Pete Recommends – Weekly highlights on cyber security issues, December 27, 2020

Subject: DOJ Accuses Zoom Exec of Acting on Behalf of Chinese Government
Source: Gizmodo

An executive at the videoconferencing company Zoom schemed with Beijing officials to leak user data and squash video meetings discussing the anniversary of the Tiananmen Square massacre earlier this year, according to federal prosecutors. The Justice Department’s case races a fresh wave of concern about Zoom’s security after the company spent the summer months muzzling Zoombombings and dragging its feet on end-to-end encryption.In a criminal complaint unsealed in a Brooklyn federal court Friday, prosecutors said that Xinjiang Jin, who reportedly worked as Zoom’s chief liaison with Chinese law enforcement and intelligence services, shared user information and disrupted video calls at the request of the Chinese government. Jin, who is based in China, has been proactively monitoring Zoom meetings since January 2019 for mentions of political and religious topics censored by China’s ruling Communist Party, according to the complaint.

The complaint only identifies Jin as an employee of a U.S. telecommunications company, but Zoom has since confirmed it was the company involved. In a statement published Friday, Zoom said it is fully cooperating with the Department of Justice and fired Jin for violating company policies. Jin shared “a limited amount of individual user data with Chinese authorities,” the company said, but so far it hasn’t found evidence that he provided data on any users based outside of China. It’s placed other employees on admnistrative leave pending an internal investigation.

“As the DOJ makes clear, every American company, including Zoom and our industry peers, faces challenges when doing business in China,” Zoom said. “We will continue to act aggressively to anticipate and combat ever-evolving data security challenges. We launched our end-to-end encryption feature to free and paid users worldwide. We have significantly enhanced our internal access controls. We have also ceased the sale of direct and online services in China and launched engineering hubs in the United States, India, and Singapore.”

Subject: Cheap GPS jammers a major threat to drones
Source: Resilient Navigation and Timing Foundation via RISKS DIGEST
Cheap GPS jammers a major threat to drones – geoff goodfellow <[email protected]> Thurs17 Dec 2020 11:29:25 -1000
*Blog Editor’s Note: We are not sure the drone and autonomous community have really come to grips with this issue.

* *The article mentions interference with a display involving hundreds of drones. There have been other incidents, of course, in China and elsewhere. One example is the UK accident we reported on that could have resulted in a fatality, according to the government’s investigation report <>.* *We agree with the below article that GPS/GNSS receivers should include better hardware and software to make them more resilient to jamming and spoofing.* …

Subject: Firefox 85 will improve privacy with network partitioning feature
Source: gHacks Tech News

Next month’s stable release of Firefox 85 will include the anti-tracking feature networking partitioning to improve user privacy on the Internet. While Firefox is not the first web browser to support network partitioning, that honor goes to Apple and the company’s Safari web browser, it is a major improvement as it eliminates tracking techniques that rely on shared cache functionality.Most Internet users are aware of cookies by now and how they may be used to track users across sites. Less known is that other data that is stored locally may also be used to track users. Browsers store all sorts of data besides cookies including HTTP and image files, favicons, fonts and more.

Up until now, these caches were set to share files, and it makes sense from a performance point of view. Instead of having to download files such as fonts for each site, the browser could simply load it from the cache if the file had been downloaded from another site in the past. Sites could use the information to determine if a user visited another site in the past.

Starting in Firefox 85, Firefox will partition network resources to eliminate this form of tracking and probing.

Subject: Deceptive Design: How to Identify and Combat Consequence Design

We all rely on design to facilitate our user experiences. So, shouldn’t design reflect good intentions and honesty? Unfortunately, this is not always the case. Businesses often employ sneaky techniques to persuade users into buying their product or subscribing to their brand. These techniques are called “dark patterns” or “hostile design.” They are user interface tricks that are designed to influence people into doing things they otherwise might not do.These tricks come in several forms, such as a popup window that demands a new subscription, or a spot designed to look like dirt on your phone screen, so you try to wipe it off and end up clicking a link instead. Even in the non-digital world, we can identify certain deceptive behaviors as “hostile design,” such as sleight of hand or trick questions. Designers, intentionally or unintentionally, can use psychology to mislead and trap users.

What are some common types of hostile design?



Subject: Officials shut down fake Moderna, Regeneron websites that allegedly stole users’ info for cyberattacks
Source: Becker’s Health IT

The U.S. Attorney’s Office for the District of Maryland has taken possession of two domain names claiming to be the websites of actual biotech companies Moderna and Regeneron but instead were fraudulent websites that allegedly stole users’ info for phishing and malware attacks.Six details:

Related Articles

Subject: New tools to fight gift card scams
Source: FTC Consumer Information

This holiday season (and year-round), gift cards are on scammers’ wish lists. Scammers always have a reason for you to pay them immediately with a gift card. And they often tell you which card to buy and which store to visit. That’s why the FTC is launching a new Stop Gift Card Scams campaign to work with stores and law enforcement to fight these scams. And it’s also why the FTC has taken another look at reporting data to see what’s happening lately….

Just today, the FTC released an updated Data Spotlight with some interesting new developments:

  • Reports suggest eBay is scammers’ current gift card brand of choice. It was Google Play and iTunes, but eBay has claimed the uncoveted top spot.
  • People most often report using gift cards to pay scammers pretending to be the government, a business, tech support, or a friend or family member in trouble.
  • People report that scammers tell them to buy gift cards at Walmart, Target, CVS, and Walgreens. And once they have you there, they’ll keep you on the phone as you pay for the gift cards.

Blog Topics:

Money & Credit

Scam Tags:
Gift Card Scams

Subject: CISA Releases Draft Use Case For Securing Remote, Mobile and Teleworking Connections
Source: Nextgov

With many federal employees still teleworking, federal officials dropped a holiday gift for cybersecurity managers across the government: the draft remote user use case for the latest iteration of the Trusted Internet Connection, or TIC, policy.The Cybersecurity and Infrastructure Security Agency, or CISA, released the draft use case Tuesday for public comment, asking stakeholders to offer feedback on the best methods for securing mobile and personal devices connecting to agency networks. The late-in-the-year policy drop meets the agency’s promise to deliver hard guidance—even if in draft form—before interim guidance released in April expires at the end of December.

To meet these new realities, the Office of Management and Budget issued a new TIC 3 policy in September 2019. But rather than creating another stagnant guidance document, the policy pushes agencies toward a set of evolving use cases developed by CISA.

Subject: ACLU Sues For Info On FBI’s Encryption Breaking Capabilities
Source: Gizmodo

The American Civil Liberties Union announced on Tuesday that it plans to sue for information related to the FBI’s shadowy and relatively new ability to break into encrypted devices at will.The lawsuit will reportedly seek to target information related to the FBI’s Electronic Device Analysis Unit (EDAU) and its apparent acquisition of software that would allow the government to unlock and decrypt information that is otherwise securely stored on cell phones.

For years now, the U.S. government has waged a pressure campaign against companies like Apple, beseeching them to build highly unstable encryption backdoors that would allow law enforcement to access private devices like cell phones and personal computers if they are being entered as evidence. It’s the kind of thing that raises the hackles of privacy advocates and human rights advocates alike: In 2016, Zeid Raad al-Hussein, the United Nations High Commissioner for Human Rights, notably said that compelling electronics manufacturers to build the backdoors would have “extremely damaging implications” for human rights and would “risk unlocking a Pandora’s box” of government overreach.

But even in the face of all the blowback, many experts have warned for years that the FBI has gone ahead and quietly developed the capability on its own. Indeed, in a blog post announcing the lawsuit, the ACLU cited public court records that describe “instances where the EDAU appeared capable of accessing encrypted information off of a locked iPhone… [and] even sought to hire an electronics engineer whose major responsibilities would include ‘perform[ing] forensic extractions and advanced data recovery on locked and damaged devices.’”

[other security news … ]

Subject: CISA Releases CISA Insights and Creates Webpage on Ongoing APT Cyber Activity
Source: CISA

CISA is tracking a known compromise involving SolarWinds Orion products that are currently being exploited by a malicious actor. An advanced persistent threat (APT) actor is responsible for compromising the SolarWinds Orion software supply chain, as well as widespread abuse of commonly used authentication mechanisms. If left unchecked, this threat actor has the resources, patience, and expertise to resist eviction from compromised networks and continue to hold affected organizations at risk.In response to this threat, CISA has issued CISA Insights: What Every Leader Needs to Know About the Ongoing APT Cyber Activity. This CISA Insights provides information to leaders on the known risk to organizations and actions that they can take to prioritize measures to identify and address these threats.

CISA has also created a new Supply Chain Compromise webpage to consolidate the many resources—including Emergency Directive (ED) 21-01 and Activity Alert AA20-352A: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations—that we have released on this compromise. CISA will update the webpage to include partner resources that are of value to the cyber community.

To read the latest CISA Insights, visit For more information on the SolarWinds Orion software compromise, visit

Subject: Deepfake queen to deliver Channel 4 Christmas message
Source: BBC News via Yahoo

This year’s Channel 4 alternative Christmas message will be delivered by a deepfake of the Queen. While the Queen is delivering her traditional message on the BBC and ITV, her digitally created doppelgänger will be sharing its “thoughts” on Channel 4.

Buckingham Palace told the BBC it had no comment on the broadcast. Channel 4 said the intention was to give a “stark warning” about fake news in the digital age. Deepfake technology can be used to create convincing yet entirely fictional video content, and is often used to spread misinformation. In the message, the deepfake will try its hand at a TikTok viral dance challenge.

Posted in: AI, Cybercrime, Cybersecurity, Government Resources, Healthcare, KM, Privacy, Spyware