Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 32.95 RISKS-LIST: Risks-Forum Digest Tuesday 14 December 2021 Volume 32 : Issue 95 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at as The current issue can also be found at Contents: Hackers take $196 million from crypto exchange Bitmart, security firm says (CNBC) A Software Bug Let Hackers Drain $31M From a Crypto Service (WiReD) Australia's AI Cameras Catch Over 270,000 Drivers Using Phones (Alice Klein) Fake scientist used to spread anti-US propaganda (Facebook via Dave Farber) The Webb Space Telescope Will Rewrite Cosmic History. If It Works. (Quantum Magazine) Verizon overrides users' opt-out preferences in push to collect browsing history (Ars Technica) Planned Parenthood data breach (WSJ) Israeli computer glitch lets people improperly leave the country (Winnews via danny burstein) Israeli Company's Spyware Is Used to Target U.S. Embassy Employees in Africa (NYTimes) There's a new push for mobile voting in WashDC (DCist via Gabe Goldberg) U.S. Military Has Acted Against Ransomware Groups, General Acknowledges (NYTimes) Companies Linked to Russian Ransomware Hide in Plain Sight (NYTimes) Officials press for actionable recommendations from new cyber-advisory committee (The Hill) Quote of The Day (WIDA) Re: You've Got an Enemy at Chase! (Paul Robinson) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Sun, 5 Dec 2021 19:56:06 -0800 From: Lauren Weinstein Subject: Hackers take $196 million from crypto exchange Bitmart, security firm says (CNBC) https://www.cnbc.com/2021/12/05/hackers-take-196-million-from-crypto-exchange-bitmart-in-large-breach.html ------------------------------ Date: Sat, 4 Dec 2021 00:30:12 -0500 From: "Gabe Goldberg" Subject: A Software Bug Let Hackers Drain $31M From a Crypto Service (WiReD) An attacker exploited a vulnerability in MonoX Finance's smart contract to inflate the price of its digital token and then cash out. Blockchain startup MonoX Finance said on Wednesday that a hacker stole $31 million by exploiting a bug in software the service uses to draft smart contracts. https://www.wired.com/story/hackers-drain-31-million-from-crypto-service/ Software drafting contracts, what could go wrong? [unfortunately the word "crypto" (which generally encompasses cryptography, cryptology, and lots more) has been preempted by the media as meaning "cryptocurrency". That is EVIL. PGN] ------------------------------ Date: Fri, 10 Dec 2021 11:34:29 PST From: Peter Neumann Subject: Australia's AI Cameras Catch Over 270,000 Drivers Using Phones (Alice Klein) Alice Klein, *New Scientist*, 08 Dec 2021 via ACM TechNews 10 Dec 2021 Artificial intelligence (AI)-equipped cameras have spotted more than 270,000 drivers using phones while driving in New South Wales (NSW), Australia, since the state began issuing fines in March 2020. The cameras capture high-definition images of the front of each passing vehicle, and AI software analyzes them to identify drivers using a handheld cellphone; officers vet images flagged as potentially showing violations before fining those drivers. Transport for NSW's Tara McCarthy said, "We know that mobile phone detection cameras are working and people are getting the message not to use their phone illegally, as we have seen a significant drop in offenses." https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-2d973x22fffdx072544& [Is it illegal to use your cell-phone for navigation purposes? What is the difference between that and a built-in screen for navigation? PGN] ------------------------------ Date: Thu, 2 Dec 2021 11:36:15 +0900 From: Dave Farber Subject: Fake scientist used to spread anti-US propaganda (Facebook) A disinformation network with ties to China used hundreds of fake social media accounts -- including one belonging to a fictitious Swiss biologist -- to spread an unfounded claim that the U.S. pressured scientists to blame China for the coronavirus, Facebook said Wednesday. The company based in Menlo Park, California, did not directly attribute the network to the Chinese government. But it noted employees of Chinese state-run companies, and the country's state-run media, worked to amplify the misleading claims, which were soon the subject of news headlines in China. "In effect it worked like an online hall of mirrors, endlessly reflecting the original fake persona and its anti-US disinformation," according to Ben Nimmo, who leads investigations into disinformation at Meta, the parent company of Facebook and Instagram. The operation began in July 2021, when a Facebook account was created in the name of Wilson Edwards, a self-professed Swiss biologist. That same day, the account user claimed, without evidence, that U.S. officials were using "enormous pressure and even intimidation" to get scientists to back calls for renewed investigations into the origin of the virus. https://techxplore.com/news/2021-12-facebook-fake-scientist-anti-us-propaganda.html ------------------------------ Date: Wed, 8 Dec 2021 11:37:13 -0800 From: Lauren Weinstein Subject: The Webb Space Telescope Will Rewrite Cosmic History. If It Works. (Quantum Magazine) https://www.quantamagazine.org/why-nasas-james-webb-space-telescope-matters-so-much-20211203/ ------------------------------ Date: Wed, 8 Dec 2021 15:12:55 -0800 From: Lauren Weinstein Subject: Verizon overrides users' opt-out preferences in push to collect browsing history (Ars Technica) https://arstechnica.com/information-technology/2021/12/verizon-ignored-users-previous-opt-outs-in-latest-push-to-scan-web-browsing/ ------------------------------ Date: Thu, 2 Dec 2021 04:02:00 +0000 () From: "danny burstein" Subject: Planned Parenthood data breach (WSJ) Hackers Breach Los Angeles Planned Parenthood Network Healthcare provider says more than 400,000 patients' records compromised Planned Parenthood Los Angeles said it is investigating a cyberattack that compromised the personal information of thousands of patients. The reproductive healthcare provider is notifying approximately 400,000 patients whose names, address, insurance and other identifying information were breached, said local spokesman John Erickson. Clinical information, which can include details of a patient's diagnosis, procedures and prescriptions, was taken in the hack. The cyberattack occurred in October, when an unauthorized user gained access to the provider's network, installed malicious software and extracted files from the system, he said. rest: https://www.wsj.com/articles/hackers-breach-los-angeles-planned-parenthood-network-11638408526?reflink=desktopwebshare_permalink ------------------------------ Date: Thu, 2 Dec 2021 04:14:31 +0000 () From: "danny burstein" Subject: Israeli computer glitch lets people improperly leave the country (Winnews) summary: In orthodox Judaism, if a woman wants a divorce, the man has to approve it. And far too many religious women let his refusal destroy their lives. Lots, make that *LOTS*, of pressure is (often, not always) put on these guys to sign off on the paper. One technique is to ban them from leaving Israel. Except... https://vinnews.com/2021/12/01/get-refusers-flee-israel-after-computer-glitch-prevent-rabbinical-courts-from-issuing-injunctions/ ------------------------------ Date: Sat, 4 Dec 2021 05:43:07 -0500 From: "Jan Wolitzky" Subject: Israeli Company's Spyware Is Used to Target U.S. Embassy Employees in Africa (NYTimes) The hack is the first known case of the spyware, known as Pegasus, being used against American officials. The iPhones of 11 U.S. Embassy employees working in Uganda were hacked using spyware developed by Israel's NSO Group, the surveillance firm that the United States blacklisted a month ago because it said the technology had been used by foreign governments to repress dissent, several people familiar with the breach said on Friday. The hack is the first known case of the spyware, known as Pegasus, being used against American officials. Pegasus is a sophisticated surveillance system that can be remotely implanted in smartphones to extract sound and video recordings, encrypted communications, photos, contacts, location data and text messages. https://www.nytimes.com/2021/12/03/us/politics/phone-hack-nso-group-israel-uganda.html ------------------------------ Date: Fri, 3 Dec 2021 00:07:18 -0500 From: "Gabe Goldberg" Subject: There's a new push for mobile voting in WashDC You can pay bills, swipe into a Metro station, order a car, and do countless other things on your phone. And now venture capitalist and former political operative Bradley Tusk wants D.C. residents to be able to use their phones to vote. Tusk Philanthropies is bringing its mobile voting project to D.C., hoping to make the nation’s capital the first place in the country where residents can use phones and computers to cast ballots. Tusk, a former campaign advisor to New York City Mayor Michael Bloomberg and one-time Uber official, has in recent years funded mobile-voting pilot programs across seven states — including Washington, West Virginia, and Oregon -- largely to support overseas and military voters. But his effort in D.C. would represent the first push to make mobile voting a permanent part of elections for all voters. [...] Still, skeptics of mobile voting abound. They say that just like hackers can steal someone's bank information or take over their social media accounts, they could wreak havoc on the civic exercise that makes democracy tick. ``Study after study has found that Internet voting has fundamental security vulnerabilities that simply haven't been resolved at this point. And a lot of them are almost impossible to overcome given the current implementation of the Internet, because the Internet was never really designed with security in mind,'' says Mark Lindeman, an expert on voting security and audits with Verified Voting, a nonpartisan group that focuses on elections and technology. Four federal agencies concluded as much in a May 2020 assessment, saying that ``securing the return of voted ballots via the fficult while ensuring ballot integrity and maintaining voter privacy is difficult, if not impossible, at this time.'' https://dcist.com/story/21/12/02/theres-a-new-push-to-let-dc-voters-cast-ballots-from-their-phones/ ------------------------------ Date: Sun, 5 Dec 2021 14:34:45 -0500 From: "Jan Wolitzky" Subject: U.S. Military Has Acted Against Ransomware Groups, General Acknowledges (NYTimes) Gen. Paul M. Nakasone, the head of Cyber Command, said a new cross-functional effort has been gathering intelligence to combat criminal groups targeting U.S. infrastructure. The U.S. military has taken actions against ransomware groups as part of its surge against organizations launching attacks against American companies, the nation's top cyberwarrior said on Saturday, the first public acknowledgment of offensive measures against such organizations. Gen. Paul M. Nakasone, the head of U.S. Cyber Command and the director of the National Security Agency, said that nine months ago, the government saw ransomware attacks as the responsibility of law enforcement. But the attacks on Colonial Pipeline and JBS beef plants demonstrated that the criminal organizations behind them have been “impacting our critical infrastructure,” General Nakasone said. In response, the government is taking a more aggressive, better coordinated approach against this threat, abandoning its previous hands-off stance. Cyber Command, the N.S.A. and other agencies have poured resources into gathering intelligence on the ransomware groups and sharing that better understanding across the government and with international partners. https://www.nytimes.com/2021/12/05/us/politics/cyber-command-ransomware.html ------------------------------ Date: Mon, 6 Dec 2021 09:33:39 -0500 From: "Jan Wolitzky" Subject: Companies Linked to Russian Ransomware Hide in Plain Sight Cybersecurity experts tracing money paid by American businesses to Russian ransomware gangs found it led to one of Moscow's most prestigious addresses. When cybersleuths traced the millions of dollars American companies, hospitals and city governments have paid to online extortionists in ransom money, they made a telling discovery: At least some of it passed through one of the most prestigious business addresses in Moscow. The Biden administration has also zeroed in on the building, Federation Tower East, the tallest skyscraper in the Russian capital. The United States has targeted several companies in the tower as it seeks to penalize Russian ransomware gangs, which encrypt their victim'’ digital data and then demand payments to unscramble it. Those payments are typically made in cryptocurrencies, virtual currencies like Bitcoin, which the gangs then need to convert to standard currencies, like dollars, euros and rubles. That this high-rise in Moscow's financial district has emerged as an apparent hub of such money laundering has convinced many security experts that the Russian authorities tolerate ransomware operators. The targets are almost exclusively outside Russia, they point out, and in at least one case documented in a U.S. sanctions announcement, the suspect was assisting a Russian espionage agency. https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html ------------------------------ Date: Mon, 13 Dec 2021 10:04:03 PST From: Peter Neumann Subject: Officials press for actionable recommendations from new cyber-advisory committee (The Hill) https://thehill.com/policy/cybersecurity/585387-officials-press-for-actionable-recommendations-from-new-cyber-advisory Maggie Miller, 10 December 2021 [via Dan Geer] Top officials at the Department of Homeland Security (DHS) on Friday urged a newly established advisory committee composed of experts from across sectors to propose solutions to help tackle the growing wave of cyberattacks faced by the nation. The Cybersecurity Advisory Committee, established by DHS's Cybersecurity and Infrastructure Security Agency (CISA) earlier this month, met in a hybrid format both in McLean, Va., and remotely for the first time Friday. It discussed strengthening the nation's basic cybersecurity practices and concerns about disinformation, among other issues. CISA Director Jen Easterly made clear at the top of the almost three hour meeting that she hoped the advisory committee would "create action" and help move the nation forward in cybersecurity. "At the end of the day, this is really about implementing those things that will help CISA truly be the nation's cyber defense agency, that is what the American people need, and that is what the American people deserve," Easterly said. "I am not looking for a 20 page white paper, I am looking for short papers from each of the subcommittees that give a series of recommendations that we can go ahead and implement." DHS Deputy Secretary John Tien made similar comments, telling committee members that "your voices, your thoughts, your brainpower are going to have to help us identify the gaps, the vulnerabilities, and also provide us some thoughts on solutions." The committee is made up of almost three dozen individuals with cybersecurity expertise from various sectors, including cybersecurity group Mandiant CEO Kevin Mandia; former Facebook Chief Technology Officer Alex Stamos; Jeff Moss, the founder of the Def Con hacking conference, and Austin Mayor Steve Adler (D). Representatives from Twitter, Microsoft, Amazon Web Services, Walmart, JPMorgan Chase and Johnson & Johnson, as well as several from the field of academia, are also on the committee. Thomas Fanning, the chairman, president and CEO of utility group Southern Company is the committee chair, while Ron Green, the executive vice president and chief security officer of Mastercard, is the vice chairman. The event Friday marked the first official meeting of the advisory committee. It included lengthy discussion around ways to address the nation's cyber workforce challenges, increase basic cyber hygiene, and rally the hacking community to help the government defend the nation. Also discussed were ways to reduce systemic risk to critical infrastructure, including elections, and to protect it against misinformation and disinformation. National Cyber Director Chris Inglis stressed the need for a coordinated approach by the government and the private sector to best protect the nation against cyber threats, which have spiked over the past year amid incidents including ransomware attacks on Colonial Pipeline, meat producer JBS USA and IT group Kaseya. "A transgressor needs to beat all of us to beat one of us," Inglis said of his goals for the committee. ------------------------------ Date: Fri, 3 Dec 2021 14:50:27 -1000 From: geoff goodfellow Subject: Quote of The Day (WIDA) *"A society that values attention over integrity will eventually self destruct."* https://twitter.com/wida_vision/status/1466744497921003523 ------------------------------ Date: Mon, 6 Dec 2021 12:40:06 +0000 (UTC) From: "Paul Robinson" Subject: Re: You've Got an Enemy at Chase! I had no idea Yahoo Mail inserted non-break spaces in e-mail I post. Nobody ever said anything and probably didn't notice, as I had no idea it was happening. I only put regular spaces in. Maybe Yahoo likes to play "Space Invaders." Also, sorry about top-posting, again, that's on Yahoo. Spelling mistakes, however, I take full responsibility for. ------------------------------ Date: Mon, 1 Aug 2020 11:11:11 -0800 From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ End of RISKS-FORUM Digest 32.95 ************************