FireEye CEO: Reckless Microsoft hack unusual for China

By FRANK BAJAK and NATHAN ELLGREN
March 9, 2021

RESTON, Va. (AP) — Cyber sleuths have already blamed China for a hack that exposed tens of thousands of servers running Microsoft’s Exchange email program to potential hacks. The CEO of a prominent cybersecurity firm says it now seems clear China also unleashed an indiscriminate, automated second wave of hacking that opened the way for ransomware and other cyberattacks.

The second wave, which began Feb. 26, is highly uncharacteristic of Beijing’s elite cyber spies and far exceeds the norms of espionage, said Kevin Mandia of FireEye. In its massive scale it diverges radically from the highly targeted nature of the original hack, which was detected in January.

“You never want to see a modern nation like China that has an offense capability — that they usually control with discipline — suddenly hit potentially a hundred thousand systems,” Mandia said Tuesday in an interview with The Associated Press.

Mandia said his company assesses based on the forensics that two groups of Chinese state-backed hackers — in an explosion of automated seeding — installed backdoors known as “web shells” on an as-yet undetermined number of systems. Experts fear a large number could easily be exploited for second-stage infections of ransomware by criminals, who also use automation to identify and infect targets.

MORE

Reliability of pricey new voting machines questioned

By FRANK BAJAK
February 23, 2020

Nearly 1 in 5 U.S. voters will cast ballots this year on devices that look and feel like the discredited paperless voting machines they once used, yet leave a paper record of the vote. But computer security experts are warning that these so-called ballot-marking devices still pose too much of a risk.

Ballot-marking machines were initially developed not as primary vote-casting tools but as “accessible” alternatives for the disabled. They print out paper records that are scanned by optical readers that tabulate the vote.

They cost at least twice as much as hand-marked paper ballots, which computer scientists prefer because paper can’t be hacked. That’s an important consideration as U.S. intelligence officials warn that malicious meddling in this year’s presidential contest could be worse than in 2016.

The machines have been vigorously promoted by the trio of privately held voting equipment vendors that control 88 percent of the U.S. market and are nearly unregulated at the federal level. They are expected to be used by some 40 million eligible voters more than in the 2018 midterm elections.

MORE

Experts: US anti-Huawei campaign likely exaggerated







February 28, 2019

By FRANK BAJAK

Since last year, the U.S. has waged a vigorous diplomatic offensive against the Chinese telecommunications giant Huawei, claiming that any nation deploying its gear in next-generation wireless networks is giving Beijing a conduit for espionage or worse.

But security experts say the U.S. government is likely exaggerating that threat. Not only is the U.S. case short on specifics, they say, it glosses over the fact that the Chinese don’t need secret access to Huawei routers to infiltrate global networks that already have notoriously poor security.

State-sponsored hackers have shown no preference for one manufacturer’s technology over another, these experts say. Kremlin-backed hackers, for instance, adroitly exploit internet routers and other networking equipment made by companies that are not Russian.

If the Chinese want to disrupt global networks, “they will do so regardless of the type of equipment you are using,” said Jan-Peter Kleinhans, a researcher at the Berlin think tank Neue Verantwortung Stiftung.

One of the most common U.S. fears — that Huawei might install software “backdoors” in its equipment that Chinese intelligence could use to tap into, eavesdrop on or interrupt data transmissions — strikes some experts as highly unlikely.

Priscilla Moriuchi, who retired from the National Security Agency in 2017 after running its Far East operations, does not believe the Huawei threat is overblown. But she called the odds of the company installing backdoors on behalf of Chinese intelligence “almost zero because of the chance that it would be discovered,” thus exposing Huawei’s complicity.

MORE

 

APNewsBreak: Georgia election server wiped after suit filed







A computer server crucial to a lawsuit against Georgia election officials was quietly wiped clean by its custodians just after the suit was filed, The Associated Press has learned.

The server’s data was destroyed July 7 by technicians at the Center for Elections Systems at Kennesaw State University, which runs the state’s election system. The data wipe was revealed in an email sent last week from an assistant state attorney general to plaintiffs in the case that was later obtained by the AP. More emails obtained in a public records request confirmed the wipe.

The lawsuit, filed July 3 by a diverse group of election reform advocates, aims to force Georgia to retire its antiquated and heavily criticized election technology. The server in question, which served as a statewide staging location for key election-related data, made national headlines in June after a security expert disclosed a gaping security hole that wasn’t fixed six months after he reported it to election authorities.

READ MORE

Aging, rickety U.S. elections system vulnerable to hacking







 

By FRANK BAJAK AND MICHAEL RUBINKAM

Dec. 26, 2016

ALLENTOWN, Pa. (AP) — Jill Stein’s bid to recount votes in Pennsylvania was in trouble even before a federal judge shot it down Dec. 12. That’s because the Green Party candidate’s effort stood almost no chance of detecting potential fraud or error in the vote — there was basically nothing to recount.

Pennsylvania is one of 11 states where the majority of voters use antiquated machines that store votes electronically, without printed ballots or other paper-based backups that could be used to double-check the balloting. There’s almost no way to know if they’ve accurately recorded individual votes — or if anyone tampered with the count.

More than 80 percent of Pennsylvanians who voted Nov. 8 cast their ballots on such machines, according to VotePA, a nonprofit seeking their replacement. A recount would, in the words of VotePA’s Marybeth Kuznik, a veteran election judge, essentially amount to this: “You go to the computer and you say, ‘OK, computer, you counted this a week-and-a-half ago. Were you right the first time?'”

 These paperless digital voting machines, used by roughly 1 in 5 U.S. voters last month, present one of the most glaring dangers to the security of the rickety, underfunded U.S. election system. Like many electronic voting machines, they are vulnerable to hacking. But other machines typically leave a paper trail that could be manually checked. The paperless digital machines open the door to potential election rigging that might not ever be detected.

What’s more, their prevalence magnifies other risks in the election system, such as the possibility that hackers might compromise the computers that tally votes, by making failures or attacks harder to catch. And like other voting machines adopted since the 2000 election, the paperless systems are nearing the end of their useful life — yet there is no comprehensive plan to replace them.

READ FULL ARTICLE

 

South America hacker team targets dissidents, journalists







By FRANK BAJAK

LIMA, Peru (AP) — A shadowy cyber-espionage group that sent malware to the prosecutor whose mysterious death transfixed Argentina early this year has been hitting targets in left-leaning nations across South America, the Internet watchdog group Citizen Lab reported Wednesday.

The breadth and brazenness of the hackers’ activity bear the hallmarks of state sponsorship. So do its targets.

The group has been attacking opposition figures and independent journalists in Ecuador with spyware. It also ran dummy websites. The most elaborate, geared toward Venezuela, is a constantly updated news site featuring dubiously sourced “scoops” on purported corruption among the ruling socialists. In Ecuador, a similarly faux site seemed tailored to attract disgruntled police officers.

The researchers launched the three-month probe after determining that spyware found on the smartphone of Argentine prosecutor Alberto Nisman was written to send pilfered data to the same command-and-control structure as malware sent to targets infected in Ecuador. They said the hackers had a “keen and systematic interest in the political opposition and the independent press” in the three nations, all run by allied left-wing governments. That suggests it may have operated on behalf of one or more of those governments, the 60-page report said.

In September, the hackers threatened a Citizen Lab researcher as he poked around in a U.S.-based machine the group had infected.

“We’re going to analyze your brain with a bullet — and your family’s, too,” read a message that popped up on his computer screen. “You like playing the spy and going where you shouldn’t, well you should know that it has a cost — your life!”

That’s rare behavior among professional hackers, perhaps indicating little fear of criminal prosecution, said Morgan Marquis-Boire, one of the researchers.

In November, the group attempted to infect the computer of an Associated Press reporter, who was also investigating it, with a phishing attack aimed at stealing his Google password.

READ FULL STORY