I am delighted to welcome author and journalist Joseph Menn (web / Twitter / Facebook) to Boing Boing as guestblogger. His most recent book, Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet
"The suspected Russian hackers behind the worst U.S. cyber attack in years leveraged reseller access to Microsoft Corp services to penetrate targets that had no compromised network software from SolarWinds," Joseph Menn and Raphael Satter at Reuters report:
— Read the restWhile updates to SolarWinds' Orion software was previously the only known point of entry, security company CrowdStrike Holdings Inc said Thursday hackers had won access to the vendor that sold it Office licenses and used that to try to read CrowdStrike's email.
On Election Day, today, Twitter suspended a handful of relatively new right-wing news accounts for posting false or misleading information about the elections. The accounts suspended by Twitter included FJNewsReporter, Crisis_Intel, Faytuks, and SVNewsAlerts, which had 69,000 followers as of last week. — Read the rest
• Chinese accounts posted material supporting U.S. President Donald Trump, and pro-Left material
Facebook has removed a number of Chinese accounts on the platform that are oddly active in Philippines and U.S. politics, reports Joe Menn at Reuters today.
Facebook says it suspended 155 accounts on its main platform along with six Instagram accounts. — Read the rest
Microsoft says attack on Democratic campaign was thwarted
At least two of the three men charged this week with plotting violence at a Las Vegas anti-racism protest participated in "Boogaloo" groups on Facebook, an FBI criminal complaint says.
Post-Brexit, Google plans to move UK user accounts out of the control of European Union privacy regulators, and will place them under U.S. jurisdiction instead, where privacy protections are weaker, reports Joseph Menn at Reuters.
Once again, the FBI is putting pressure on Apple to help them break into the phone of a mass shooter. And once again, Apple has been largely resistant to the effort. Which is good, because a government having control over a private company that gives them secret backdoor access into people's personal technology devices is an authoritarian wet dream waiting to happen. — Read the rest
At this year's Defcon Lock Picking Village, Ioactive's Mike Davis will present a method for cracking high-security locks made by Dormakaba Holding, a Swiss company. The locks are used in very high-stake applications, from security ATMs to Air Force One, as well as guarding classified and sensitive materials on US military bases.
Back in 1984, a lonely, weird kid calling himself Grandmaster Ratte' formed a hacker group in Lubbock, Texas. called the Cult of the Dead Cow, a name inspired by a nearby slaughterhouse. In the decades to come, cDc would become one of the dominant forces on the BBS scene and then the internet — endlessly inventive, funny and prankish, savvy and clever, and sometimes reckless and foolish — like punk-rock on a floppy disk.
Investigative tech journalist Joseph Menn's (previously) next book is a history of the Cult of the Dead Cow (previously) the legendary hacker/prankster group that is considered to be "America's oldest hacking group."
In secret court proceedings, the U.S. government is trying to force Facebook to help wiretap Messenger. Facebook has declined, so the Justice Department is asking a judge for an order of contempt.
The imminent implementation of the EU's General Data Protection Regulation (GDPR) has been hailed as a victory for global privacy advocates; since the regulation severely limits the collection of data on Europeans — even when they're communicating with non-Europeans — services like Facebook would risk running afoul of the GDPR if they collected data on anyone in a way that violated EU rules, and since the penalties for violating the GDPR are incredibly draconian, the benefits of such surveillance would surely be outweighed by the risk of getting it wrong.
Ex-Yahoo employees have spoken anonymously to Motherboard about the news that Yahoo had built an "email scanner" for a US security agency, likely the FBI or the NSA. These sources — at least one of whom worked on the security team — say that in actuality, the NSA or FBI had secretly installed a "rootkit" on Yahoo's mail servers and that this was discovered by the Yahoo security team (who had not been apprised of it), who, believing the company had been hacked, sounded the alarm, only to have the company executives tell them that the US government had installed the tool.
In 2015, Yahoo CEO Marissa Meyer ordered the company's engineers to build a tool that scanned Yahoo Mail messages in realtime for "characters" of interest to a US security agency, either the FBI or the NSA.
The House Committee on Oversight and Government Reform has asked dozens of agencies in the US government to disclose whether they used switches made by Juniper, the disgraced US network technology giant that had at least two backdoors inserted into the software for one of its most popular product-lines.
In the month since network security giant Juniper Networks was forced to admit that its products had NSA-linked backdoors, the company's tried a lot of different strategies: minimizing assurances, apologies, firmware updates — everything, that is, except for removing th Dual_EC random number generator that is widely understood to have been compromised by the NSA.
Mostly lost in the past week's media gossip around NYT executive editor Jill Abramson's ouster, and Dean Baquet's promotion to her role: Baquet is the former LA Times editor who killed the biggest NSA leak pre-Edward Snowden. — Read the rest
"As a key part of a campaign to embed encryption software that it could crack into widely used computer products, the U.S. National Security Agency arranged a secret $10 million contract with RSA, one of the most influential firms in the computer security industry," reports Joseph Menn at Reuters in an exclusive today:
— Read the restDocuments leaked by former NSA contractor Edward Snowden show that the NSA created and promulgated a flawed formula for generating random numbers to create a "back door" in encryption products, the New York Times reported in September.
Dancho Danchev reports an incident in which a friend pinged him at an odd hour on Skype "with a message pointing to what appeared to be a photo site with the message 'hahahahaha foto' and a link to hxxp://random_subdomain.photalbum.org." Yup, malware. — Read the rest
