this week in security — august 16 edition
|MC_PREVIEW_TEXT|
~this week in security~ a cybersecurity newsletter by @zackwhittaker (https://twitter.com/zackwhittaker)
volume 3, issue 33
View this email in your browser (|ARCHIVE|)
~ ~
** THIS WEEK, TL;DR
The secret SIMs used by criminals to spoof any number (https://www.vice.com/en_us/article/n7w9pw/russian-sims-encrypted) Motherboard: Criminals are using “Russian SIMS,” or blank SIMs, to impersonate any phone number they want. These SIM cards aren’t inherently illegal but are used by organized gangs to conduct their business largely under the radar. These SIMs likely rely on a virtual mobile network (MVNO), which piggybacks off another carrier. Many of these were used during the Encrochat days (https://www.vice.com/en_us/article/3aza95/how-police-took-over-encrochat-hacked) , which shuttered after police hacked in. The reporting is incredible. An absolute must read. More: @josephfcox (https://twitter.com/josephfcox/status/1293535313214595072) Homeland Security details new tools for extracting device data at US borders (https://www.cnet.com/news/homeland-security-details-new-tools-for-extracting-device-data-at-us-borders/) CNET: Homeland Security effectively controls who crosses into the U.S. and who doesn’t — and whose devices get searched at the border. Any search is meant to be in offline mode so the border officer can’t search data in the cloud — that requires a warrant. But now, a new privacy assessment says border officials can now search your phone’s location history, social media information, and a lot more. More: Nextgov (https://www.nextgov.com/policy/2020/08/cbp-shifts-enterprise-approach-manage-phone-searches-us-borders/167724/) | @alfredwkng tweets (https://twitter.com/alfredwkng/status/1292916871642128384)
Hackers can eavesdrop on mobile calls with $7,000 worth of equipment (https://arstechnica.com/information-technology/2020/08/your-mobile-calls-may-be-vulnerable-to-a-new-revolting-eavesdrop-attack/) Ars Technica: VoLTE, or voice-over-LTE, allows for better quality voice calls over the 4G network — and comes with security improvements over 3G. But researchers say a new attack that they call ReVoLTE can eavesdrop on phone calls. You just need $7,000 worth of hardware to pull it off. The attack is somewhat limited: the attacker has to be on the same cell tower as the victim — typically within a few hundred feet. @matthew_d_green (https://twitter.com/matthew_d_green) explains more in his own blog post (https://blog.cryptographyengineering.com/2020/08/12/attack-of-the-week-voice-calls-in-lte/) . More: Cryptography Engineering (https://blog.cryptographyengineering.com/2020/08/12/attack-of-the-week-voice-calls-in-lte/) | ReVoLTE Attack (https://revolte-attack.net/)
NSA, FBI expose Russian intelligence hacking tool (https://www.reuters.com/article/us-usa-cyber-russia/nsa-fbi-expose-russian-intelligence-hacking-tool-report-idUSKCN2592HY) Reuters: The NSA and FBI have exposed (https://www.nsa.gov/news-features/press-room/Article/2311407/nsa-and-fbi-expose-russian-previously-undisclosed-malware-drovorub-in-cybersecu/) a new Russian GRU-built, Linux-based hacking tool, dubbed Drovorub, said to be a “Swiss Army knife” of capabilities, according to McAfee. The government’s technical report was effectively a name-and-shame to raise awareness of the malware. Drovorub is — apparently — Russian slang for the word “drivers,” according to @DAlperovitch (https://twitter.com/DAlperovitch/status/1293948157618003969) , even if the term actually translates closer to “woodcutter.” More: NSA (https://www.nsa.gov/news-features/press-room/Article/2311407/nsa-and-fbi-expose-russian-previously-undisclosed-malware-drovorub-in-cybersecu/) | @RidT (https://twitter.com/RidT/status/1293942446532055040)
Election commission orders top voting machine vendor to correct misleading claims (https://www.politico.com/news/2020/08/13/election-voting-machine-misleading-claims-394891) Politico: The Election Assistance Commission has told ES&S, one of the largest voting machine makers, to stop using deceptive marketing that implied its voting machines are certified by the agency. In short, ES&S violated of the EAC’s testing and certification rules, per @kimzetter (https://twitter.com/kimzetter) . More: @kimzetter tweets (https://twitter.com/KimZetter/status/1294031621184618497) | @SEGreenhalgh (https://twitter.com/SEGreenhalgh/status/1294021130718715906)
Belarus has shut down the internet amid a controversial election (https://www.wired.com/story/belarus-internet-outage-election/) Wired ($): Human rights organizations are blaming the Belarusian government for widespread internet outages across the country after a controversial election saw Europe’s “last dictator,” Alexander Lukashenko, hold onto power after close to three decades in power. The main opposition leader, Svetlana Tikhanovskaya, is in exile. The internet outages even extended to VPNs, often a way to get around censorship. It’s a common tactic used by governments to try to squash dissent — even if it rarely works. More: Motherboard (https://www.vice.com/en_us/article/xg8mqa/belarus-is-trying-to-block-parts-of-the-internet-amid-historic-protests) | Human Rights Watch (https://www.hrw.org/news/2020/08/11/internet-disruption-belarus) | Amnesty International (https://www.amnesty.org/en/latest/news/2020/08/belarus-journalists-under-attack/) ~ ~ SUPPORT THIS NEWSLETTER
A huge thanks to everyone who reads this newsletter! If you can spare $1/month (or more for perks (https://www.patreon.com/posts/mugs-are-on-way-32666051) !), it helps to maintain its upkeep. You can contribute to the Patreon (https://www.patreon.com/thisweekinsecurity) or send a one-time donation via PayPal (http://paypal.me/thisweekinsecurity) or Venmo (https://mcusercontent.com/e1ad6038c994abec17dafb116/images/9686ed69-9c8a-4787-9b13-758569be85e4.png) . ~ ~
** THE STUFF YOU MIGHT’VE MISSED
Boeing 747s get critical updates over 3.5” floppy disks (https://www.theregister.com/2020/08/10/boeing_747_floppy_drive_updates_walkthrough/) The Register: According to researchers at Pen Test Partners (https://www.pentestpartners.com/security-blog/747-walkthrough-from-a-hackers-perspective/) , some Boeing 747 planes still use 3.5” floppy disks to receive critical navigation database updates. The researchers were digging around ahead of a Def Con talk. That kicked off an interesting question (https://twitter.com/x0rz/status/1293558768287076354?s=20) about security.
PinePhone offers physical hardware kill-switches (https://www.androidpolice.com/2020/08/13/the-linux-based-pinephone-is-the-most-interesting-smartphone-ive-tried-in-years/) Android Police: I don’t really talk much about gadgets but this is an interesting one: the new Linux-based PinePhone comes with physical hardware kill-switches that disables certain parts of the phone: cameras, microphones, and networking. It’s a really interesting concept, even if the rest of the phone leaves a lot to be desired — at least compared to the more polished mass-production phones. Inside the courthouse break-in spree that landed two white-hat hackers in jail (https://www.wired.com/story/inside-courthouse-break-in-spree-that-landed-two-white-hat-hackers-in-jail/) Wired ($): This was a great, deep-dive read by @a_greenberg (https://twitter.com/a_greenberg) about the two Coalfire penetration testers, tasked by Iowa officials to test the security of several state courthouses. But the state disavowed the pair after they were arrested by a local sheriff. The storytelling here is excellent. ~ ~
** OTHER NEWSY NUGGETS
SANS Institute, which drills cyber professionals in defense, hit by data breach (https://www.cyberscoop.com/sans-institute-data-breach-pii/) SANS confirmed some 28,000 records containing personally identifiable information were accessed in early August. A hacker got access after sending an employee a phishing email. SANS said (https://www.sans.org/dataincident2020) the stolen data included names, email addresses, work phone numbers, company names, postal addresses and more.
Tor warns of exit relays running ‘sslstrip’ in May and June 2020 (https://blog.torproject.org/bad-exit-relays-may-june-2020) The Tor Project, which maintains the Tor anonymity network, said a group of Tor exit relays were “messing” with exit traffic — specifically, intercepting communications from a small number of cryptocurrency exchanges and stripping HTTPS from the connection, effectively allowing an attacker to snoop on sensitive web traffic. The exit relays were removed in May but found another attack underway in June. ~ ~
** THE HAPPY CORNER
This week @IanColdwater (https://twitter.com/iancoldwater/status/1292895288546545666?s=21) slapped down a troll so hard it left jaws wide open and heads spinning. This was a truly beautiful moment. Chef’s kisses all around. Get your commemorative sticker here (https://twitter.com/eanmeyer/status/1293294747910635520?s=21) . Gizmodo took a novel approach (https://gizmodo.com/what-the-fuck-is-my-wifi-password-1844706166) to figure out their Wi-Fi password by simply asking the internet to figure it out.
And, next weekend is the Diana Initiative’s (https://www.dianainitiative.org/schedule/) 2020 virtual conference, starting Friday. As @RayRedacted (https://twitter.com/rayredacted/status/1294438688273895428?s=21) notes, it’s an incredible line-up of speakers and lots to get involved with. The Diana Initiative is a women-centric organization but open to all. If you want to nominate some good news from the week, feel free to reach out (mailto:this@weekinsecurity.com?subject=Good%20news%20for%20your%20newsletter) . ~ ~
** THIS WEEK’S CYBER CAT
This week’s cyber cat Mr. Pilkington. You have hacked his defenses — you can now commence belly rubs. A big thank you to his anonymous human for the submission! Please keep sending in (mailto:this@weekinsecurity.com?subject=Cyber%20Cat%20submission&body=Please%20include%20a%20JPG%20of%20your%20cyber%20cat%2C%20their%20name%2C%20and%20also%20your%20name%20and%20Twitter%20handle%20if%20you%20want%20credit.) your cyber cats! The more the merrier. Send them in! ~ ~
** SUGGESTION BOX
That’s all for now. If you have any feedback, feel free to drop it in the suggestion box (https://docs.google.com/forms/d/e/1FAIpQLSebkpf8z8TvMJoixuSzmrR-CTLcOv_ufF7voso1HZBI_f5zrw/viewform) . Have a great week and see you next Sunday
============================================================ |IFNOT:ARCHIVE_PAGE| |LIST:DESCRIPTION|
Our mailing address is: |LIST_ADDRESS| |END:IF| You can update your preferences (|UPDATE_PROFILE|) or unsubscribe from this list (|UNSUB|) .