Oct 31 2023

THE ART OF INTERCEPTION :ACTIVE AND PASSIVE SURVEILLANCE IN MOBILE SIGNALING NETWORKS

Category: Cyber surveillance,Mobile Securitydisc7 @ 7:23 am

Mobile network data might be one of our most recent and thorough dossiers. Our mobile phones are linked to these networks and expose our demographics, social circles, purchasing habits, sleeping patterns, where we live and work, and travel history. Technical weaknesses in mobile communications networks threaten this aggregate data. Such vulnerabilities may reveal private information to numerous varied players and are closely tied to how mobile phones roam among cell providers for travel. These vulnerabilities are usually related to signalling signals carried across telecommunications networks, which expose phones to possible location disclosure.

Telecommunications networks use private, open signalling links. These connections enable local and international roaming, allowing mobile phones to smoothly switch networks. These signalling protocols also enable networks to obtain user information including if a number is active, whether services are accessible, to which national network they are registered, and where they are situated. These connections and signalling protocols are continually targeted and exploited by surveillance actors, exposing our phones to several location disclosure techniques.

Most illegal network-based location disclosure is achievable because mobile telecommunications networks interact. Foreign intelligence and security agencies, commercial intelligence businesses, and law enforcement routinely want location data. Law enforcement and intelligence agencies may get geolocation information secretly using tactics similar to those employed by criminals. We shall refer to all of these players as ‘surveillance actors’ throughout this paper since they are interested in mobile geolocation surveillance.

Despite worldwide 4G network adoption and fast developing 5G network footprint, many mobile devices and their owners use 3G networks. The GSMA, which offers mobile industry information, services, and rules, reports 55% 3G subscriber penetration in Eastern Europe, the Middle East, and Sub-Saharan Africa. The UK-based mobile market intelligence company Mobilesquared estimates that just 25% of mobile network operators globally had built a signalling firewall to prevent geolocation spying by the end of 2021. Telecom insiders know that the vulnerabilities in the 3G roaming SS7 signalling protocol have allowed commercial surveillance products to provide anonymity, multiple access points and attack vectors, a ubiquitous and globally accessible network with an unlimited list of targets, and virtually no financial or legal risks.

The research done by Citizen labs focuses on geolocation risks from mobile signalling network attacks. Active or passive surveillance may reveal a user’s position using mobile signalling networks. They may use numerous strategies to do this.

The two methods differ significantly. Active surveillance employs software to trigger a mobile network response with the target phone position, whereas passive surveillance uses a collecting device to retrieve phone locations directly from the network. An adversarial network employs software to send forged signalling messages to susceptible target mobile networks to query and retrieve the target phone’s geolocation during active assaults. Such attacks are conceivable on networks without properly implemented or configured security safeguards. Unless they can install or access passive collecting devices in global networks, an actor leasing a network can only utilise active surveillance tactics.

However, cell operators and others may be forced to conduct active and passive monitoring. In this case, the network operator may be legally required to allow monitoring or face a hostile insider accessing mobile networks unlawfully. A third party might get access to the operator or provider by compromising VPN access to targeted network systems, allowing them to gather active and passive user location information.

The report primarily discusses geolocation threats in mobile signaling networks. These threats involve surveillance actors using either active or passive methods to determine a user’s location.

Active Surveillance:

  • In active surveillance, actors use software to interact with mobile networks and get a response with the target phone’s location.
  • Vulnerable networks without proper security controls are susceptible to active attacks.
  • Actors can access networks through lease arrangements to carry out active surveillance.

Passive Surveillance:

  • In passive surveillance, a collection device is used to obtain phone locations directly from the network.
  • Surveillance actors might combine active and passive methods to access location information.

Active Attacks:

  • Actors use software to send crafted signaling messages to target mobile networks to obtain geolocation information.
  • They gain access to networks through commercial arrangements with mobile operators or other service providers connected to the global network.

Vulnerabilities in Home Location Register (HLR) Lookup:

  • Commercial HLR lookup services can be used to check the status of mobile phone numbers.
  • Surveillance actors can pay for these services to gather information about the target phone’s location, country, and network.
  • Actors with access to the SS7 network can perform HLR lookups without intermediary services.

Domestic Threats:

  • Domestic location disclosure threats are concerning when third parties are authorized by mobile operators to connect to their network.
  • Inadequate configuration of signaling firewalls can allow attacks originating from within the same network to go undetected.
  • In some cases, law enforcement or state institutions may exploit vulnerabilities in telecommunications networks.

Passive Attacks:

  • Passive location attacks involve collecting usage or location data using network-installed devices.
  • Signaling probes and monitoring tools capture network traffic for operational and surveillance purposes.
  • Surveillance actors can use these devices to track mobile phone locations, even without active calls or data sessions.

Packet Capture Examples of Location Monitoring:

  • Packet captures show examples of signaling messages used for location tracking.
  • Location information, such as GPS coordinates and cell information, can be exposed through these messages.
  • User data sessions can reveal information like IMSI, MSISDN, and IMEI, allowing for user tracking.

The report highlights the various methods and vulnerabilities that surveillance actors can exploit to obtain the geolocation of mobile users, both domestically and internationally.Based on history, present, and future mobile network security evaluations, geolocation monitoring should continue to alarm the public and policymakers. Exploitable vulnerabilities in 3G, 4G, and 5G network designs are predicted to persist without forced openness that exposes poor practises and accountability mechanisms that require operators to fix them. All three network types provide surveillance actors more possibilities. If nation states and organised crime entities can actively monitor mobile phone locations domestically or abroad, such vulnerabilities will continue to threaten at-risk groups, corporate staff, military, and government officials.

Is My Cell Phone Bugged?: Everything You Need to Know to Keep Your Mobile Conversations Private

InfoSec tools | InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory

Tags: MOBILE SIGNALING NETWORKS


Jul 15 2023

Self-Driving Cars Are Surveillance Cameras on Wheels

Category: Cyber surveillancedisc7 @ 12:06 pm

Police are already using self-driving car footage as video evidence:

While security cameras are commonplace in American cities, self-driving cars represent a new level of access for law enforcement ­ and a new method for encroachment on privacy, advocates say. Crisscrossing the city on their routes, self-driving cars capture a wider swath of footage. And it’s easier for law enforcement to turn to one company with a large repository of videos and a dedicated response team than to reach out to all the businesses in a neighborhood with security systems.

“We’ve known for a long time that they are essentially surveillance cameras on wheels,” said Chris Gilliard, a fellow at the Social Science Research Council. “We’re supposed to be able to go about our business in our day-to-day lives without being surveilled unless we are suspected of a crime, and each little bit of this technology strips away that ability.”

[
]

While self-driving services like Waymo and Cruise have yet to achieve the same level of market penetration as Ring, the wide range of video they capture while completing their routes presents other opportunities. In addition to the San Francisco homicide, Bloomberg’s review of court documents shows police have sought footage from Waymo and Cruise to help solve hit-and-runs, burglaries, aggravated assaults, a fatal collision and an attempted kidnapping.

In all cases reviewed by Bloomberg, court records show that police collected footage from Cruise and Waymo shortly after obtaining a warrant. In several cases, Bloomberg could not determine whether the recordings had been used in the resulting prosecutions; in a few of the cases, law enforcement and attorneys said the footage had not played a part, or was only a formality. However, video evidence has become a lynchpin of criminal cases, meaning it’s likely only a matter of time.

The Race to Create the Autonomous Car

CISSP training course

InfoSec tools | InfoSec services | InfoSec books

Tags: Autonomous Car, cars, crime, law enforcement, privacy, Self-Driving Cars, surveillance


Jan 02 2023

Google Home Vulnerability: Eavesdropping on Conversations

Category: Cyber Espionage,Cyber surveillanceDISC @ 11:01 am

Matt Kunze, an ethical hacker, reported wiretapping bugs in Google Home Smart Speakers, for which he received a bug bounty worth $107,500.

Google Assistant is currently more popular among smart homeowners than Amazon Alexa and Apple Siri, given its superior intuitiveness and capability to conduct lengthy conversations. However, according to the latest research, a vulnerability in Google Home Smart speakers could allow attackers to control the smart device and eavesdrop on user conversations indoors

Findings Details

The vulnerability was identified by Matt Kunze, a security researcher using the moniker DownrightNifty Matt. The researchers revealed that if exploited, the vulnerability could allow the installation of backdoors and convert Google Home Smart speakers into wiretapping devices. Moreover, Google fixed the issue in April 2021 following responsible disclosure on 8 January 2021 and developing a Proof-of-Concept for the company.

Possible Dangers

The vulnerability could let an adversary present within the device’s wireless proximity install a backdoor account on the device and start sending remote commands, access the microphone feed, and initiate arbitrary HTTP requests. All of this could be possible if the attacker is within the user’s LAN range because making malicious requests exposes the Wi-Fi password of the device and provides the attacker direct access to all devices connected to the network.

What Caused the Issue?

Matt discovered that the problem was caused by the software architecture used in Google Home devices as it let an adversary add a rogue Google user account to their target’s smart home devices.

A threat actor would trick the individual into installing a malicious Android application to make the attack work. It will detect a Google Home automation device connected to the network and stealthily start issuing HTTP requests to link the threat actor’s account to the victim’s device.

In addition, the attacker could stage a Wi-Fi de-authentication attack to disconnect the Google Home device from the network and force the appliance to initiate a setup mode and create an open Wi-Fi network. Subsequently, the attacker can connect to this network and request additional details such as device name, certificate, and cloud_device_id. They could use the information and connect their account to the victim’s device.

According to Matt’s blog post, the attacker could perform a range of functions, such as turning the speaker’s volume down to zero and making calls to any phone number apart from spying on the victim via the microphone. The victim won’t suspect anything because just the device’s LED turns blue when the exploitation happens, and the user would think the firmware is being updated.

Matt successfully connected an unknown user account to a Google Home speaker. He created a backdoor account on the targeted device and obtained unprecedented privileges that let him send remote commands to the Home mini smart speaker, access its microphone feed, etc. Watch the demo shared by the researcher:

It is worth noting that there’s no evidence this security loophole was misused since its detection in 2021. Being an ethical hacker, the researcher notified Google about the issue, and it was patched. Matt received a bug bounty worth $107,500 for detecting this security flaw.

Wiretapping Bugs Discovered in Google Home Smart Speakers

Tags: Eavesdropping on Conversations


Apr 26 2022

Anomaly Six, a US surveillance firm that tracks roughly 3 billion devices in real-time

Category: Cyber surveillanceDISC @ 8:32 am

An interesting article published by The Intercept reveals the secretive business of a US surveillance firm named Anomaly Six.

When we speak about the secretive business of surveillance businesses we often refer to the powerful tools developed by Israeli firms like NSO Group and Candiru, but many other firms operates in the shadow like the US company Anomaly Six (aka A6).

According to an interesting analysis published by The Intercept, Anomaly Six is a secretive government contractor that claims to monitor billions of phones worldwide.

While Russia was invading Ukraine in February, two unknown surveillance startups, Anomaly Six and Zignal Labs joined forces to provide powerful surveillance services.

Zignal Labs is a company that provides social media surveillance, combining its analysis with capabilities of A6, the U.S. government was able to spy on Russian the army before the invasion.

“According to audiovisual recordings of an A6 presentation reviewed by The Intercept and Tech Inquiry, the firm claims that it can track roughly 3 billion devices in real time, equivalent to a fifth of the world’s population.” reads the article published by The Intercept. “The staggering surveillance capacity was cited during a pitch to provide A6’s phone-tracking capabilities to Zignal Labs, a social media monitoring firm that leverages its access to Twitter’s rarely granted “firehose” data stream to sift through hundreds of millions of tweets per day without restriction.”

The capabilities claimed by the surveillance firm are worrisome, a government contractor can spy on Americans and pass gathered data to the US intelligence agencies.

The source that provided the information on the secretive surveillance firms to The Intercept said that Zignal Labs violated Twitter’s terms of service to gather intelligence, but the company refused any accusation.

A6, unlike other surveillance firms, harvests only GPS pinpoints and data it provides allows to surveil roughly 230 million devices on an average day. A6 is able to access GPS measurements gathered through covert partnerships with “thousands” of apps. A6 also claimed to have amassed a huge quantity of information on people, it has gathered over 2 billion email addresses and other personal details for these individuals.

These data were voluntarily shared by mobile users when signing up for smartphone apps, a company spokesman explained that users agree on everything without reading the end-user license agreement.

The Hacker and the State: Cyber Attacks and the New Normal of Geopolitics

Tags: surveillance


Feb 17 2022

50 Key Stats About Freedom of the Internet Around the World

Almost every part of our everyday lives is closely connected to the internet – we depend on it for communication, entertainment, information, running our households, even running our cars.

Not everyone in the world has access to the same features and content on the internet, though, with some governments imposing restrictions on what you can do online. This severely limits internet freedom and, with it, the quality of life and other rights of the affected users.

Internet freedom is a broad term that covers digital rights, freedom of information, the right to internet access, freedom from internet censorship, and net neutrality.

To cover this vast subject, we’ve compiled 50 statistics that will give you a pretty clear picture about the state of internet freedom around the world. Dig into the whole thing or simply jump into your chosen area of interest below:

Digital Rights

Freedom of Information

Right to Internet Access

Freedom from Internet Censorship

Net Neutrality

The Bottom Line

The Internet in Everything: Freedom and Security in a World with No Off Switch

Tags: digital privacy, Freedom of the Internet Around


Jan 10 2022

US NCSC and DoS share best practices against surveillance tools

Category: Cyber surveillance,Security ToolsDISC @ 10:44 am

The US National Counterintelligence and Security Center (NCSC) and the Department of State have published joint guidance that provides best practices on defending against attacks carried out by threat actors using commercial surveillance tools.

In the last years, we have reported several cases of companies selling commercial surveillance tools to governments and other entities that have used them for malicious purposes.

Surveillance tools can be used to record audio, including phone calls, track the phone’s location, and access and retrieve all content on a phone (i.e. text messages, files, chats, commercial messaging app content, contacts, and browsing history).

These tools were used in attacks aimed at journalists, dissidents, and other persons around the world.

“Journalists, dissidents, and other persons around the world have been targeted and tracked using these tools, which allow malign actors to infect mobile and internet-connected devices with malware over both WiFi and cellular data connections.” reads the guidance. “In some cases, malign actors can infect a targeted device with no action from the device owner. In others, they can use an infected link to gain access to a device.”

Below is the list of cybersecurity practices recommended by the NCSC and the US State Department to mitigate the risk of exposure to attacks using these tools:

  • Regularly update device operating systems and mobile applications.
  • Be suspicious of content from unfamiliar senders, especially those which contain links or attachments.
  • Don’t click on suspicious links or suspicious emails and attachments.
  • Check URLs before clicking links, or go to websites directly.
  • Regularly restart mobile devices, which may help damage or remove malware implants.
  • Encrypt and password protect your device.
  • Maintain physical control of your device when possible.
  • Use trusted Virtual Private Networks.
  • Disable geo-location options and cover camera on devices.
  • While these steps mitigate risks, they don’t eliminate them. It’s always safest to behave as if the device is compromised, so be mindful of sensitive content.

Big Brother Technology: PRISM, XKeyscore, and other Spy Tools of the Global Surveillance State

Tags: Global Surveillance, PRISM, Spy Tools, surveillance tools, US NCSC, XKeyscore


Dec 20 2021

Pegasus: Google reveals how the sophisticated spyware hacked into iPhones without user’s knowledge

  • Pegasus spyware was allegedly used by governments to spy upon prominent journalists, politicians and activists.
  • A Google blog has revealed how the sophisticated software was used to attack iPhone users.
  • The software used a vulnerability in iMessages to hack into iPhones without the user’s knowledge.

The Pegasus spyware, developed by Israel’s NSO group, made headlines for being used by governments and regimes across the world including India to spy on journalists, activists, opposition leaders, ministers, lawyers and others. The spyware is accused of hacking into the phones of at least 180 journalists around the world, of which 40 are notable Indian personalities.

Now, a Google blog from the Project Zero team called the attacks technically sophisticated exploits and assessed the software to have capabilities rivalling spywares previously thought to be accessible to only a handful of nations.

The company has also faced multiple lawsuits including one in India where the Supreme Court (SC) set up a three-member panel headed by former SC judge RV Raveendran to probe whether the software was used by the government to spy on journalists and other dissidents.

Apart from India, Apple has also sued the Israeli firm after having patched its security exploit. The company was also banned in the United States after the details of the spyware were revealed. Let’s take a look at how this advanced snooping technology discretely worked on iPhones.

How Pegasus hacked iPhones

According to the Project Zero blog, a sample of the ForcedEntry exploit was worked upon by the team and Apple’s Security Engineering and Architecture (SEAR) group. Pegasus attacks on iPhones were possible due to the ForcedEntry exploit.

Best iPhone in 2021: Which model is right for you? | ZDNet

Pegasus is a spyware (Trojan/Script) that can be installed remotely on devices running on Apple ‘ s iOS & Google ‘ s Android operating systems. It is developed and marketed by the Israeli technology firm NSO Group. NSO Group sells Pegasus to ” vetted governments ” for ” lawful interception ” , which is understood to mean combating terrorism and organized crime, as the firm claims, but suspicions exist that it is availed for other purposes. Pegasus is a modular malware that can initiate total surveillance on the targeted device, as per a report by digital security company Kaspersky. It installs the necessary modules to read the user’s messages and mail, listen to calls, send back the browser history and more, which basically means taking control of nearly all aspects of your digital life. It can even listen in to encrypted audio and text files on your device that makes all the data on your device up for grabs.

Tags: A Privacy Killer, hacked iphone, NSO Group, Pegasus spyware


Oct 27 2021

FTC: ISPs are Spying on You. ISPs: Deal With It.

Category: Cyber surveillanceDISC @ 10:09 pm

Your internet service provider snoops on your browsing habits, records them and sells you—the product—to the highest bidder. So says the Federal Trade Commission (FTC) in a new report.

Are you surprised? Did you really think your ISP has your best interests at heart? This is the same company that overcharges you for a slow, unreliable service. And it barely competes for your business, because there’s no alternative in your market.

Privacy is dead. In today’s SB Blogwatch, we mourn its passing.

Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Animated postcards.

Ghost of Privacy

What’s the craic? Tonya Riley reports—“Internet providers fail to inform Americans about how they use sensitive data for advertising”:

Difficult for consumers to opt out”
Internet service providers fail to disclose to consumers how they use sensitive data, obscure privacy practices and make it difficult to opt-out of collection, according to 
 the Federal Trade Commission. [It] comes as the agency weighs pursuing a privacy rule-making process as Congress dithers on passing a federal privacy law.


The key takeaways offer a scathing view of the industry’s privacy practices as a whole. 
 Common collection practices across many of the ISPs included gathering data that wasn’t necessary to provide internet services, as well as using web browsing data to serve up specific advertisements. 
 Numerous ISPs also shared real-time location data with third parties, allowing third parties to garner sensitive details about an individual’s life, such as if they visit a rehab or where their children go to daycare.


Crucially, FTC staff found that ISPs made it both difficult for consumers to opt out of data collection [and] to find out what ISPs had collected on them. FTC Chair Lina Khan said that the report raised the need to consider “a new paradigm” when it comes to how consumers can consent to data collection.

Tags: FTC, ISPs are Spying on You, Spying


Oct 05 2021

Cheating on Tests

Interesting story of test-takers in India using Bluetooth-connected flip-flops to communicate with accomplices while taking a test.

What’s interesting is how this cheating was discovered. It’s not that someone noticed the communication devices. It’s that the proctors noticed that cheating test takers were acting hinky.

How to Prevent Cheating on Workplace Exams - HR Daily Advisor

Cheating on Tests: How To Do It, Detect It, and Prevent It

Tags: Bluetooth, cheating, Cheating on Tests, India, schools


Sep 14 2021

The Pegasus project: key takeaways for the corporate world

Forbidden Stories, a Paris-based non-profit organisation that seeks to ensure the freedom of speech of journalists, recently announced that the Pegasus Project surveillance solution by the Israeli NSO Group selected 50,000 phone numbers for surveillance by its customers following a data leak. 

The NSO Group has always maintained that the purpose of the Pegasus Project was for governments to monitor terrorist activity. However, this recent story, if true, could suggest that the solution has been abused for a long period of time and used for other nefarious purposes.

As reported by Forbidden Stories, the leaked data suggests the wide misuse of Pegasus Project and a range of surveillance targets that include human rights defenders, academics, businesspeople, lawyers, doctors, union leaders, diplomats, politicians and several heads of states. The NSO Group continues to contend these assertions are based on wrong assumptions and uncorroborated theories. Whether these statements are true or false, they raise interesting considerations for enterprises and government organisations that have a requirement to protect the smartphones of employees who have access to sensitive information.

Pegasus Project is reported to provide NSO Group customers full control of target devices, which makes it a threat of interest. However, it is not the first mobile threat that organisations should be concerned about. In another contested case, SNYK suggested that the Sour Mint threat, a Software Development Kit (SDK) developed by the Chinese mobile ad platform provider Mintegral and used by more than 1,200 apps in the Apple App Store, was responsible for spying on users by activity logging URL-based requests through the app. It was reported that user activity is logged to a third-party server that could potentially include personally identifiable information (PII).

Where things get interesting with Sour Mint is its ability to evade defences by slipping through the Quality Assurance (QA) process of the Apple App Store, which goes to show that even the thoroughness of Apple’s processes were not sufficient to detect malicious code in the case of this threat.

So, with the rise of mobile threats such as Pegasus Project and Sour Mint, how should organisations defend against such threats?

The Pegasus Project - YouTube

Ban on Use of Whatsapp / Likewise Means for Sharing of Official Letters /
Information (Advisory No. 2).

Mobile security solution review in light of the
WhatsApp Pegas
us hack

Tags: Pegasus malware, The Pegasus project


May 18 2021

“Those aren’t my kids!” – Eufy camera owners report video mixups

Category: Access Control,Cyber surveillanceDISC @ 1:45 pm

This isn’t the first time we’ve heard of a SNAFU like this, where virtual wires got crossed inside a video surveillance company’s own back end, causing customers not only to lose track of their own video cameras but also to gain access to someone else’s.

In one case, three years ago, a user of a cloud video service offered by a UK company called Swann received a video notification that showed surveillance footage from the kitchen



just not the kitchen in the user’s own house.

Amusingly, if that is the right word, the victim in this incident just happened to be a BBC staffer, relaxing at the weekend, who was gifted an ideal story to write up in the upcoming week.

In that incident, the camera vendor blamed human error, with two cameras accidentally set up with a “unique identifier” that wasn’t unique at all, leaving the system unable to decide which camera belonged to which account.

Alhough the vendor dismissed it as a “one off”, the BBC tracked down an even more amusing (though no less worrying) occurrence of the same problem in which a user received a surveillance video of a property that looked like a pub.

With a few days of search engine wrangling, that user managed to identify the pub online, only to find out that it was, by fluke, just 5 miles away.

So he went there and took a picture of himself in the beer garden, via the pub landlord’s webcam, but using his own online account:

Dark World – A Guide to the Global Surveillance Industry

Tags: Cyber surveillance


Apr 24 2021

UK spy chief says warns West faces ‘moment of reckoning’ over tech

Category: Cyber Espionage,Cyber surveillanceDISC @ 11:10 pm

LONDON — Western countries risk losing control of technologies that are key to internet security and economic prosperity to nations like China and Russia if they don’t act to deal with the threat, one of the UK’s top spy chiefs warned Friday.

“Significant technology leadership is moving east” and causing a conflict of interests and values, Jeremy Fleming, director of government electronic surveillance agency GCHQ, said in a speech.

Singling out China as a particular threat, he said the country’s “size and technological weight means that it has the potential to control the global operating system.”

China is an early adopter of emerging technologies but it also has a “competing vision for the future of cyberspace,” and it’s playing an influential role in the debate around international rules and standards, he said.

He raised the possibility of countries with “illiberal values” like China building them into technical standards that the world ends up relying on, and using their state power to control and dominate technology markets, turning them into arenas of geopolitical competition.

Russian hacking and other nefarious online activity, meanwhile, poses the most acute threat to the UK but, like a smartphone app vulnerability, could be avoided.

China’s Foreign Ministry blasted the remarks, saying they were “totally groundless and unreasonable.”

“Western countries, such as the UK and US, are actually the true empires of hacking and tapping,” ministry spokesman Zhao Lijian said at a briefing in Beijing.

Left unchecked, foreign adversaries could threaten the design and freedom of the internet, Fleming said. He citied as examples the security for emerging technologies like “smart city” sensors used to manage services more efficiently or digital currencies, saying they could be hardwired for data collection or other intrusive capabilities that go against open and democratic societies.

Britain and other Western countries face “a moment of reckoning,” Fleming said.

“The rules are changing in ways not always controlled by government,” Fleming said in his speech at Imperial College London. “And without action it is increasingly clear that the key technologies on which we will rely for our future prosperity and security won’t be shaped and controlled by the West.”

Britain should not take its status as a cyber power for granted, and it should work on developing “sovereign technologies” such as high-speed quantum computing and cryptographic technology to protect sensitive information, Fleming said.

China’s focus on establishing information dominance as a key component of its military efforts.


Apr 19 2021

Alarming Cybersecurity Stats: What You Need To Know For 2021

Cyber Attack A01

The year 2020 broke all records when it came to data lost in breaches and sheer numbers of cyber-attacks on companies, government, and individuals. In addition, the sophistication of threats increased from the application of emerging technologies such as machine learning, artificial intelligence, and 5G,  and especially from greater tactical cooperation among hacker groups and state actors. The recent Solar Winds attack, among others,  highlighted both the threat and sophistication of those realities.

The following informational links are compiled from recent statistics pulled from a variety of articles and blogs. As we head deeper into 2021, it is worth exploring these statistics and their potential cybersecurity implications in our changing digital landscape.

To make the information more useable, I have broken down the cybersecurity statistics in several categories, including Top Resources for Cybersecurity Stats, The State of Cybersecurity Readiness, Types of Cyber-threats, The Economics of Cybersecurity, and Data at Risk.

There are many other categories of cybersecurity that do need a deeper dive, including perspectives on The Cloud, Internet of Things, Open Source, Deep Fakes, the lack of qualified Cyber workers, and stats on many other types of cyber-attacks. The resources below help cover those various categories.

Top Resources for Cybersecurity Stats:

If you are interested in seeing comprehensive and timely updates on cybersecurity statistics, I highly recommend you bookmark these aggregation sites:

 300+ Terrifying Cybercrime and Cybersecurity Statistics & Trends (2021 EDITION) 300+ Terrifying Cybercrime & Cybersecurity Statistics [2021 EDITION] (comparitech.com)·        

The Best Cybersecurity Predictions For 2021 RoundupWhy Adam Grant’s Newest Book Should Be Required Reading For Your Company’s Current And Future LeadersIonQ Takes Quantum Computing Public With A $2 Billion Deal

134 Cybersecurity Statistics and Trends for 2021 134 Cybersecurity Statistics and Trends for 2021 | Varonis

 2019/2020 Cybersecurity Almanac: 100 Facts, Figures, Predictions and Statistics  (cybersecurityventures.com)

Source: The State of Cybersecurity Readiness:

Cyber-Security Threats, Actors, and Dynamic Mitigation

Related article:

Top Cyber Security Statistics, Facts & Trends in 2022

👇 Please Follow our LI page…


DISC InfoSec

#InfoSecTools and #InfoSectraining

#InfoSecLatestTitles

#InfoSecServices

Tags: Cybersecurity Stats


Mar 22 2021

FCC Boots Chinese Telecom Companies, Citing Security

he Federal Communications Commission’s (FCC) Public Safety and Homeland Security Bureau on March 12 identified five Chinese companies they said posed a threat to U.S. national security. These companies are: Huawei Technologies Co., ZTE Corp., Hytera Communications Corp., Hangzhou Hikvision Digital Technology Co. and Dahua Technology Co.

The declaration, according to the FCC, is in accordance with the requirements of the Secure and Trusted Communications Networks Act of 2019, which requires the FCC to “publish and maintain a list of communications equipment and services that pose an unacceptable risk to national security or the security and safety of U.S. persons.”

In June 2020, the FCC designated both ZTE and Huawei as national security threats. “
 [B]ased on the overwhelming weight of evidence, the Bureau has designated Huawei and ZTE as national security risks to America’s communications networks—and to our 5G future,” said then-FCC chairman Ajit Pai. Pai continued, “Both companies have close ties to the Chinese Communist Party and China’s military apparatus, and both companies are broadly subject to Chinese law obligating them to cooperate with the country’s intelligence services.  The Bureau also took into account the findings and actions of congress, the executive branch, the intelligence community, our allies, and communications service providers in other countries. We cannot and will not allow the Chinese Communist Party to exploit network vulnerabilities and compromise our critical communications infrastructure. Today’s action will also protect the FCC’s Universal Service Fund—money that comes from fees paid by American consumers and businesses on their phone bills—from being used to underwrite these suppliers, which threaten our national security.”

ZTE’s petition for reconsideration in November 2020 was immediately rejected. Huawai also petitioned for reconsideration, and their appeal was rejected in December 2020, after a few weeks of deliberation.

FCC Boots Chinese Telecom Companies, Citing Security

Tags: Chinese Telecom


Feb 26 2021

Microsoft releases open-source CodeQL queries to assess Solorigate compromise

Microsoft announced the release of open-source CodeQL queries that it experts used during its investigation into the SolarWinds supply-chain attack

In early 2021, the US agencies FBI, CISA, ODNI, and the NSA released a joint statement that blames Russia for the SolarWinds supply chain attack.

The four agencies were part of the task force Cyber Unified Coordination Group (UCG) that was tasked for coordinating the investigation and remediation of the SolarWinds hack that had a significant impact on federal government networks.

The UCG said the attack was orchestrated by an Advanced Persistent Threat (APT) actor, likely Russian in origin.

According to the security experts, Russia-linked threat actors hacked into the SolarWinds in 2019 used the Sundrop malware to insert the Sunburst backdoor into the supply chain of the SolarWinds Orion monitoring product.

Microsoft, which was hit by the attack, published continuous updates on its investigation, and now released the source code of CodeQL queries, which were used by its experts to identify indicators of compromise (IoCs) associated with Solorigate.

“In this blog, we’ll share our journey in reviewing our codebases, highlighting one specific technique: the use of CodeQL queries to analyze our source code at scale and rule out the presence of the code-level indicators of compromise (IoCs) and coding patterns associated with Solorigate.” reads the blog post published by Microsoft. “We are open sourcing the CodeQL queries that we used in this investigation so that other organizations may perform a similar analysis. Note that the queries we cover in this blog simply serve to home in on source code that shares similarities with the source in the Solorigate implant, either in the syntactic elements (names, literals, etc.) or in functionality.”

Microsoft releases open-source CodeQL queries to assess Solorigate compromise

Tags: CodeQL, Solorigate compromise


Jan 25 2021

Insider Attack on Home Surveillance Systems

Category: Cyber surveillance,Insider ThreatDISC @ 11:23 am


Dec 13 2020

Suspected Russian hackers spied on U.S. Treasury emails

Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury Department and an agency that decides internet and telecommunications policy, according to people familiar with the matter.

Three of the people familiar with the investigation said Russia is currently believed to be behind the attack.

Two of the people said that the breaches are connected to a broad campaign that also involved the recently disclosed hack on FireEye, a major U.S. cybersecurity company with government and commercial contracts.

“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said National Security Council spokesman John Ullyot.

The hack is so serious it led to a National Security Council meeting at the White House on Saturday, said one of the people familiar with the matter.

Source: Suspected Russian hackers spied on U.S. Treasury emails – sources


    Active Exploitation of SolarWinds Software

    Emergency directive: Global governments issue alert after FireEye hack is linked to SolarWinds supply chain attack

    SolarWinds Security Advisory

    Massive suspected Russian hack is 21st century warfare

    The government has known about the vulnerabilities that allowed the SolarWinds attack since the birth of the internet—and chose not to fix them.

    WATCH: Trump refuses to acknowledge that Russia meddled in US elections



RUSSIAN GOVERNMENT HACKING GROUP ‘APT29’ BEHIND CYBER HACK ON US GOVERNMENT
httpv://www.youtube.com/watch?v=FM66FgFk6Ls



U.S. Agencies Hit in Brazen Cyber-Attack by Suspected Russian Hackers
httpv://www.youtube.com/watch?v=vlVGnu7i0tY



#Sandworm: A New Era of #Cyberwar and the Hunt for the #Kremlin’s Most #Dangerous #Hackers Paperback




Tags: APT29, cyber hacking, FireEye, Greenburg, Russian cyber attack, Russian espionage, Russian hackers, Sandworm, U.S. Treasury


Aug 11 2020

WSJ News Exclusive | TikTok Tracked User Data Using Tactic Banned by Google

Category: Cyber surveillance,Information PrivacyDISC @ 3:16 pm

TikTok skirted a privacy safeguard in Google’s Android operating system to collect unique identifiers from millions of mobile devices, data that allows the app to track users online without allowing them to opt out, a Wall Street Journal analysis has found.

The tactic, which experts in mobile-phone security said was concealed through an unusual added layer of encryption, appears to have violated Google policies limiting how apps track people and wasn’t disclosed to TikTok users. TikTok ended the practice in November, the Journal’s testing showed.

The identifiers collected by TikTok, called MAC addresses, are most commonly used for advertising purposes. The White House has said it is worried that users’ data could be obtained by the Chinese government and used to build detailed dossiers on individuals for blackmail or espionage.

Source: WSJ News Exclusive | TikTok Tracked User Data Using Tactic Banned by Google
Cyber Espionage



Download a Security Risk Assessment Steps paper!

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles

Subscribe to DISC InfoSec blog by Email

👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet

 




Tags: data espionage, Tracked data, tracked user data


Jul 28 2020

Rite Aid deployed facial recognition system in hundreds of U.S. stores

Category: Cyber surveillance,Information SecurityDISC @ 1:28 pm

Rite Aid used facial recognition in largely lower-income, non-white neighborhoods. The systems included one from a firm with links to China and its government

Source: Rite Aid deployed facial recognition system in hundreds of U.S. stores



Rite Aid facial recognition rollout faces trouble
httpv://www.youtube.com/watch?v=ltA9fABnee8



Cyber Espionage

Download a Security Risk Assessment Steps paper!

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge

DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles




Tags: cyber espionage, Cyber surveillance, facial recognition