“Anti-intellectualism has been a constant thread winding its way through our political and cultural life, nurtured by the false notion that democracy means that 'my ignorance is just as good as your knowledge.'” — Isaac Asimov
Remember Mirai, that botnet that took down swaths of the internet for millions of users one recent Friday afternoon? We were so innocent then! A variant returned this week, taking out over 900,000 routers belonging customers of German ISP Deutsche Telekom. Get used to this.
Elsewhere, Jill Stein’s recount parade continued, with filings in Wisconsin, Michigan, and Pennsylvania. Stein has cited potential hacking or interference as a motivation for quest, despite an absence of evidence. Speaking of evidence, lawyers for Silk Road founder Ross Ulbricht say they’ve found indications that one of the law enforcement officials in the case may have tampered with evdience. The revelation, even if it proves true, is unlikely to affect Ulbricht’s appeal.
In other law enforcement news, a team that spanned 30 countries took down Avalanche, a gigantic malware infrastructure system, after a four-year investigation. Avalanche’s fall is a big deal; it involved 800,000 domains, and had impacted victims in 180 countries. Lastly, we took a look at “perfect forward secrecy,” a method of encryption that keeps all of your messages safe, be they past, present, or future.
And there’s more. Each Saturday we round up the news st`ories that we didn’t break or cover in depth but that still deserve your attention. As always, click on the headlines to read the full story in each link posted. And stay safe out there.
Meanwhile, some US commentators on cybersecurity issues have suggested that these attacks are not a surprise but appear to be a new spin on an old strategy
It could have been a cold war drama. The world watched this week as accusations and counter-accusations were thrown by the American and Russian governments about documents stolen during a hack of the Democratic National Committee and the email account of Hillary Clinton’s campaign chair John Podesta.
The notion that public figures have any right to privacy appears to have been lost in the furore surrounding the story, stolen correspondence being bandied around in attempts to influence the outcome of one of the nastiest, most vitriolic US presidential campaigns in history.
Some have argued that as secretary of state, Hillary Clinton’s emails were fair game for hacking because had they not been held on a private server, they would have been subject to freedom of information requests and available to the general public.
There may be some truth to that, but it doesn’t change the fact that correspondence between public figures has allegedly been hacked by those acting under the direction of a foreign government and released for everyone to peruse, with little opportunity for the authors to offer context or even confirm that the contents of the leaks are accurate.
The hacks have created a dilemma for American voters, according to Rob Guidry, CEO of social media analytics company Sc2 and a former special adviser to US Central Command. He says voters seem to want the information that has been leaked by the hackers but don’t feel entirely comfortable with the hacks that have brought the information to light.
• ‘Fancy Bear’ accessed confidential medical data including TUEs • Serena Williams, Simone Biles, Elena Delle Donne targeted by group
Venus Williams, Simon Biles and Serena Williams were among the athletes targeted by the Russian cyber espionage group. Composite: Getty/AFP
The World Anti-Doping Agency on Tuesday night condemned the hacking of a confidential database by a Russian cyber-espionage group which leaked the personal files of several top American athletes, including the tennis stars Serena and Venus Williams and the gymnast Simone Biles, and promised that it would soon publish “sensational proof” of famous athletes taking doping substances.
Documents published on the Fancy Bear website appeared to show that Serena Williams had taken the restricted drugs prednisone, prednisolone, methylprednisone, hydromorphone and oxycodone between 2010 and 2015, while her sister Venus had taken prednisone, prednisolone, triamcinolone and formoterol. Biles, meanwhile, was given methylphenidate for attention-deficit disorder. In all cases, however, Wada confirmed that the athletes had committed no offence because they had been granted therapeutic use exemptions (TUEs) by the relevant international sports federations and national anti-doping organisations.
The International Olympic Committee said it “strongly condemned” the cyber attack which it said was “clearly aimed at tarnishing the reputation of clean athletes” and confirmed the athletes mentioned had not violated any anti-doping rules during the Rio Olympics.
Venus Williams said she was “disappointed” that her medical data has been “compromised by hackers and published without … permission”. She said in a statement: “I have followed the rules established under the Tennis Anti-Doping Program in applying for, and being granted, ‘therapeutic use exemptions’. The applications for TUEs under the Tennis Anti-Doping Program require a strict process of approval which I have adhered to when serious medical conditions have occurred.” The 36-year-old added she was “one of the strongest supporters of maintaining the highest level of integrity in competitive sport”.
The final round of DARPA’s Cyber Grand Challenge pits computers against one another as human programmers watch the future of cybersecurity unfold
At a live event August 4 in Las Vegas at the annual Def Con hacker conference, seven Cyber Grand Challenge finalists are preprogramming their computers to play a digital version of “capture the flag.” Credit: Courtesy of Getty Images/iStockphoto Thinkstock Images \ Memitina
A dozen years ago the Defense Advanced Research Projects Agency (DARPA) held its first “grand challenge”—to see if autonomous automobiles could cross a 240-kilometer stretch of the Mojave Desert on their own. Mechanical problems and mishaps ended the race before any of the competitors had gone more than 12 kilometers. DARPA, the U.S. Department of Defense’s research arm, is looking for a better outcome Thursday in its inaugural Cyber Grand Challenge, where seven autonomous computers battle one another in what the agency claims is the “world’s first all-machine hacking tournament.”
DARPA announced the competition a couple of years ago, challenging computer programmers to create machines that could find and fix flaws in their software without human intervention. At a live event Thursday evening in Las Vegas at the annual Def Con hacker conference, seven Cyber Grand Challenge finalists are preprogramming their computers to play a digital version of “capture the flag.” The key to victory and the $2 million prize is to successfully defend one’s digital “flags”—bits of data written into programs running on the computers—from other teams’ cyber attacks while at the same time attacking competitors’ computers to find their flags.
But what should that response be? Below are six different paths the United States could take to answer the data breach. The choice will depend on many factors—the evidence supporting Russian involvement, the state of U.S.–Russian relations, the challenge of avoiding the appearance of using the tools of government to assist the Democratic candidate. Whatever the United States does or does not do will set an important precedent worldwide.
1) Public denouncement
Because of the difficulty of attribution in network-based attacks, officially denouncing the perpetrator of an attack is a surprisingly rare move for a government. The Obama administration set a precedent by publicly naming North Korea after the December 2014 hack on Sony, which caused the company to pull The Interviewfrom theaters a day before its premiere. After the FBI blamed North Korea, citing issues of sovereignty and freedom of speech, experts argued about whether the government had the capacity to unequivocally attribute the attack. But later disclosures suggest the U.S. had penetrated North Korean networks thoroughly enough to have clear proof.
The DNC case will prove different; despite mountingevidence, there is not irrefutable proof of Russian involvement in the hack, and there is not likely to be. Russia’s networks are almost certainly harder to penetrate and monitor than North Korea’s, and if NSA did have that kind of access, it would be reluctant to share evidence that would reveal active sources and methods. Nonetheless, the stakes involved may warrant denouncing the Russians on the basis of something less than absolutely definitive proof.
When Edward Snowden met with reporters in a Hong Kong hotel room to spill the NSA’s secrets, he famously asked them put their phones in the fridge to block any radio signals that might be used to silently activate the devices’ microphones or cameras. So it’s fitting that three years later, he’s returned to that smartphone radio surveillance problem. Now Snowden’s attempting to build a solution that’s far more compact than a hotel mini-bar.
On Thursday at the MIT Media Lab, Snowden and well-known hardware hacker Andrew “Bunnie” Huang plan to present designs for a case-like device that wires into your iPhone’s guts to monitor the electrical signals sent to its internal antennas. The aim of that add-on, Huang and Snowden say, is to offer a constant check on whether your phone’s radios are transmitting. They say it’s an infinitely more trustworthy method of knowing your phone’s radios are off than “airplane mode,” which people have shown can be hacked and spoofed. Snowden and Huang are hoping to offer strong privacy guarantees to smartphone owners who need to shield their phones from government-funded adversaries with advanced hacking and surveillance capabilities—particularly reporters trying to carry their devices into hostile foreign countries without constantly revealing their locations.
In 2013, Edward Snowden leaked tens of thousands of classified documents, including information about a top secret NSA unit called TAO, or Tailored Access Operations. Ben Makuch speaks with a German national security reporter to learn more about this covert operation.