Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label U.S. government. Show all posts

GhostNet: Why is the Prominent Cyberattack Still a Mystery


Among the tools used in modern warfare, Cyberespionage has made a prominent name. Cyberespionage can be used to propagate misinformation, disrupt infrastructure, and spy on notable people including politicians, government officials, and business executives. In order to prepare for physical or cyber threats, nations also engage in espionage.

While many countries actively engage in some form of warfare, the U.S. has a certain stance that China, in regard to cyberespionage, poses a significant threat. According to the United States cyber defense agency CISA, "China probably currently represents the broadest, most active, and persistent cyber espionage threat to U.S. Government and private-sector networks."

CISA further notes that cyberattacks based in China may also have an impact on U.S. oil and gas pipelines, as well as rail systems.

While this warning is just an overview, China is renowned for its highly advanced cyber operations. The infamous GhostNet spy system, which compromised more than 1,000 computers of military, political, economic, and diplomatic targets around the world, is largely believed to have been coordinated by the Chinese government. China was never formally blamed for the crime, though, for a number of political and legal reasons. The history of GhostNet is therefore still a mystery.

Cyber Espionage Network ‘GhostNet’

GhostNet first came to light when the office of the Dalai Lama in India invited a team of security researchers at the Munk Center for International Studies at the University of Toronto to check their computers for any indication of a hack. This prompted an inquiry that turned up a large cyberattack that had compromised 1,295 systems over the course of two years in 103 nations. The Munk Center and Information Warfare Monitor analysts released a thorough analysis in 2009 that provided insight into the extensive spying operation they called "GhostNet."

GhostNet distributed malware via emails with attachments and suspicious links. Once the malware was successfully downloaded on the victim’s system, it would take complete access to the computers, which further enabled hackers to search for and download files, and even control the victim’s external devices like webcams and microphones. 

Around 30% percent of the victims of GhostNet were of high-profile, such as foreign ministries of several nations in Southeast Asia, South Asia and Europe. Also, several international organizations were targeted, like ASEAN, SAARC, the Asian Development Bank, news organizations, and computers of NATO headquarters.

Who was Behind the GhostNet Attacks?

Researchers from GhostNet were successful in locating and connecting to the espionage network's command servers. Hainan Island in China was linked to a number of IP addresses that the attackers used to communicate with the compromised PCs. Four control servers in total were found by the investigation, three of which were in China. The fourth server was situated at an American web hosting business. Furthermore, five of the six detected command servers were found in mainland China, while the sixth was found in Hong Kong.

According to researchers, China is amongst the most obvious operators behind GhostNet, however, their reports did not directly point at the country since they were unable to provide any concrete proof of the Chinese government’s involvement. They noted that other nations could also be behind the attacks.  

Cyber Trust Mark: U.S. Administration Introduces Program to Boost Home Security


This Tuesday, Joe Biden’s government announced a ‘U.S. Cyber Trust Mark’ program that will focus on cybersecurity certification and product labels of smart home tech, as a step to help consumers choose products that provide better protection against cyber activities.

The new program was proposed by the Federal Communications Commission Chairwoman Chairperson Jessica Rosenworcel. The program apparently aims at helping consumers make well-informed decisions over purchasing products, like identifying the marketplace with advance cybersecurity standards.

"The goal of the program is to provide tools for consumers to make informed decisions about the relative security of products they choose to bring into their homes," the administration said.

U.S. Cyber Trust Mark

Under the proposed programs, consumers are likely to see a newly formed “U.S. Cyber Trust Mark” label, that will serve as a shield logo, distinguishing the products that satisfies the established cybersecurity criteria. Apparently, these criteria will be decided by the National Institute of Standards and Technology (NIST), which will include criteria like unique and strong default passwords, data protection, software updates and incident detection capabilities.

According to the administration, a number of significant retailers, trade groups, and manufacturers of consumer goods such electronics, appliances, and consumer goods have made voluntarily commitments to improve cybersecurity for the products they sell. Amazon, Best Buy, Google, LG Electronics USA, Logitech, and Samsung Electronics are among the participants.

Plans for the program was prior discussed by the Biden administration in late 2022 to establish a voluntary initiative with internet of things makers to help ensure products meet minimum security standards.

Reportedly, the FCC, which is responsible for regulating wireless communication devices is set to seek public comment regarding the labeling program by 2024.

According to the administration, the FCC is applying for registration to the U.S. Patent and Trademark Office to register a national trademark that would be used on products that satisfy the predetermined standards. 

"The proposal seeks input on issues including the scope of devices for sale in the U.S. that should be eligible for inclusion in the labeling program, who should oversee and manage the program, how to develop the security standards that could apply to different types of devices, how to demonstrate compliance with those security standards, how to safeguard the cybersecurity label against unauthorized use, and how to educate consumers about the program," the FCC notice says.

The proposal highlights inclusion of a QR code to products that will provide consumers with information, pending a certification mark approval by the U.S. Patent and Trademark Office.

U.S. Nuclear Facilities Witnesses Hacking and Espionage Threats


A cybersecurity company has discovered a North Korean hacking group that illicitly obtained nearly 100 gigabytes of data over the course of a months-long intrusion. Regulators started to look into Tuesday’s cyberattack on the financial trading group ION. 

Reportedly, the hackers targeted U.S. nuclear facilities, considered one of the most strictly regulated facilities in the U.S. Despite these protections, hackers are however driven to them due to the potential for espionage and other criminal activities. 

A Chinese spy balloon over Montana, which is a site of multiple nuclear missile silos, is the most recent alleged spying threat. President Biden has been advised by military advisors to not shoot the balloon down. NBC News was the first to report on the incident. 

Brig. Gen. Patrick Ryder, a Pentagon spokesperson says “the U.S. government acted immediately to prevent against the collection of sensitive information, once it spotted the balloon.” 

According to Ryder, the U.S. government has seen a similar pattern of behavior for "several years." Similar balloons had previously been spotted over Hawaii and Guam, which are home to U.S. military facilities, says a U.S. intelligence official. 

On Thursday, Leaders from two House committees requested the Energy Department to provide them with documents pertaining to cyberattacks by alleged Russian threat actors targeting U.S. national nuclear laboratories. 

According to a Reuters article from last month, James Pearson and Chris Bing, Russian hackers known as Cold River targeted nuclear scientists at Brookhaven, Argonne, and Lawrence Livermore laboratories last summer. 

“Although it is unclear whether the attempted intrusions were successful, it is alarming that a hostile foreign adversary targeted government labs working on scientific research critical to the national security and competitiveness of the United States,” Reps. James Comer (R-Ky.), chair of the Oversight and Accountability panel, and Frank D. Lucas (R-Okla.), chair of the Science, Space, and Technology Committee, wrote in a letter seeking communications between agencies, labs, and contractors[…] "Hackers who got into the U.S. nuclear command and control system could, theoretically, “trigger a false alarm, making us think that Russian nuclear weapons were on their way” 

The report indicated the president to take a decision on whether to launch a strike in counter, says former White House cybersecurity adviser Richard Clarke in a video for the nonprofit Nuclear Threat Initiative last year. 

State of Defense by the U.S. Government 

The Biden administration has been attempting to impose minimal security requirements on other industries, but the nuclear industry is already among the most regulated, along with the financial services sector and defense contractors. In a recent interview, a White House representative who requested anonymity to speak more openly about the subject said that the NRC “has really strict rules.” 

The NRC initially installed cybersecurity protocols in place in the early 2000s. Under the existing regulations, nuclear power plant operators were required to submit security plans to the agency for approval. This summer, more cybersecurity guidelines for fuel cycle facilities are anticipated from the NRC. Less regulation impacts the security of American nuclear weapons than the NSA's ability to safeguard them. 

According to a 2019 study by the agency's inspector general, the NRC is required to change its approaches to cybersecurity inspections at nuclear plants in order to emphasize more on monitoring performance. The report also stated that “the inspection program faces future staffing challenges because demographic and resource constraints work against optimal staffing.” 

The NNSA “and its contractors have not fully implemented six foundational cybersecurity risk practices in its traditional IT environment,” according to a report from the Government Accountability Office from last year. The nuclear weapons IT environments and NNSA's operational technology environments "have not fully implemented these practices,”  it stated.  

LexisNexis' Virtual Crime Center: Making Millions from Sales to the U.S. Government

 

According to contracting data and government records examined by Motherboard,a cybersecurity portal, the data firm LexisNexis generates millions of dollars offering specialised tools to law enforcement and other U.S. government organisations. 

The contracts draw attention to LexisNexis' frequently underappreciated government work, which entails capabilities beyond its standard people-search or article databases accessible to consumers and businesses. One of these is the Virtual Crime Center, a system for connecting open records with internal and external databases from various organisations. The Secret Service purchased licences for the Virtual Crime Center, according to papers obtained by security analysts at Motherboard. 

“Today’s law enforcement agencies need a view beyond their own jurisdictions. LexisNexis Accurint Virtual Crime Center brings together disconnected data from over 10,000 different sources, including police agencies nationwide and public records for intelligence-led policing that can then drive decisions and actions,” the website for the Virtual Crime Center reads. The product is sold by LexisNexis under the Accurint name, which the company also uses for its range of government and law enforcement solutions. 

As per procurement records, the Secret Service paid roughly $400,000 per year between 2020 and 2022 for access to the Virtual Crime Center. The tool is intended to be a one-stop shop for data searches that would often require a number of different independent platforms. 

Security analysts also discovered purchases of Accurint by the State Department, the Food and Drug Administration, the Animal and Plant Health Inspection Service, the U.S. Coast Guard, the Department of Navy, and the Defense Counterintelligence and Security Agency. The Intercept has previously reported on ICE's acquisition of LexisNexis data. According to documents obtained by the immigrant rights group Just Futures Law, ICE checked that data more than one million times in just seven months.

A LexisNexis product description for its Accurint data package was obtained by Motherboard through a Freedom of Information Act (FOIA) request. A large portion of such information is also found in LexisNexis' consumer editions, such as business and corporate information. Additionally, it contains information about "relatives, neighbours, and associates," which may be especially useful to police enforcement. 

"Relatives, neighbours, and acquaintances information" is seriously concerning, said Zach Edwards, a security researcher who monitors the data trade industry, to Motherboard in an online conversation. By establishing consumer profiles with information about people's intimate personal contacts and making them available to the government for purchase, it would seem that LexisNexis has elevated the idea of "friends and family plans" to a completely disturbing level. 

He also mentioned Accurint, which has licences for hunting, fishing, and using firearms. Selling hunting, fishing, and concealed weapon permits is a risky game to play because laws against the sharing of that information exist in nearly half of the states in the United States.

U.S. Targets Google's Online Ad Business in Latest Lawsuit



The US Department of Justice (DOJ), along with eight other US states have filed a lawsuit against tech-giant Google. DOJ, on Tuesday, accused Google of abusing its dominance in the digital ad market. 

It has threatened to dismantle a significant business at the heart of one of Silicon Valley’s most successful online organizations. 

According to US Attorney General Merrick Garland, its anti-competitive practices have "weakened, if not destroyed, competition in the ad tech industry." 

The government campaigned for forcing Google to sell its ad manager suite, a business that not only contributed significantly to the search engine and cloud company's overall sales but also contributed around 12% of Google's revenue in 2021. 

"Google has used anticompetitive, exclusionary, and unlawful means to eliminate or severely diminish any threat to its dominance over digital advertising technologies," the antitrust complaint read. Google charged that the DOJ was "doubling down on a flawed argument that would slow innovation, raise advertising fees, and make it harder for thousands of small businesses and publishers to grow." 

The federal government says that it's Big Tech investigations and lawsuits that are aiming at leveling the playing field for smaller rivals to a group of powerful companies, including Amazon, Facebook owner Meta and Apple Inc. 

"By suing Google for monopolizing advertising technology, the DOJ today aims at the heart of the internet giant’s power[…]The complaint lays out the many anticompetitive strategies from Google that have held our internet ecosystem back," says Charlotte Slaiman, competition policy director at Public Knowledge. 

The Current Lawsuit Follows an Antitrust Lawsuit from 2020 

Tuesday’s lawsuit, under the administration of President Joe Biden, follows a 2020 antitrust case filed against Google during the presidency of Donald Trump. 

The 2020 lawsuit alleged antitrust violations in the company's acquisition or maintenance of its monopoly in internet search and is scheduled to go to trial in September. 

Eight States in Lawsuit 

The nearly 15-page lawsuit accuses Google of breaches of US antitrust law and attempts to "halt Google's anti-competitive scheme, unwind Google's monopolistic grip on the market, and restore competition to digital advertising". 

If the courts proceed to side with the US government, this might lead to the dissolution of the firm’s advertising business. 

The states joining Tuesday’s lawsuit include Connecticut, Colorado, New Jersey, New York, Rhode Island, Tennessee, and Virginia, along with Google’s home state California.