Risks Digest 32.95

[RISKS List Owner <risko () csl sri com>]

RISKS-LIST: Risks-Forum Digest  Tuesday 14 December 2021  Volume 32 : Issue 95

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/32.95>
The current issue can also be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
Hackers take $196 million from crypto exchange Bitmart, security firm says
 (CNBC)
A Software Bug Let Hackers Drain $31M From a Crypto Service (WiReD)
Australia's AI Cameras Catch Over 270,000 Drivers Using Phones (Alice Klein)
Fake scientist used to spread anti-US propaganda (Facebook via Dave Farber)
The Webb Space Telescope Will Rewrite Cosmic History. If It Works.
 (Quantum Magazine)
Verizon overrides users' opt-out preferences in push to collect browsing
 history (Ars Technica)
Planned Parenthood data breach (WSJ)
Israeli computer glitch lets people improperly leave the country
 (Winnews via danny burstein)
Israeli Company's Spyware Is Used to Target U.S. Embassy Employees in Africa
 (NYTimes)
There's a new push for mobile voting in WashDC (DCist via Gabe Goldberg)
U.S. Military Has Acted Against Ransomware Groups, General Acknowledges
 (NYTimes)
Companies Linked to Russian Ransomware Hide in Plain Sight (NYTimes)
Officials press for actionable recommendations from new cyber-advisory
 committee (The Hill)
Quote of The Day (WIDA)
Re: You've Got an Enemy at Chase! (Paul Robinson)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Sun, 5 Dec 2021 19:56:06 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: Hackers take $196 million from crypto exchange Bitmart, security
 firm says (CNBC)

https://www.cnbc.com/2021/12/05/hackers-take-196-million-from-crypto-exchange-bitmart-in-large-breach.html

------------------------------

Date: Sat, 4 Dec 2021 00:30:12 -0500
From: "Gabe Goldberg" <gabe () gabegold com>
Subject: A Software Bug Let Hackers Drain $31M From a Crypto Service (WiReD)

An attacker exploited a vulnerability in MonoX Finance's smart contract to
inflate the price of its digital token and then cash out.

Blockchain startup MonoX Finance said on Wednesday that a hacker stole $31
million by exploiting a bug in software the service uses to draft smart
contracts.

https://www.wired.com/story/hackers-drain-31-million-from-crypto-service/

Software drafting contracts, what could go wrong?

  [unfortunately the word "crypto" (which generally encompasses
  cryptography, cryptology, and lots more) has been preempted by the
  media as meaning "cryptocurrency".  That is EVIL.  PGN]

------------------------------

Date: Fri, 10 Dec 2021 11:34:29 PST
From: Peter Neumann <neumann () csl sri com>
Subject: Australia's AI Cameras Catch Over 270,000 Drivers Using Phones
 (Alice Klein)

Alice Klein, *New Scientist*, 08 Dec 2021 via ACM TechNews 10 Dec 2021

Artificial intelligence (AI)-equipped cameras have spotted more than 270,000
drivers using phones while driving in New South Wales (NSW), Australia,
since the state began issuing fines in March 2020. The cameras capture
high-definition images of the front of each passing vehicle, and AI software
analyzes them to identify drivers using a handheld cellphone; officers vet
images flagged as potentially showing violations before fining those
drivers. Transport for NSW's Tara McCarthy said, "We know that mobile phone
detection cameras are working and people are getting the message not to use
their phone illegally, as we have seen a significant drop in offenses."
https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-2d973x22fffdx072544&;

  [Is it illegal to use your cell-phone for navigation purposes?
  What is the difference between that and a built-in screen for navigation?
  PGN]

------------------------------

Date: Thu, 2 Dec 2021 11:36:15 +0900
From: Dave Farber<farber () keio jp>
Subject: Fake scientist used to spread anti-US propaganda (Facebook)

A disinformation network with ties to China used hundreds of fake social
media accounts -- including one belonging to a fictitious Swiss biologist --
to spread an unfounded claim that the U.S. pressured scientists to blame
China for the coronavirus, Facebook said Wednesday.

The company based in Menlo Park, California, did not directly attribute the
network to the Chinese government. But it noted employees of Chinese
state-run companies, and the country's state-run media, worked to amplify
the misleading claims, which were soon the subject of news headlines in
China.

"In effect it worked like an online hall of mirrors, endlessly reflecting
the original fake persona and its anti-US disinformation," according to Ben
Nimmo, who leads investigations into disinformation at Meta, the parent
company of Facebook and Instagram.

The operation began in July 2021, when a Facebook account was created in the
name of Wilson Edwards, a self-professed Swiss biologist. That same day, the
account user claimed, without evidence, that U.S. officials were using
"enormous pressure and even intimidation" to get scientists to back calls
for renewed investigations into the origin of the virus.

https://techxplore.com/news/2021-12-facebook-fake-scientist-anti-us-propaganda.html

------------------------------

Date: Wed, 8 Dec 2021 11:37:13 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: The Webb Space Telescope Will Rewrite Cosmic History. If It Works.
 (Quantum Magazine)

https://www.quantamagazine.org/why-nasas-james-webb-space-telescope-matters-so-much-20211203/

------------------------------

Date: Wed, 8 Dec 2021 15:12:55 -0800
From: Lauren Weinstein <lauren () vortex com>
Subject: Verizon overrides users' opt-out preferences in push to collect
 browsing history (Ars Technica)

https://arstechnica.com/information-technology/2021/12/verizon-ignored-users-previous-opt-outs-in-latest-push-to-scan-web-browsing/

------------------------------

Date: Thu, 2 Dec 2021 04:02:00 +0000 ()
From: "danny burstein" <dannyb () panix com>
Subject: Planned Parenthood data breach (WSJ)

Hackers Breach Los Angeles Planned Parenthood Network Healthcare provider
says more than 400,000 patients' records compromised

Planned Parenthood Los Angeles said it is investigating a cyberattack that
compromised the personal information of thousands of patients.

The reproductive healthcare provider is notifying approximately 400,000
patients whose names, address, insurance and other identifying information
were breached, said local spokesman John Erickson. Clinical information,
which can include details of a patient's diagnosis, procedures and
prescriptions, was taken in the hack.

The cyberattack occurred in October, when an unauthorized user gained access
to the provider's network, installed malicious software and extracted files
from the system, he said.

rest:
https://www.wsj.com/articles/hackers-breach-los-angeles-planned-parenthood-network-11638408526?reflink=desktopwebshare_permalink

------------------------------

Date: Thu, 2 Dec 2021 04:14:31 +0000 ()
From: "danny burstein" <dannyb () panix com>
Subject: Israeli computer glitch lets people improperly leave the country
 (Winnews)

summary: In orthodox Judaism, if a woman wants a divorce, the man has to
approve it.

And far too many religious women let his refusal destroy their lives.

Lots, make that *LOTS*, of pressure is (often, not always) put on these guys
to sign off on the paper.

One technique is to ban them from leaving Israel.

Except...

https://vinnews.com/2021/12/01/get-refusers-flee-israel-after-computer-glitch-prevent-rabbinical-courts-from-issuing-injunctions/

------------------------------

Date: Sat, 4 Dec 2021 05:43:07 -0500
From: "Jan Wolitzky" <jan.wolitzky () gmail com>
Subject: Israeli Company's Spyware Is Used to Target U.S. Embassy Employees
 in Africa (NYTimes)

The hack is the first known case of the spyware, known as Pegasus, being
used against American officials.

The iPhones of 11 U.S. Embassy employees working in Uganda were hacked using
spyware developed by Israel's NSO Group, the surveillance firm that the
United States blacklisted a month ago because it said the technology had
been used by foreign governments to repress dissent, several people familiar
with the breach said on Friday.

The hack is the first known case of the spyware, known as Pegasus, being
used against American officials. Pegasus is a sophisticated surveillance
system that can be remotely implanted in smartphones to extract sound and
video recordings, encrypted communications, photos, contacts, location data
and text messages.

https://www.nytimes.com/2021/12/03/us/politics/phone-hack-nso-group-israel-uganda.html

------------------------------

Date: Fri, 3 Dec 2021 00:07:18 -0500
From: "Gabe Goldberg" <gabe () gabegold com>
Subject: There's a new push for mobile voting in WashDC

You can pay bills, swipe into a Metro station, order a car, and do countless
other things on your phone. And now venture capitalist and former political
operative Bradley Tusk wants D.C. residents to be able to use their phones
to vote.

Tusk Philanthropies is bringing its mobile voting project to D.C., hoping to
make the nation’s capital the first place in the country where residents can
use phones and computers to cast ballots. Tusk, a former campaign advisor to
New York City Mayor Michael Bloomberg and one-time Uber official, has in
recent years funded mobile-voting pilot programs across seven states —
including Washington, West Virginia, and Oregon -- largely to support
overseas and military voters. But his effort in D.C.  would represent the
first push to make mobile voting a permanent part of elections for all
voters.  [...]

Still, skeptics of mobile voting abound. They say that just like hackers can
steal someone's bank information or take over their social media accounts,
they could wreak havoc on the civic exercise that makes democracy tick.

``Study after study has found that Internet voting has fundamental security
vulnerabilities that simply haven't been resolved at this point. And a lot
of them are almost impossible to overcome given the current implementation
of the Internet, because the Internet was never really designed with
security in mind,'' says Mark Lindeman, an expert on voting security and
audits with Verified Voting, a nonpartisan group that focuses on elections
and technology.

Four federal agencies concluded as much in a May 2020 assessment, saying
that ``securing the return of voted ballots via the fficult while ensuring
ballot integrity and maintaining voter privacy is difficult, if not
impossible, at this time.''

https://dcist.com/story/21/12/02/theres-a-new-push-to-let-dc-voters-cast-ballots-from-their-phones/

------------------------------

Date: Sun, 5 Dec 2021 14:34:45 -0500
From: "Jan Wolitzky" <jan.wolitzky () gmail com>
Subject: U.S. Military Has Acted Against Ransomware Groups, General
 Acknowledges (NYTimes)

Gen. Paul M. Nakasone, the head of Cyber Command, said a new
cross-functional effort has been gathering intelligence to combat criminal
groups targeting U.S. infrastructure.

The U.S. military has taken actions against ransomware groups as part of its
surge against organizations launching attacks against American companies,
the nation's top cyberwarrior said on Saturday, the first public
acknowledgment of offensive measures against such organizations.

Gen. Paul M. Nakasone, the head of U.S. Cyber Command and the director of
the National Security Agency, said that nine months ago, the government saw
ransomware attacks as the responsibility of law enforcement.

But the attacks on Colonial Pipeline and JBS beef plants demonstrated that
the criminal organizations behind them have been “impacting our critical
infrastructure,” General Nakasone said.

In response, the government is taking a more aggressive, better coordinated
approach against this threat, abandoning its previous hands-off stance.
Cyber Command, the N.S.A. and other agencies have poured resources into
gathering intelligence on the ransomware groups and sharing that better
understanding across the government and with international partners.

https://www.nytimes.com/2021/12/05/us/politics/cyber-command-ransomware.html

------------------------------

Date: Mon, 6 Dec 2021 09:33:39 -0500
From: "Jan Wolitzky" <jan.wolitzky () gmail com>
Subject: Companies Linked to Russian Ransomware Hide in Plain Sight

Cybersecurity experts tracing money paid by American businesses to Russian
ransomware gangs found it led to one of Moscow's most prestigious addresses.

When cybersleuths traced the millions of dollars American companies,
hospitals and city governments have paid to online extortionists in ransom
money, they made a telling discovery: At least some of it passed through one
of the most prestigious business addresses in Moscow.

The Biden administration has also zeroed in on the building, Federation
Tower East, the tallest skyscraper in the Russian capital. The United States
has targeted several companies in the tower as it seeks to penalize Russian
ransomware gangs, which encrypt their victim'’ digital data and then demand
payments to unscramble it.

Those payments are typically made in cryptocurrencies, virtual currencies
like Bitcoin, which the gangs then need to convert to standard currencies,
like dollars, euros and rubles.

That this high-rise in Moscow's financial district has emerged as an
apparent hub of such money laundering has convinced many security experts
that the Russian authorities tolerate ransomware operators. The targets are
almost exclusively outside Russia, they point out, and in at least one case
documented in a U.S. sanctions announcement, the suspect was assisting a
Russian espionage agency.

https://www.nytimes.com/2021/12/06/world/europe/ransomware-russia-bitcoin.html

------------------------------

Date: Mon, 13 Dec 2021 10:04:03 PST
From: Peter Neumann <neumann () csl sri com>
Subject: Officials press for actionable recommendations from new
 cyber-advisory committee (The Hill)

https://thehill.com/policy/cybersecurity/585387-officials-press-for-actionable-recommendations-from-new-cyber-advisory

Maggie Miller, 10 December 2021 [via Dan Geer]

Top officials at the Department of Homeland Security (DHS) on Friday urged a
newly established advisory committee composed of experts from across sectors
to propose solutions to help tackle the growing wave of cyberattacks faced
by the nation.

The Cybersecurity Advisory Committee, established by DHS's Cybersecurity and
Infrastructure Security Agency (CISA) earlier this month, met in a hybrid
format both in McLean, Va., and remotely for the first time Friday. It
discussed strengthening the nation's basic cybersecurity practices and
concerns about disinformation, among other issues.

CISA Director Jen Easterly made clear at the top of the almost three hour
meeting that she hoped the advisory committee would "create action" and help
move the nation forward in cybersecurity.

"At the end of the day, this is really about implementing those things that
will help CISA truly be the nation's cyber defense agency, that is what the
American people need, and that is what the American people deserve,"
Easterly said. "I am not looking for a 20 page white paper, I am looking for
short papers from each of the subcommittees that give a series of
recommendations that we can go ahead and implement."

DHS Deputy Secretary John Tien made similar comments, telling committee
members that "your voices, your thoughts, your brainpower are going to have
to help us identify the gaps, the vulnerabilities, and also provide us some
thoughts on solutions."

The committee is made up of almost three dozen individuals with
cybersecurity expertise from various sectors, including cybersecurity group
Mandiant CEO Kevin Mandia; former Facebook Chief Technology Officer Alex
Stamos; Jeff Moss, the founder of the Def Con hacking conference, and Austin
Mayor Steve Adler (D).

Representatives from Twitter, Microsoft, Amazon Web Services, Walmart,
JPMorgan Chase and Johnson & Johnson, as well as several from the field of
academia, are also on the committee. Thomas Fanning, the chairman, president
and CEO of utility group Southern Company is the committee chair, while Ron
Green, the executive vice president and chief security officer of
Mastercard, is the vice chairman.

The event Friday marked the first official meeting of the advisory
committee. It included lengthy discussion around ways to address the
nation's cyber workforce challenges, increase basic cyber hygiene, and rally
the hacking community to help the government defend the nation.

Also discussed were ways to reduce systemic risk to critical infrastructure,
including elections, and to protect it against misinformation and
disinformation.

National Cyber Director Chris Inglis stressed the need for a coordinated
approach by the government and the private sector to best protect the nation
against cyber threats, which have spiked over the past year amid incidents
including ransomware attacks on Colonial Pipeline, meat producer JBS USA and
IT group Kaseya.

"A transgressor needs to beat all of us to beat one of us," Inglis
said of his goals for the committee.

------------------------------

Date: Fri, 3 Dec 2021 14:50:27 -1000
From: geoff goodfellow <geoff () iconia com>
Subject: Quote of The Day (WIDA)

*"A society that values attention over integrity will eventually self
destruct."*

https://twitter.com/wida_vision/status/1466744497921003523

------------------------------

Date: Mon, 6 Dec 2021 12:40:06 +0000 (UTC)
From: "Paul Robinson" <paul () paul-robinson us>
Subject: Re: You've Got an Enemy at Chase!

I had no idea Yahoo Mail inserted non-break spaces in e-mail I post. Nobody
ever said anything and probably didn't notice, as I had no idea it was
happening. I only put regular spaces in. Maybe Yahoo likes to play "Space
Invaders." Also, sorry about top-posting, again, that's on Yahoo.  Spelling
mistakes, however, I take full responsibility for.

------------------------------

Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest.  Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
 subscribe and unsubscribe:
   http://mls.csl.sri.com/mailman/listinfo/risks

=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that
   includes the string `notsp'.  Otherwise your message may not be read.
 *** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES:  http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
  http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
  Also, ftp://ftp.sri.com/risks for the current volume/previous directories
     or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
  If none of those work for you, the most recent issue is always at
     http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
  ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
  Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 32.95
************************