Pete Recommends – Weekly highlights on cyber security issues January 12, 2020

Subject: DHS Releases NTAS Bulletin

Today, Acting Secretary of Homeland Security Chad Wolf reissued the NTAS bulletin pertaining to the terror threat to the U.S. homeland. Upfront, you should know that: “At this time there is no specific, credible threat against the homeland.” You can read the new, entire bulletin at National Terrorism Advisory System Bulletin – January 4, 2020. As the nation’s risk advisor, CISA is sharing this directly with you, our partners, to ensure you have the latest information from the Department of Homeland Security.  As appropriate, we will provide protective measures when and if our understanding of the risk changes.  However, do not wait for us to have the best or only idea – collective defense works best when we share what works, collectively and collaboratively.

Stay vigilant, stay connected, and help us – if you See Something, Say Something. For useful tips, resources and information about our offerings, and how to reach us and report information, related to the Bulletin, please visit

Subject: FBI, Homeland Security warn of Iranian terror and cyber threat in new intelligence bulletin
Source: CNNPolitics
Washington (CNN) The FBI and Department of Homeland Security warned of the terror threats Iran poses to the US in a joint intelligence bulletin sent to law enforcement throughout the country on Wednesday.

In the bulletin, which was obtained by CNN, the agencies said they had believed a physical attack would occur first overseas — in line with the missile strikes launched by Iran into Iraq late Tuesday — and predicted Iran could take steps in the immediate term to attack the US in cyberspace.

The bulletin also warns that Iran has a history of making assassination attempts, and outlines the terror threat its proxy Hezbollah poses in the US.

Related Article: Iran has online disinformation operations, too

Foster, whose team has closely studied Iranian disinformation campaigns, said among the disinformation tactics they’ve seen used by Iran is the “creation of networks of inauthentic social media accounts masquerading as real, politically-inclined individuals, including those based in the US.” Those accounts, he said, often spread “commentary critical of Iran’s political rivals.”
And it’s not just on social media. In one case, a pro-Iranian influence campaign even succeeded in having letters to the editor published in American newspapers at least 13 times, according to FireEye. While the letter writing campaign was not tied directly to the Iranian government, Facebook, which examined accounts and personas associated with FireEye’s findings, confirmed they were operated from inside Iran.

Subject: Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad
Source: DHS CISA via US-CERT

Summary – The Cybersecurity and Infrastructure Security Agency (CISA) is sharing the following information with the cybersecurity community as a primer for assisting in the protection of our Nation’s critical infrastructure in light of the current tensions between the Islamic Republic of Iran and the United States and Iran’s historic use of cyber offensive activities to retaliate against perceived harm. Foremost, CISA recommends organizations take the following actions:

  1. Adopt a state of heightened awareness. This includes minimizing coverage gaps in personnel availability, more consistently consuming relevant threat intelligence, and making sure emergency call trees are up to date.
  2. Increase organizational vigilance. Ensure security personnel are monitoring key internal security capabilities and that they know how to identify anomalous behavior. Flag any known Iranian indicators of compromise and tactics, techniques, and procedures (TTPs) for immediate response.
  3. Confirm reporting processes. Ensure personnel know how and when to report an incident. The well-being of an organization’s workforce and cyber infrastructure depends on awareness of threat activity. Consider reporting incidents to CISA to help serve as part of CISA’s early warning system (see Contact Information section below).
  4. Exercise organizational incident response plans. Ensure personnel are familiar with the key steps they need to take during an incident. Do they have the accesses they need? Do they know the processes? Are your various data sources logging as expected? Ensure personnel are positioned to act in a calm and unified manner.

Subject: VERIFY: How to make sure your Australia relief donation goes to a verified cause
Source: WUSA via WPMT FOX43

WASHINGTON — The stories about Australia’s bushfires are heartbreaking. Many people are looking for a way to help, but scammers are very aware, too. There are more than 3,000 GoFundMe campaigns alone, but they might not all be legit.

So, we’re going to show you how to choose a verified relief effort. Anyone can start a fundraiser for just about anything. GoFundMe guarantees that if you donate to a fraudulent campaign, you’re eligible for a refund. But we still want to make sure you know the red flags to look for.

First, make sure to check how the campaign organizer is related to recipient. For example, we found several organizers raising money for a nonprofit, like the Australian Red Cross or Wildlife Information Rescue Education Services.

Instead, donate directly to the nonprofit, cutting out the middle man and avoiding any attempt of potential fraud.

Subject: Cities, states face costly cybersecurity landscape after attacks spiked in 2019

Now, at the start of a new decade, the surge of ransomware attacks have forced municipalities into a grim scenario — pay to beef up their digital security, or risk having to pay the hackers.

Cybersecurity expert Jacob Doiron, an information systems lecturer at San Diego State University, said government entities, healthcare institutions and school districts are some of the most common targets for these kinds of attacks because they have important data but often don’t properly focus their budget on addressing IT and security needs.

“A lot of the time criminal agents or cyber actors know that the services they’re providing are critical so they’re more willing to pay,” he said. “Because at the end of the day, this is a criminal enterprise, and there’s a profit motive that’s generating all of this stuff.”


Subject: A lazy fix 20 years ago means the Y2K bug is taking down computers now
Source: New Scientist

Parking meters, cash registers and a professional wrestling video game have fallen foul of a computer glitch related to the Y2K bug.The Y2020 bug, which has taken many payment and computer systems offline, is a long-lingering side effect of attempts to fix the Y2K, or millennium bug.

Both stem from the way computers store dates. Many older systems express years using two numbers – 98, for instance, for 1998 – in an effort to save memory. The Y2K bug was a fear that computers would treat 00 as 1900, rather than 2000.

Programmers wanting to avoid the Y2K bug had two broad options: entirely rewrite their code, or adopt a quick fix called “windowing”, which would treat all dates from 00 to 20, as from the 2000s, rather than the 1900s. An estimated 80 per cent of computers fixed in 1999 used the quicker, cheaper option.

“Windowing, even during Y2K, was the worst of all possible solutions because it kicked the problem down the road,” says Dylan Mulvin at the London School of Economics.



Subject: ‘Shattered’: Inside the secret battle to save America’s undercover spies in the digital age
Source: Yahoo! News

When hackers began slipping into computer systems at the Office of Personnel Management in the spring of 2014, no one inside that federal agency could have predicted the potential scale and magnitude of the damage. Over the next six months, those hackers — later identified as working for the Chinese government — stole data on nearly 22 million former and current American civil servants, including intelligence officials.The data breach, which included fingerprints, personnel records and security clearance background information, shook the intelligence community to its core. Among the hacked information’s other uses, Beijing had acquired a potential way to identify large numbers of undercover spies working for the U.S. government. The fallout from the hack was intense, with the CIA reportedly pulling its officers out of China. (The director of national intelligence later denied this withdrawal.)

Personal data was being weaponized like never before. In one previously unreported incident, around the time of the OPM hack, senior intelligence officials realized that the Kremlin was quickly able to identify new CIA officers in the U.S. Embassy in Moscow — likely based on the differences in pay between diplomats, details on past service in “hardship” posts, speedy promotions and other digital clues, say four former intelligence officials. Those clues, they surmised, could have come from access to the OPM data, possibly shared by the Chinese, or some other way, say former officials.

[many pages … ]

Subject: Police are buying hidden cameras disguised as rocks, trees, tombstones
Source: Business Insider

  • A secretive surveillance company has been quietly selling hidden cameras to police departments and federal agencies, according to records obtained by the watchdog nonprofit MuckRock.
  • The Special Services Group sales brochure advertises surveillance devices hidden in rocks and trees, as well as a “tombstone cam.”
  • The company has sold its products to dozens of US agencies, including the FBI, DEA, and ICE.
  • But Special Services Group has gone to great lengths to keep its products secret, even threatening to sue journalists at Vice for reporting on its sales brochure earlier this week.

A shadowy company with a mission of “Constant Vigilance” is selling hidden cameras and listening devices to government agencies that are disguised as rocks, trees, tombstones, vacuum cleaners, and even baby car seats.

The company, Special Services Group, keeps its gadgets secret — it doesn’t list any products on its website, citing “the critical missions of our customers.” The hidden camera devices remained unknown to the public until the company’s sales pamphlet was published by the transparency nonprofit MuckRock earlier this week.

The pamphlet shines a new light on the mostly unknown tools that law enforcement and federal agencies use to keep tabs on people and track potential suspects. While government agencies routinely publish financial disclosures showing their contracts with companies like Special Services Group, the surveillance devices themselves are generally shrouded in secret.

Posted in: Computer Security, Cybercrime, Cybersecurity, Government Resources, Military