tumult, with frequent job changes, reported estrangement from family and self-described emotional problems and drug use.

FBI agents arrested Thompson Monday for allegedly obtaining personal information from more than 100 million Capital One credit applications, including roughly 140,000 Social Security numbers and 80,000 bank account numbers. There is no evidence the data was sold or distributed to others.

Thompson, in federal custody pending an Aug. 15 detention hearing, wasn’t reachable. Her public defender, Mohammad Hamoudi, did not return an emailed request for comment.

But her online behavior suggested that she may have been preparing to get caught. More than six weeks before her Monday arrest, Thompson had discussed the Capital One hack online with friends in chats and in a group she created on the Slack messaging service.

Those chats and the recollections of others offer a sketch of someone talented and troubled, grappling with what friends and her own posts indicate was an especially bumpy crossroads in her life.

Friends and associates described Thompson as a skilled programmer and software architect whose career and behavior — oversharing in chat groups, frequent profanity, expressions of gender-identity distress and emotional ups and downs — mirror her online handle.

MORE

 

Whistleblower vindicated in Cisco cybersecurity case







August 1, 2019

By FRANK BAJAK

BOSTON (AP) — A computer security expert who has won a trailblazing payout in a whistleblower lawsuit over critical security flaws he found in October 2008 in Cisco Systems Inc. video surveillance software thought his discovery would be a career-boosting milestone.

James Glenn imagined at the time that Cisco would credit him on its website. The software was, after all, used at major U.S. international airports and multiple federal agencies with sensitive missions

“I mean, this was a pretty decent accomplishment,” Glenn said Thursday in a phone interview.

Instead, he was fired by the Cisco reseller in Denmark that employed him, which cited cost-cutting needs. And Cisco kept the flaws in its Video Surveillance Manager system quiet for five years.

Only Wednesday, when an $8.6 million settlement was announced and the lawsuit he filed in 2011 under the federal False Claims Act unsealed, was Glenn’s ordeal revealed — along with the potential peril posed by Cisco’s long silence.

MORE