Author Archives: Patrick Howell O'Neill

ISS World: The traveling spyware roadshow for dictatorships and democracies

Posted on by

At 3:15 a.m. on Thursday, March 20, masked men rushed into Ahmed Mansoor’s family home and took him into custody. An internationally-renowned human rights activist from the United Arab Emirates, Mansoor and his family were left without explanation as to why he was being taken away. However, they are accustomed to this type of situation. Mansoor has been a constant target of government pressure for a decade, including being jailed for eight months in 2011 for “insulting officials.” The pressure often takes the form of an endless stream of cyberattacks and surveillance. The March incident was no different, as police confiscated all of his electronic devices, many of which have been the target of repeated government-sponsored hacking. Mansoor’s unparalleled history of being hacked has led observers to label him the most spied upon man in the world. “They’re really, really trying to get this guy as much as they can,” Citizen Lab researcher Bill Marczak […]

The post ISS World: The traveling spyware roadshow for dictatorships and democracies appeared first on Cyberscoop.

Continue reading ISS World: The traveling spyware roadshow for dictatorships and democracies

After a long fight, Raytheon wins $1 billion cybersecurity contract with Homeland Security

Posted on by

Finally ending a long battle over a major contract, Raytheon won — again — a $1 billion, five-year cybersecurity contract from the U.S. Department of Homeland Security for a project called DOMino, short for Development, Operations and Maintenance. The contract was first awarded in 2015 but was quickly protested by Northrup Grumman. After another protest in 2016 alleged flawed evaluations and conflicts of interest because Raytheon hired a former DHS official, this latest award, made June 9, represents a significant win for Raytheon’s cyber business. The Massachusetts-based company, long one of the world’s largest military contractors, will be “the prime contractor and systems integrator” to defend the .gov domain in support of DHS’s National Protection and Programs Directorate, a company press release explained Monday. The project tasks them with defending more than 100 federal government departments and agencies as part of DHS’s next generation National Cybersecurity Protection System (NCPS). NCPS is known operationally as EINSTEIN, a DHS tool […]

The post After a long fight, Raytheon wins $1 billion cybersecurity contract with Homeland Security appeared first on Cyberscoop.

Continue reading After a long fight, Raytheon wins $1 billion cybersecurity contract with Homeland Security

United Nations backs blockchain-powered permanent identity tool for refugees

Posted on by

A U.N.-backed project built by Accenture and Microsoft aims to provide a permanent digital ID to 1.1 billion people around the globe who have no official identity, including many of the world’s refugees. The project, ID2020, on Monday unveiled a new blockchain-supported network designed to build a permanent and legal identity using biometric data on a person’s phone. Lacking access to identity excludes people from voting, health care, banking, housing and a wide range of modern rights. The new tool was unveiled at U.N. headquarters in New York on Monday during the second ID2020 summit, a “ID2020 is a public-private partnership dedicated to solving the challenges of identity” for individuals including the world’s 22 million refugees. The blockchain is a reliable, decentralized database that was first used publicly to track the bitcoin cryptocurrency. The method — also known as distributed ledger technology — is increasingly being explored to securely track data outside of currency. […]

The post United Nations backs blockchain-powered permanent identity tool for refugees appeared first on Cyberscoop.

Continue reading United Nations backs blockchain-powered permanent identity tool for refugees

After 2016 election hacking, Illinois politicians pose cybersecurity questions to local officials

Posted on by

Nearly a year after Illinois election boards were targeted in a monthlong cyberattack, U.S. Sen. Dick Durbin and state Sen. Michael E. Hastings want the state’s local election authorities to assess the state’s election-system cybersecurity. The two Democrats are asking questions about what might have been hacked and how local election officials responded. The letter not only dives into the specifics of Illinois cybersecurity but also asks how federal and state agencies can assist in protecting the election system at all levels. The inquiry comes as the the Senate Intelligence Committee will hold an open hearing June 21 to examine U.S. election security for the 2018 and 2020 elections and to assess Russian interference in the 2016 U.S. elections. Experts from the DHS, FBI, Illinois State Board of Elections, the National Association of State Election Directors and election cybersecurity expert J. Alex Halderman will testify. Last year, the personal information of as many as 90,000 voters […]

The post After 2016 election hacking, Illinois politicians pose cybersecurity questions to local officials appeared first on Cyberscoop.

Continue reading After 2016 election hacking, Illinois politicians pose cybersecurity questions to local officials

Report: Malware campaign targeted Palestinian elections

Posted on by

A new malware campaign dubbed Kasperagent was deployed during recent Palestinian Authority elections, according to a report from ThreatConnect. The perpetrator and exact targets remain unclear. Tactics included malware-laced fake news websites and spearphishing messages with content on political tensions and alleged Israeli assassination in Gaza as well as attack infrastructure with Gaza registrants. “We don’t know for sure who is responsible for this campaign,” the researchers wrote, “but digging into the passive DNS results led us to some breadcrumbs” from the command and control infrastructure running the operation. Discovered in 2016 by Palo Alto Networks, Kasperagent aims at Microsoft Windows systems and has been used on targets in the United States, Israel, Palestinian Territories and Egypt. This latest campaign represents a new variant of the malware that’s been used across the Middle East. The new campaign coincides with and exploits rising political tension in Gaza and the West Bank during the run-up to […]

The post Report: Malware campaign targeted Palestinian elections appeared first on Cyberscoop.

Continue reading Report: Malware campaign targeted Palestinian elections

70 percent of U.S. Cyber Command force teams now ‘fully operational’

Posted on by

Eight months after all 133 of U.S. Cyber Command’s Cyber Mission Force teams reached initial operating capability, 70 percent of the force’s teams are “fully operational capable,”Joint Chiefs of Staff Gen. Joseph Dunford testified on Tuesday before the House Armed Services Committee. “They’ve had all the manning, they have all the training, they’re fully operational capable,” Dunford said. “But I think none of us are complacent with where we are in cyberspace given the number of threats we face every day. We need to defend the network, develop effective offensive tools and be in a position to grow the force.” The Cyber Mission Force teams are tasked with defending Defense Department networks (68 teams), supporting military objectives (27 teams), providing analytic support to combat missions (25 teams) and defending U.S. critical infrastructure (13 teams). Cyber command was first stood up in 2009, yet the mission force teams were first added in 2015. Dunford […]

The post 70 percent of U.S. Cyber Command force teams now ‘fully operational’ appeared first on Cyberscoop.

Continue reading 70 percent of U.S. Cyber Command force teams now ‘fully operational’

Microsoft patches Windows XP due to ‘heightened risk’ of nation-state activity

Posted on by

Microsoft took the highly unusual step Tuesday of releasing new Windows XP patches because of a “heightened risk” of nation-state activity and “attacks with characteristics similar to WannaCrypt. ” According to a company statement, the same treatment is being afforded Windows Server 2003, another unsupported but widely used operating system dangerously vulnerable to attack. “In reviewing the updates for this month, some vulnerabilities were identified that pose elevated risk of cyber attacks by government organizations, sometimes referred to as nation-state actors or other copycat organizations,” Adrienne Hall, a general manager at Microsoft’s security response center, wrote in a blog post. “To address this risk, today we are providing additional security updates along with our regular Update Tuesday service. These security updates are being made available to all customers, including those using older versions of Windows.” Windows XP and Server 2003 users have to manually download the new patches. The WannaCry ransomware outbreak impacted […]

The post Microsoft patches Windows XP due to ‘heightened risk’ of nation-state activity appeared first on Cyberscoop.

Continue reading Microsoft patches Windows XP due to ‘heightened risk’ of nation-state activity

DHS identifies North Korean hacking infrastructure used by Lazarus Group

Posted on by

Anticipating that North Korea will continue to use the Lazarus Group to advance the dictatorship’s military and strategic objectives, U.S. authorities issued a report Tuesday identifying new details on the tools and infrastructure used by North Korea’s digital army. The technical alert, produced by the Department of Homeland Security’s Computer Emergency and Response Team and the Federal Bureau of Investigation, identified with “high confidence” IP addresses and malware called DeltaCharlie that the hacking group allegedly uses to manage its botnet infrastructure. The report includes numerous indicators of compromise meant to aid defenders targeted by the group. Lazarus, which the new report refers to as HIDDEN COBRA, has been implicated in a series of multibillion-dollar bank thefts across 18 countries as well as attacks against “media, aerospace, financial, and critical infrastructure sectors in the United States and globally.” “Tools and capabilities used by HIDDEN COBRA actors include DDoS botnets, keyloggers, remote access tools […]

The post DHS identifies North Korean hacking infrastructure used by Lazarus Group appeared first on Cyberscoop.

Continue reading DHS identifies North Korean hacking infrastructure used by Lazarus Group

Israeli hacking company NSO Group is on sale for more than $1 billion

Posted on by

The Israeli hacking company NSO Group has been put up for sale for a price of more than $1 billion, according to multiple people familiar with the matter. The U.S.-based private equity firm Francisco Partners Management, which owns NSO Group, is looking to bring in around 10 times the $120 million it paid for a majority stake in the company in 2014. The group grew from around 50 employees when it was acquired to nearly 10 times that size, including more than 200 engineers dedicated to the hacking products that bring in the company’s rising profits. NSO, which is known for selling cutting-edge offensive hacking technology to governments around the world, traces its roots and to the Israeli military’s world-renowned signals intelligence unit known as Unit 8200. The Israeli business publication Calcalist reported that NSO Group was being shopped around last month. CyberScoop independently spoke with numerous NSO business associates who confirmed that report. NSO Group and Francisco Partners both […]

The post Israeli hacking company NSO Group is on sale for more than $1 billion appeared first on Cyberscoop.

Continue reading Israeli hacking company NSO Group is on sale for more than $1 billion

Al Jazeera comes under cyberattack as Persian Gulf crisis escalates

Posted on by

Al Jazeera Media Network, the state-funded broadcaster partly owned by Qatar’s ruling family, is “undergoing systematic and continual hacking attempts,” the company announced on Thursday. “These attempts are gaining intensity and taking various forms.” There has been no compromise of any Al Jazeera systems, according to a statement on the news organization’s website. The cyberattacks against Al Jazeera closely follow a rash of political hacks across Persian Gulf states that triggered a diplomatic crisis over alleged Qatari connections to radical and terrorist networks. CyberScoop has reached out to Al Jazeera and will update this story when we receive a response. In the last two weeks, a Qatari media outlet was hacked apparently to plant fake quotes from Emir Sheikh Tamim, emails were leaked from the United Arab Emirates ambassador to the United States and the Twitter account of Bahrain’s Foreign Minister was hacked to post pro-militant propaganda. The connection between all the events remains […]

The post Al Jazeera comes under cyberattack as Persian Gulf crisis escalates appeared first on Cyberscoop.

Continue reading Al Jazeera comes under cyberattack as Persian Gulf crisis escalates